Common use of Protocol Analysis Clause in Contracts

Protocol Analysis. This section discusses the strength of the ALPKA 1 and ALPKA 2 proto- cols against the required security features of a proxy re-encryption scheme, as mentioned in Section 3. Fig. 4 Schematic overview of the cryptographic operations in the second part of the ReEn- crypt phase and the DeCrypt phase, performed by the proxy Pk and receiver Uj . Both for the communication from Ui to Uj and vice versa, the re-encryption scheme is similar, due to construction, i.e. rkij = (h(siǁBj) · h(sjǁBi))−1 = rkji = (h(sjǁBi) · h(siǁBj))−1 In the ALPKA 2 scheme, this feature is not applicable since there is no re-encryption key used. – Interactivity: The presence of this feature is one of the main differences between ALPKA 1 and ALPKA 2 schemes. The protocol ALPKA 1 is not interactive as for the computation of the key K1 by the receiver, since the proxy first needs to use additional information (proxy re-encryption key) coming from the KDC. For the key K2 in ALPKA 2 on the other hand, it suffices to securely forward the random value Ni, generated by the sending entity. Unfortunately, we explain later that it is not possible to combine the non-interactive property with a collusion resistant feature.

Protocol Analysis. This section discusses the strength of the ALPKA 1 and ALPKA 2 proto- cols against the required security features of a proxy re-encryption scheme, as mentioned in Section 3. Fig. 4 Schematic overview of the cryptographic operations in the second part of the ReEn- crypt phase and the DeCrypt phase, performed by the proxy Pk and receiver Uj . Both for the communication from Ui to Uj and vice versa, the re-encryption scheme is similar, due to construction, i.e. rkij = (h(siǁBjh(si Bj) · h(sjǁBi))−1 h(sj Bi))−1 = rkji = (h(sjǁBih(sj Bi) · h(siǁBj))−1 h(si Bj))−1 In the ALPKA 2 scheme, this feature is not applicable since there is no re-encryption key used. – Interactivity: The presence of this feature is one of the main differences between ALPKA 1 and ALPKA 2 schemes. The protocol ALPKA 1 is not interactive as for the computation of the key K1 by the receiver, since the proxy first needs to use additional information (proxy re-encryption key) coming from the KDC. For the key K2 in ALPKA 2 on the other hand, it suffices to securely forward the random value Ni, generated by the sending entity. Unfortunately, we explain later that it is not possible to combine the non-interactive property with a collusion resistant feature.