Obfuscating Re-encryption Algorithm With Flexible and Controllable Multi-Hop on Untrusted Outsourcing Server.

An outsourcing re-encryption program can help a ciphertext owner (delegator) transform his/her ciphertext into another ciphertext of delegatee. For example, an e-mail receiver can re-transfer an encrypted e-mail to his secretary while allowing the e-mail to be readable for her. For a multi-hop re-encryption, the delegatee can re-encrypt the ciphertext to another user in delegation chain, repeatedly. Traditionally, this transformation is usually conducted by a proxy or an outsourcing server. However, the proxy or outsourcing server needs a re-encryption key (i.e., re-key) and the re-encryption program must execute in a black-box manner (cannot trace into or debug and monitor the program), and thus the outsource server must be semi-trusted. Actually, as the outsource program was run and fully controlled by the server, in this paper, we consider a stronger attack in the case that the re-encryption program was run on an untrusted/maliciousserver and even the server can trace into the codes and monitor the variables during the executing. We design a secure multi-hop re-encryption scheme, and then convert the re-encryption program into an obfuscated version with constant-hiding to ensure no sensitive information be revealed. The obfuscator of multi-hop re-encryption is to faithfully hide the program and its sensitive data that takes a re-encryption program/circuit as input and outputs another program with the same functionality, while revealing no more sensitive information (i.e., sensitive key and plaintext) than learns from the black-box oracle access to the original program. We also present a flexible and controllable construction of re-encryption scheme, functionality model and its obfuscation version in leveled multilinear groups, and exemplify some scenarios to deploy in various applications. Finally, we provide the performance analysis of the obfuscator, such as functionality preservation of consistency, polynomial slowdown of performance, and average-case virtual black-box of security, and show that the obfuscator is efficient and practical in use.