Abstract
In a proxy re-encryption (PRE) scheme, a delegator gives a re-encryption key to a semi-trusted proxy, then the proxy can transform the delegator's ciphertexts into one that can be decrypted by a delegatee who is appointed by the delegator. The proxy cannot, however, learn anything about the encrypted messages. At CCS 2007, Canetti and Hohenberger left an interesting open problem of how to design a PRE scheme that is simultaneously unidirectional and multi-hop. This is a rather interesting problem since in some applications we may need this feature, such as in the scenario of email forwarding, a delegatee wants forward his emails that received from the delegator to another delegatee. In this work we design an unidirectional and multi-hop PRE scheme by using multilinear maps. A shortcoming of our scheme is that its security relies on some rather strong assumptions in the setting of multilinear groups.
