TY - GEN

T1 - Proxy Cryptography Revisited

AU - Ivan, Anca

AU - Dodis, Yevgeniy

N1 - Publisher Copyright:
© 2003 Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003. All Rights Reserved.

PY - 2003

Y1 - 2003

N2 - In this work we revisit and formally study the notion of proxy cryptography. Intuitively, various proxy functions allow two cooperating parties F (the “FBI”) and P (the “proxy”) to duplicate the functionality available to the third party U (the “user”), without being able to perform this functionality on their own (without cooperation). The concept is closely related to the notion of threshold cryptography, except we deal with only two parties P and F , and place very strict restrictions on the way the operations are performed (which is done for the sake of efficiency, usability and scalability). For example, for decryption (resp. signature) P (F) sends a single message to F (P), after which the latter can decrypt (sign) the message. Our formal modeling of proxy cryptography significantly generalizes, simplifies and simultaneously clarifies the model of “atomic proxy” suggested by Blaze and Strauss [4]. In particular, we define bidirectional and unidirectional variants of our model1, and show extremely simple generic solutions for proxy signature and encryption in these models. We also give more efficient solutions for several specific schemes. We conclude that proxy cryptography is a relatively simple concept to satisfy when looked from the correct and formal standpoint.

AB - In this work we revisit and formally study the notion of proxy cryptography. Intuitively, various proxy functions allow two cooperating parties F (the “FBI”) and P (the “proxy”) to duplicate the functionality available to the third party U (the “user”), without being able to perform this functionality on their own (without cooperation). The concept is closely related to the notion of threshold cryptography, except we deal with only two parties P and F , and place very strict restrictions on the way the operations are performed (which is done for the sake of efficiency, usability and scalability). For example, for decryption (resp. signature) P (F) sends a single message to F (P), after which the latter can decrypt (sign) the message. Our formal modeling of proxy cryptography significantly generalizes, simplifies and simultaneously clarifies the model of “atomic proxy” suggested by Blaze and Strauss [4]. In particular, we define bidirectional and unidirectional variants of our model1, and show extremely simple generic solutions for proxy signature and encryption in these models. We also give more efficient solutions for several specific schemes. We conclude that proxy cryptography is a relatively simple concept to satisfy when looked from the correct and formal standpoint.

UR - http://www.scopus.com/inward/record.url?scp=57949106557&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=57949106557&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:57949106557

T3 - Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003

BT - Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003

PB - The Internet Society

T2 - 10th Symposium on Network and Distributed System Security, NDSS 2003

Y2 - 6 February 2003

ER -