A ciphertext-policy attribute-based proxy re-encryption scheme for data sharing in public clouds

Ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) extends the traditional Proxy Re-Encryption (PRE) by allowing a semi-trusted proxy to transform a ciphertext under an access policy to another ciphertext with the same plaintext under a new access policy (i.e., attribute-based re-encryption). The proxy, however, learns nothing about the underlying plaintext. CP-ABPRE has many real world applications, such as fine-grained access control in cloud storage systems and medical records sharing among different hospitals. All the existing CP-ABPRE schemes are leaving chosen-ciphertext attack (CCA) security as an interesting open problem. This paper, for the first time, proposes a new CP-ABPRE scheme to tackle the problem. The new scheme supports attribute-based re-encryption with any monotonic access structures. Despite being constructed in the random oracle model, our scheme can be proven CCA secure under the decisional q-parallel bilinear Diffie-Hellman exponent assumption.