TY - GEN
T1 - Proxy Cryptography Revisited
AU - Ivan, Anca
AU - Dodis, Yevgeniy
N1 - Publisher Copyright:
© 2003 Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003. All Rights Reserved.
PY - 2003
Y1 - 2003
N2 - In this work we revisit and formally study the notion of proxy cryptography. Intuitively, various proxy functions allow two cooperating parties F (the “FBI”) and P (the “proxy”) to duplicate the functionality available to the third party U (the “user”), without being able to perform this functionality on their own (without cooperation). The concept is closely related to the notion of threshold cryptography, except we deal with only two parties P and F , and place very strict restrictions on the way the operations are performed (which is done for the sake of efficiency, usability and scalability). For example, for decryption (resp. signature) P (F) sends a single message to F (P), after which the latter can decrypt (sign) the message. Our formal modeling of proxy cryptography significantly generalizes, simplifies and simultaneously clarifies the model of “atomic proxy” suggested by Blaze and Strauss [4]. In particular, we define bidirectional and unidirectional variants of our model1, and show extremely simple generic solutions for proxy signature and encryption in these models. We also give more efficient solutions for several specific schemes. We conclude that proxy cryptography is a relatively simple concept to satisfy when looked from the correct and formal standpoint.
AB - In this work we revisit and formally study the notion of proxy cryptography. Intuitively, various proxy functions allow two cooperating parties F (the “FBI”) and P (the “proxy”) to duplicate the functionality available to the third party U (the “user”), without being able to perform this functionality on their own (without cooperation). The concept is closely related to the notion of threshold cryptography, except we deal with only two parties P and F , and place very strict restrictions on the way the operations are performed (which is done for the sake of efficiency, usability and scalability). For example, for decryption (resp. signature) P (F) sends a single message to F (P), after which the latter can decrypt (sign) the message. Our formal modeling of proxy cryptography significantly generalizes, simplifies and simultaneously clarifies the model of “atomic proxy” suggested by Blaze and Strauss [4]. In particular, we define bidirectional and unidirectional variants of our model1, and show extremely simple generic solutions for proxy signature and encryption in these models. We also give more efficient solutions for several specific schemes. We conclude that proxy cryptography is a relatively simple concept to satisfy when looked from the correct and formal standpoint.
UR - http://www.scopus.com/inward/record.url?scp=57949106557&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=57949106557&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:57949106557
T3 - Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003
BT - Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003
PB - The Internet Society
T2 - 10th Symposium on Network and Distributed System Security, NDSS 2003
Y2 - 6 February 2003
ER -