In a proxy re-encryption (PRE) scheme [4], a proxy, authorized by Alice, transforms messages encrypted under Alice's public key into encryptions under Bob's public key without knowing the messages. Proxy re-encryption can be used applications requiring delegation, such as delegated email processing. However, it is inadequate to handle scenarios where a fine-grained delegation is demanded. For example, Bob is only allowed Alice's encrypted emails containing a specific keyword. To overcome the limitation of existing PRE, we introduce the notion of conditional proxy re-encryption (or C-PRE), whereby only ciphertext satisfying one condition set by Alice can be transformed by the proxy and then decrypted by Bob. We formalize its security model and propose an efficient C-PRE scheme, whose chosen-ciphertext security is proven under the 3-quotient bilinear Diffie-Hellman assumption. We further extend the construction to allow multiple conditions with a slightly higher overhead....
Jian Weng, Robert H. Deng, Xuhua Ding, Cheng-Kang