Skip to Main Content
In 1998, Blaze, Bleumer, and Strauss proposed a kind of cryptographic primitive called proxy re-encryption. In proxy re-encryption, a proxy can transform a ciphertext computed under Alice's public key into one that can be opened under Bob's decryption key. In 2007, Matsuo proposed a new type of re-encryption scheme which can re-encrypt the ciphertext in the certificate based encryption (CBE) setting to one that can be decrypted in identity based setting (IBE). Now this scheme is being standardized by IEEEP1363.3 working group. In this paper, we further extend their research. One feature of their scheme is that it inherits the key escrow problem from IBE, that is, KGC can decrypt every re-encrypted ciphertext for IBE users.We ask question like this: can the malicious KGC not decrypt the re-encryption ciphertext? Surprisingly, the answer is affirmative. We construct such a scheme and prove its security in the standard model. So we give the conclusion that key escrow problem is not unavoidable in re-encryption from CBE to IBE.