The search functionality is under construction.

The search functionality is under construction.

Homomorphic encryption (HE) is useful to analyze encrypted data without decrypting it. However, by using ordinary HE, a user who can decrypt a ciphertext that is generated by executing homomorphic operations, can also decrypt ciphertexts on which homomorphic evaluations have not been performed, since homomorphic operations cannot be executed among ciphertexts which are encrypted under different public keys. To resolve the above problem, we introduce a new cryptographic primitive called Homomorphic Proxy Re-Encryption (HPRE) combining the “key-switching” property of Proxy Re-Encryption (PRE) and the homomorphic property of HE. In our HPRE, original ciphertexts (which have not been re-encrypted) guarantee CCA2 security (and in particular satisfy non-malleability). On the other hand, re-encrypted ciphertexts only guarantee CPA security, so that homomorphic operations can be performed on them. We define the functional/security requirements of HPRE, and then propose a specific construction supporting the group operation (over the target group in bilinear groups) based on the PRE scheme by Libert and Vergnaud (PKC 2008) and the CCA secure public key encryption scheme by Lai et al. (CT-RSA 2010), and prove its security in the standard model. Additionally, we show two extensions of our HPRE scheme for the group operation: an HPRE scheme for *addition* and an HPRE scheme for *degree-2 polynomials* (in which the number of degree-2 terms is constant), by using the technique of the recent work by Catalano and Fiore (ACMCCS 2015).

- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E102-A No.1 pp.81-98

- Publication Date
- 2019/01/01

- Publicized

- Online ISSN
- 1745-1337

- DOI
- 10.1587/transfun.E102.A.81

- Type of Manuscript
- Special Section PAPER (Special Section on Cryptography and Information Security)

- Category

Yutaka KAWAI

Mitsubishi Electric

Takahiro MATSUDA

National Institute of Advanced Industrial Science and Technology (AIST)

Takato HIRANO

Mitsubishi Electric

Yoshihiro KOSEKI

Mitsubishi Electric

Goichiro HANAOKA

National Institute of Advanced Industrial Science and Technology (AIST)

The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.

Copy

Yutaka KAWAI, Takahiro MATSUDA, Takato HIRANO, Yoshihiro KOSEKI, Goichiro HANAOKA, "Proxy Re-Encryption That Supports Homomorphic Operations for Re-Encrypted Ciphertexts" in IEICE TRANSACTIONS on Fundamentals,
vol. E102-A, no. 1, pp. 81-98, January 2019, doi: 10.1587/transfun.E102.A.81.

Abstract: Homomorphic encryption (HE) is useful to analyze encrypted data without decrypting it. However, by using ordinary HE, a user who can decrypt a ciphertext that is generated by executing homomorphic operations, can also decrypt ciphertexts on which homomorphic evaluations have not been performed, since homomorphic operations cannot be executed among ciphertexts which are encrypted under different public keys. To resolve the above problem, we introduce a new cryptographic primitive called Homomorphic Proxy Re-Encryption (HPRE) combining the “key-switching” property of Proxy Re-Encryption (PRE) and the homomorphic property of HE. In our HPRE, original ciphertexts (which have not been re-encrypted) guarantee CCA2 security (and in particular satisfy non-malleability). On the other hand, re-encrypted ciphertexts only guarantee CPA security, so that homomorphic operations can be performed on them. We define the functional/security requirements of HPRE, and then propose a specific construction supporting the group operation (over the target group in bilinear groups) based on the PRE scheme by Libert and Vergnaud (PKC 2008) and the CCA secure public key encryption scheme by Lai et al. (CT-RSA 2010), and prove its security in the standard model. Additionally, we show two extensions of our HPRE scheme for the group operation: an HPRE scheme for *addition* and an HPRE scheme for *degree-2 polynomials* (in which the number of degree-2 terms is constant), by using the technique of the recent work by Catalano and Fiore (ACMCCS 2015).

URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E102.A.81/_p

Copy

@ARTICLE{e102-a_1_81,

author={Yutaka KAWAI, Takahiro MATSUDA, Takato HIRANO, Yoshihiro KOSEKI, Goichiro HANAOKA, },

journal={IEICE TRANSACTIONS on Fundamentals},

title={Proxy Re-Encryption That Supports Homomorphic Operations for Re-Encrypted Ciphertexts},

year={2019},

volume={E102-A},

number={1},

pages={81-98},

abstract={Homomorphic encryption (HE) is useful to analyze encrypted data without decrypting it. However, by using ordinary HE, a user who can decrypt a ciphertext that is generated by executing homomorphic operations, can also decrypt ciphertexts on which homomorphic evaluations have not been performed, since homomorphic operations cannot be executed among ciphertexts which are encrypted under different public keys. To resolve the above problem, we introduce a new cryptographic primitive called Homomorphic Proxy Re-Encryption (HPRE) combining the “key-switching” property of Proxy Re-Encryption (PRE) and the homomorphic property of HE. In our HPRE, original ciphertexts (which have not been re-encrypted) guarantee CCA2 security (and in particular satisfy non-malleability). On the other hand, re-encrypted ciphertexts only guarantee CPA security, so that homomorphic operations can be performed on them. We define the functional/security requirements of HPRE, and then propose a specific construction supporting the group operation (over the target group in bilinear groups) based on the PRE scheme by Libert and Vergnaud (PKC 2008) and the CCA secure public key encryption scheme by Lai et al. (CT-RSA 2010), and prove its security in the standard model. Additionally, we show two extensions of our HPRE scheme for the group operation: an HPRE scheme for *addition* and an HPRE scheme for *degree-2 polynomials* (in which the number of degree-2 terms is constant), by using the technique of the recent work by Catalano and Fiore (ACMCCS 2015).},

keywords={},

doi={10.1587/transfun.E102.A.81},

ISSN={1745-1337},

month={January},}

Copy

TY - JOUR

TI - Proxy Re-Encryption That Supports Homomorphic Operations for Re-Encrypted Ciphertexts

T2 - IEICE TRANSACTIONS on Fundamentals

SP - 81

EP - 98

AU - Yutaka KAWAI

AU - Takahiro MATSUDA

AU - Takato HIRANO

AU - Yoshihiro KOSEKI

AU - Goichiro HANAOKA

PY - 2019

DO - 10.1587/transfun.E102.A.81

JO - IEICE TRANSACTIONS on Fundamentals

SN - 1745-1337

VL - E102-A

IS - 1

JA - IEICE TRANSACTIONS on Fundamentals

Y1 - January 2019

AB - Homomorphic encryption (HE) is useful to analyze encrypted data without decrypting it. However, by using ordinary HE, a user who can decrypt a ciphertext that is generated by executing homomorphic operations, can also decrypt ciphertexts on which homomorphic evaluations have not been performed, since homomorphic operations cannot be executed among ciphertexts which are encrypted under different public keys. To resolve the above problem, we introduce a new cryptographic primitive called Homomorphic Proxy Re-Encryption (HPRE) combining the “key-switching” property of Proxy Re-Encryption (PRE) and the homomorphic property of HE. In our HPRE, original ciphertexts (which have not been re-encrypted) guarantee CCA2 security (and in particular satisfy non-malleability). On the other hand, re-encrypted ciphertexts only guarantee CPA security, so that homomorphic operations can be performed on them. We define the functional/security requirements of HPRE, and then propose a specific construction supporting the group operation (over the target group in bilinear groups) based on the PRE scheme by Libert and Vergnaud (PKC 2008) and the CCA secure public key encryption scheme by Lai et al. (CT-RSA 2010), and prove its security in the standard model. Additionally, we show two extensions of our HPRE scheme for the group operation: an HPRE scheme for *addition* and an HPRE scheme for *degree-2 polynomials* (in which the number of degree-2 terms is constant), by using the technique of the recent work by Catalano and Fiore (ACMCCS 2015).

ER -