Outsourcing the Re-encryption Key Generation: Flexible Ciphertext-Policy Attribute-Based Proxy Re-encryption

In this paper, we introduce a new proxy re-encryption (PRE) in that the re-encryption key generation can be outsourced, in attribute-based encryption. We call this new notion flexible ciphertext-policy attribute-based proxy re-encryption (flexible CP-AB-PRE). In ordinary PRE scheme, re-encryption keys are generated by using user's decryption key and an access structure. So, whenever the access structure is changed, a PRE user has to generate new different re-encryption keys. In order to overcome this disadvantage of the ordinary PRE, the reencryption key generation of the proposed scheme is divided into the following two steps. First, a user generates universal re-encryption key urkS which indicates delegator's attributes set S. Second, an authority who has re-encryption secret key rsk generates ordinary re-encryption key rk(S) -> M' by using urkS, rsk, and an access structure M'. The user has only to generate single urk(S) for all re-encryption keys. By this "outsourcing", the task of re-encryption key generation for a user is reduced only to generate one urkS. Furthermore, supposing a Private Key Generator (PKG) generates urk simultaneously at the time of decryption key generation, the load of re-encryption key generation for users almost vanishes.