Chosen-ciphertext secure anonymous conditional proxy re-encryption with keyword search

Weng et al. introduced the notion of conditional proxy re-encryption (or C-PRE, for short), whereby only the ciphertext satisfying one condition set by the delegator can be transformed by the proxy and then decrypted by delegatee. Nonetheless, they left an open problem on how to construct CCA-secure C-PRE schemes with anonymity. Fang et al. answered this question by presenting a construction of anonymous conditional proxy re-encryption (C-PRE) scheme without requiring random oracle. Nevertheless, Fang et al.'s scheme only satisfies the RCCA-security (which is a weaker variant of CCA-security assuming a harmless mauling of the challenge ciphertext is tolerated). Hence, it remains an open problem whether CCA-secure C-PRE schemes that satisfy both anonymity and full CCA-security can really be realized. Shao et al. introduced a new cryptographic primitive, called proxy re-encryption with keyword search (PRES), which is a combination of PRE and public key encryption with keyword search (PEKS), and they left an open problem on how to design an efficient unidirectional PRES scheme. In this paper, we answer the above open problems by proposing a new cryptographic primitive called conditional proxy re-encryption with keyword search (C-PRES), which combines C-PRE and PEKS. We note that there are subtleties in combining these two notions to achieve a secure scheme, and hence, the combination is not trivial. We propose a definition of security against chosen ciphertext attacks for C-PRES schemes with keyword anonymity, and thereafter present a scheme that satisfies the definition. The performance of our scheme outperforms Weng et al.'s construction, which has been regarded as the most efficient C-PRE scheme to date. (C) 2012 Elsevier B.V. All rights reserved.