Proxy re-encryption

Proxy re-encryption

Proxy re-encryption schemes are cryptosystems which allow third-parties (proxies) to alter a ciphertext which has been encrypted for one party, so that it may be decrypted by another.

Examples of Use

Bob could designate a proxy to re-encrypt one of his messages that is to be sent to Chris. This generates a new key that Chris can use to decrypt the message. Now if Alice sends Chris a message that was encrypted under Bob's key, the proxy will alter the message, allowing Chris to decrypt it. This method allows for a number of applications such as e-mail forwarding, law-enforcement monitoring, and content distribution.

A weaker re-encryption scheme is one in which the proxy possesses both parties' keys simultaneously. One key decrypts a plaintext, while the other encrypts it. Since the goal of many proxy re-encryption schemes is to avoid revelaing either of the keys or the underlying plaintext to the proxy, this method is not ideal.

Defining Functions

Proxy re-encryption schemes are similar to traditional symmetric or asymmetric encryption schemes, with the addition of two functions:

*Delegation - allows a message recipient (keyholder) to generate a re-encryption key based on his secret key and the key of the delegated user. This re-encryption key is used by the proxy as input to the re-encryption function, which is executed by the proxy to translate ciphertexts to the delegated user's key. Asymmetric proxy re-encryption schemes come in bi-directional and uni-directional varieties.
**In a "bi-directional scheme", the re-encryption scheme is reversible-- that is, the re-encryption key can be used to translate messages from Bob to Charlie, as well as from Charlie to Bob. This can have various security consequences, depending on the application. One notable characteristic of bi-directional schemes is that both the delegator and delegated party (e.g., Charlie and Bob) must combine their secret keys to produce the re-encryption key.
**A "uni-directional scheme" is effectively one-way; messages can be re-encrypted from Bob to Charlie, but not the reverse. Uni-directional schemes can be constructed such that the delegated party need not reveal its secret key. For example, Bob could delegate to Charlie by combining his secret key with Bob's public key.

*Transitivity - Transitive proxy re-encryption schemes allow for a ciphertext to be re-encrypted an unlimited number of times. For example, a ciphertext might be re-encrypted from Bob to Charlie, and then again from Charlie to David and so on. Non-transitive schemes allow for only one (or a limited number) of re-encryptions on a given ciphertext. Currently, there is no known uni-directional, transitive proxy re-encryption scheme. It is an open problem as to whether such constructions are possible.

Proxy re-encryption should not be confused with proxy signatures, which is a separate construction with a different purpose.


* M. Blaze, G. Bleumer, M. Strauss. [ Divertible Protocols and Atomic Proxy Cryptography] .

*Bertino, E., Sandhu, R. [ "Database security - concepts, approaches, and challenges."] IEEE Transations on Dependable and Secure Computing 2 (2005): 2-19

*G. Ateniese, K. Fu, M. Green, S. Hohenberger. [ Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage] . Proceedings of the 12th Annual Network and Distributed Systems Security Symposium (NDSS 2005), San Diego, California, 2005.

*M. Green, G. Ateniese. [ Identity-Based Proxy Re-encryption] . Applied Cryptography and Network Security Conference, June 2007.

*S. Hohenberger, G. Rothblum, a. shelat, and V. Vaikuntanathan. Securely Obfuscating Re-encryption. Proceedings of the Theory of Cryptography Conference (TCC), 2007.

* [ The JHU-MIT Proxy Re-cryptography Library]

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Proxy server — For Wikipedia s policy on editing from open proxies, please see Wikipedia:Open proxies. Communication between two computers (shown in grey) connected through a third computer (shown in red) acting as a proxy. In …   Wikipedia

  • Reverse proxy — A reverse proxy or surrogate is a proxy server that is installed within the neighborhood of one or more servers. Typically, reverse proxies are used in front of Web servers. All connections coming from the Internet addressed to one of the Web… …   Wikipedia

  • Performance Enhancement Proxy — Ein Performance Enhancement Proxy Server oder Performance Enhancing Proxy (PEP), zu deutsch etwa Proxyserver zur Leistungssteigerung, ist ein Proxyserver, der TCP auf der Transportebene beschleunigt, wenn Internet Dienste über… …   Deutsch Wikipedia

  • Information security audit — An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple type of audits, multiple objectives for different audits, etc. Most… …   Wikipedia

  • Elliptic curve cryptography — (ECC) is an approach to public key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[1] and Victor S. Miller[2] in 1985.… …   Wikipedia

  • Anonymity application — An anonymity application is any software application which can be used to access a network, such as the Internet, anonymously. The application can use either private or public anonymous proxy servers, encryption or even spoofing, diversion and… …   Wikipedia

  • Tor (anonymity network) — Tor Developer(s) The Tor Project[1] Initial release 20 September 2002 (2002 09 20) …   Wikipedia

  • Comparison of VoIP software — VoIP software is used to conduct telephone like voice conversations across Internet Protocol (IP) based networks. VoIP stands for Voice over IP . For residential markets, VoIP phone service is often cheaper than traditional public switched… …   Wikipedia

  • Mobile operating system — A mobile operating system, also known as a mobile OS, mobile software platform or a handheld operating system, is the operating system that controls a mobile device or information appliance similar in principle to an operating system such as… …   Wikipedia

  • Off-the-Record Messaging — Off the Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric key algorithm, the Diffie–Hellman key exchange,… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”