Identity-based proxy re-encryption version 2: Making mobile access easy in cloud

Proxy re-encryption (PRE) enables an authorized proxy to convert a ciphertext under Alice’s public key into a ciphertext under Bob’s public key without exposing the encrypted message. In existing PRE systems, the original ciphertexts and the re-encrypted ones are both required to be in the same cryptosystem, which limits their applications in cloud computing systems. In this paper, we propose a new proxy re-encryption pattern, referred to as an identity-based proxy re-encryption version 2 (IBPRE2). It allows an authorized proxy to convert a ciphertext of an identity-based broadcast encryption (IBBE) scheme into a ciphertext of an identity-based encryption (IBE) scheme. With IBPRE2, one can take advantage of IBBE to securely share data with a set of recipients, and then incorporate an additional one into the authorized set through the re-encryption mechanism, without decrypting the IBBE ciphertext nor leaking any sensitive information. We formalize the security requirements in IBPRE2 and propose a provably CCA-secure scheme. The unique feature of ciphertext transformation from a complicated cryptosystem to a simple one makes our IBPRE2 a versatile cryptographic tool to secure outsourced data in cloud computing.