Efficient and fully CCA secure conditional proxy re-encryption from hierarchical identity-based encryption

A Proxy Re-Encryption (PRE) allows a data owner to delegate the decryption rights of some encrypted data stored on the cloud without revealing the data to an honest-but-curious cloud service provider (i.e. the PRE proxy). Furthermore, the data owner can offload most of the computational operations to the cloud service provider and hence, using PRE for encrypted cloud data sharing can be very effective even for data owners using limited resource devices (e.g. mobile devices). However, PRE schemes only enables data owners to delegate the decryption rights of all their encrypted data. A more practical notion is a Conditional PRE (CPRE) that allows us to specify under what condition the decryption of an encrypted data can be delegated, for example, only sharing all the encrypted files under a directory called \public". In this paper, we provide an affirrmative result on the long-standing question of building a full CCA-secure CPRE system in the standard model and for the first time, we show that a class of Hierarchical Identity-Based Encryption (HIBE) schemes can be transferred to building a CCA-secure CPRE in the standard model. We also list out some concrete HIBE schemes which fall into this class, e.g., Lewko-Waters HIBE. All existing CCA-secure PRE schemes in the standard model are not conditional while all existing CPRE schemes are either not CCA-secure or not in the standard model. By instantiating our generic HIBE-based transformation, we show that an effcient and concrete CPRE scheme which is both CCA secure in the standard model and conditional can be built.