Efficiently obfuscating re-encryption program under DDH assumption

The re-encryption functionality transforms a ciphertext encrypted under a public key pk1 to a ciphertext of the same message encrypted under a different public key pk2. Hohenberger et al. (TCC 2007) proposed a pairing-based obfuscator for the family of circuits implementing the re-encryption functionality under a new notion of obfuscation called as average-case secure obfuscation. Chandran et al. (PKC 2014) proposed a lattice-based construction for the same. The construction given by Hohenberger et al. could only support polynomial sized message space and the proof of security relies on strong assumptions on bilinear groups. Chandran et al.’s construction could only satisfy a relaxed notion of correctness. In this work, we propose a simple and efficient obfuscator for the re-encryption functionality that satisfies the strongest notion of correctness, supports encryption of messages from an exponential sized domain and relies on the standard DDH-assumption. This is the first construction that does not rely on pairings or lattices. All our proofs are in the standard model.