Proxy re-encryption (PRE) provides a promising solution for encrypted data sharing in public cloud. When data owner Alice is going to share her encrypted data with data consumer Bob, Alice generates a re-encryption key and sends it to the cloud server (proxy); by using it, the proxy can transform Alice's ciphertexts into Bob's without learning anything about the underlying plaintexts. Despite that existing PRE schemes can prevent the proxy from recovering Alice's secret key by collusion attacks with Bob, due to the inherent functionality of PRE, it is inevitable that the proxy and Bob together are capable to gain and distribute Alices decryption capabilities. Even worse, the malicious proxy can deny that it has leaked the decryption capabilities and has very little risk of getting caught. To tackle this problem, we introduce the concept of Accountable Proxy Re-Encryption (APRE), whereby if the proxy is accused to abuse the re-encryption key for distributing Alice's decryption capability, a judge algorithm can decide whether it is innocent or not. We then present a non-interactive APRE scheme and prove its CPA security and accountability under DBDH assumption in the standard model. Finally, we show how to extend it to a CCA secure one.

中文翻译：

---

负责安全数据共享的代理重新加密

代理重加密 (PRE) 为公共云中的加密数据共享提供了一种很有前景的解决方案。当数据所有者 Alice 准备与数据消费者 Bob 共享她的加密数据时，Alice 生成一个重加密密钥并将其发送到云服务器（代理）；通过使用它，代理可以将 Alice 的密文转换为 Bob 的密文，而无需了解任何有关底层明文的信息。尽管现有的 PRE 方案可以防止代理通过与 Bob 的共谋攻击来恢复 Alice 的密钥，但由于 PRE 的固有功能，代理和 Bob 一起获得和分发 Alice 的解密能力是不可避免的。更糟糕的是，恶意代理可以否认它已经泄露了解密功能并且被抓住的风险很小。为了解决这个问题，我们引入了问责代理重加密（APRE）的概念，如果代理被指控滥用重加密密钥来分发 Alice 的解密能力，判断算法可以判断它是否是无辜的。然后，我们提出了一个非交互式 APRE 方案，并在标准模型中的 DBDH 假设下证明了其 CPA 安全性和问责制。最后，我们展示了如何将其扩展为 CCA 安全的。