查看文章

In a proxy re-encryption (PRE) system [4], a proxy, authorized by Alice, can convert a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. PRE has found many practical applications requiring delegation. However, it is inadequate to handle scenarios where a fine-grained delegation is demanded. To overcome the limitation of existing PRE systems, we introduce the notion of conditional proxy re-encryption (C-PRE), whereby only ci-phertext satisfying a specific condition set by Alice can be transformed by the proxy and then decrypted by Bob. We formalize its security model and propose an efficient C-PRE scheme, whose chosen-ciphertext security is proven under the 3-quotient bilinear Diffie-Hellman assumption. We further extend the construction to allow multiple conditions with a slightly higher overhead.