A Timed-Release Proxy Re-Encryption Scheme

Timed-Release Encryption (TRE) is a kind of time-dependent encryption, where the time of decryption can be controlled. More precisely, TRE prevents even a legitimate recipient decrypting a ciphertext before a semi-trusted Time Server (TS) sends trapdoor S-T assigned with a release time T of the encryptor's choice. Cathalo et al. (ICICS2005) and Chalkias et al. (ESORICS2007) have already considered encrypting a message intended for multiple recipients with the same release time. One drawback of these schemes is the ciphertext size and computational complexity, which depend on the number of recipients N. Ideally, it is desirable that any factor (ciphertext size, computational complexity of encryption/decryption, and public/secret key size) does not depend on N. In this paper, to achieve TRE with such fully constant costs from the encryptor's/decryptor's point of view, by borrowing the technique of Proxy Re-Encryption (PRE), we propose a cryptosystem in which even if the proxy transformation is applied to a TRE ciphertext, the release time is still effective. By sending a TRE ciphertext to the proxy, an encryptor can foist N-dependent computation costs on the proxy. We call this cryptosystem Timed-Release PRE (TR-PRE). This function can be applied to efficient multicast communication with a release time indication.