Proxy Re-Encryption
What is Proxy Re-Encryption?
Proxy Re-EncryptionA cryptographic technique that lets a semi-trusted proxy transform a ciphertext encrypted under Alice's key into one decryptable by Bob without learning the plaintext.
Proxy Re-Encryption (PRE), formalised by Blaze, Bleumer, and Strauss in 1998 and later refined by Ateniese et al., allows Alice to delegate decryption of her ciphertexts to Bob by issuing the proxy a re-encryption key rk_{A->B}. The proxy converts each ciphertext under pk_A into a ciphertext under pk_B without ever seeing the plaintext or learning either private key. Schemes can be unidirectional or bidirectional, single-hop or multi-hop, and may be built on ElGamal, BBS98, AFGH, or pairing-based constructions; lattice-based PRE offers post-quantum candidates. PRE is the cryptographic foundation of NuCypher/Threshold, Umbral, secure data sharing in DRM, encrypted email forwarding, and key rotation in encrypted cloud storage without re-encrypting bulk data.
● Examples
- 01
NuCypher / Threshold Network uses Umbral PRE for decentralised key sharing.
- 02
A user rotates from old to new key without re-encrypting petabytes of stored ciphertexts.
● Frequently asked questions
What is Proxy Re-Encryption?
A cryptographic technique that lets a semi-trusted proxy transform a ciphertext encrypted under Alice's key into one decryptable by Bob without learning the plaintext. It belongs to the Cryptography category of cybersecurity.
What does Proxy Re-Encryption mean?
A cryptographic technique that lets a semi-trusted proxy transform a ciphertext encrypted under Alice's key into one decryptable by Bob without learning the plaintext.
How does Proxy Re-Encryption work?
Proxy Re-Encryption (PRE), formalised by Blaze, Bleumer, and Strauss in 1998 and later refined by Ateniese et al., allows Alice to delegate decryption of her ciphertexts to Bob by issuing the proxy a re-encryption key rk_{A->B}. The proxy converts each ciphertext under pk_A into a ciphertext under pk_B without ever seeing the plaintext or learning either private key. Schemes can be unidirectional or bidirectional, single-hop or multi-hop, and may be built on ElGamal, BBS98, AFGH, or pairing-based constructions; lattice-based PRE offers post-quantum candidates. PRE is the cryptographic foundation of NuCypher/Threshold, Umbral, secure data sharing in DRM, encrypted email forwarding, and key rotation in encrypted cloud storage without re-encrypting bulk data.
How do you defend against Proxy Re-Encryption?
Defences for Proxy Re-Encryption typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Proxy Re-Encryption?
Common alternative names include: PRE, Atomic proxy re-encryption.
● Related terms
- cryptography№ 512
Identity-Based Encryption
Public-key encryption where an arbitrary identifier (email, phone) serves as the public key, with private keys issued by a trusted Private Key Generator (Boneh/Franklin 2001).
- cryptography№ 075
Attribute-Based Encryption
Public-key encryption (Sahai/Waters 2005) where ciphertexts and keys are linked to attributes and policies, so decryption succeeds only if the policy is satisfied.
- cryptography№ 588
Key Management System
A centralised service that generates, stores, rotates, and audits cryptographic keys on behalf of applications, typically backed by hardware security modules.
- cryptography№ 384
Envelope Encryption
A pattern in which bulk data is encrypted by a fast data encryption key, which is itself encrypted (wrapped) by a master key stored in a KMS or HSM.
- cryptography№ 879
Public-Key Cryptography
A branch of cryptography that uses paired public and private keys to enable encryption, key exchange, digital signatures, and authentication without a pre-shared secret.
- cryptography№ 846
Post-Quantum Cryptography
Classical cryptographic algorithms designed to remain secure against attacks by both classical and large-scale quantum computers.