Secure bidirectional proxy re-encryption for cryptographic cloud storage

Bidirectional proxy re-encryption allows ciphertext transformation between Alice and Bob via a semi-trusted proxy, who however cannot obtain the corresponding plaintext. Due to this special property, bidirectional proxy re-encryption has become a flexible tool in many dynamic environments, such as cryptographic cloud storage. Nonetheless, how to design a secure and efficient bidirectional proxy re-encryption is still challenging. In this paper, we propose a new bidirectional proxy re-encryption scheme that holds the following properties: (1) constant ciphertext size no matter how many times the transformation is performed; (2) master secret security in the random oracle model, i.e., Alice (resp. Bob) colluding with the proxy cannot obtain Bob's (resp. Alice's) private key; (3) replayable chosen ciphertext (RCCA) security in the random oracle model. The above three properties are usually required in the cryptographic cloud storage. Furthermore, the proposed new master secret security may be of independent interest, as it is closer to the original desire: delegate the decryption rights while keeping the signing rights.