Various Proxy Re-Encryption Schemes from Lattices

Proxy re-encryption (PRE) was introduced by Blaze, Bleumer and Strauss [Eurocrypt ’98]. Basically, PRE allows a semi-trusted proxy to transform a ciphertext encrypted under one key into an encryption of the same plaintext under another key, without revealing the underlying plaintext. Since then, many interesting applications have been explored, and many constructions in various settings have been proposed. In 2007, Cannetti and Honhenberger [CCS ’07] defined a stronger notion – CCA-security and construct a bi-directional PRE scheme. Later on, several work considered CCA-secure PRE based on bilinear group assumptions. Very recently, Kirshanova [PKC ’14] proposed the first single-hop CCA-secure PRE scheme based on learning with errors (LWE) assumption. In this work, we first point out a subtle but serious mistake in the security proof of the work by Kirshanova. This reopens the direction of lattice-based CCA-secure constructions, even in the single-hop setting. Then we propose a new LWE-based single-hop CCA-secure PRE scheme. Finally, we extend the construction to support multi-hop re-encryptions for different levels of security under different settings.