Proxy re-encryption: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 08:22, 16 July 2022 edit 210.212.254.65 (talk) →Examples of use Tag: Reverted ← Previous edit		Latest revision as of 16:54, 15 August 2025 edit undo Letscontributes (talk \| contribs) 111 edits Link suggestions feature: 2 links added. Tags: Visual edit Newcomer task Suggested: add links
(9 intermediate revisions by 6 users not shown)
Line 5: Bob could designate a proxy to re-encrypt one of his messages that is to be sent to Charlie. This generates a new [[Key (cryptography)\|key]] that Charlie can use to decrypt the message. Now if Bob sends Charlie a message that was encrypted under Bob's key, the proxy will alter the message, allowing Charlie to decrypt it. This method allows for a number of applications such as [[e-mail forwarding]], law-enforcement monitoring, and content distribution. A weaker re-encryption scheme is one in which the proxy possesses both parties' keys simultaneously. One key decrypts a [[plaintext]], while the other encrypts it. Since the goal of many proxy re-encryption schemes is to avoid revealing either of the keys or the underlying plaintext to the proxy, this method is not ideal. ==Defining functions== Line 12: In a ''bi-directional scheme'', the re-encryption scheme is reversible—that is, the re-encryption key can be used to translate messages from Bob to Charlie, as well as from Charlie to Bob. This can have various security consequences, depending on the application. One notable characteristic of bi-directional schemes is that both the delegator and delegated party (e.g., Charlie and Bob) must combine their secret keys to produce the re-encryption key. A ''uni-directional scheme'' is effectively one-way; messages can be re-encrypted from Bob to Charlie, but not the reverse. Uni-directional schemes can be constructed such that the delegated party need not reveal its secret key. For example, Bob could delegate to Charlie by combining his secret key with Charlie's public key. * '''Transitivity''' – Transitive proxy re-encryption schemes allow for a ciphertext to be re-encrypted an unlimited number of times. For example, a ciphertext might be re-encrypted from Bob to Charlie, and then again from Charlie to David and so on. Non-transitive schemes allow for only one (or a limited number) of re-encryptions on a given ciphertext. Most known schemes are bi-directional and transitive. Currently, the only known uni-directional, transitive proxy re-encryption is done through the use of [[~~Homomorphic~~homomorphic encryption~~\|Homomorphic Encryption~~]].<ref>{{Cite book\|url=https://crypto.stanford.edu/craig/craig-thesis.pdf\|title=A Fully Homomorphic Encryption System\|last=Gentry\|first=Craig\|date=September 2009\|pages=35}}</ref> * '''Cloud Computing''' – Proxy re-encryption has potential applications for secure sharing in a [[cloud computing]] environment. In the cloud scenario the re-encryption key is provided to the cloud operator/admin. Looking at the Bob, Charlie, David example, the cloud would take the place of Charlie. Bob generates a re-encryption key to supply to the cloud. The cloud operator/admin completes a re-encrypt of Bob’s encrypted files into David’s files whenever David downloads Bob’s files. Challenges exist with the cloud solution. A user could conspire with a cloud operator to gain access to all a user’s, such as Bob, files. A second potential challenge is segmentation via [[access control]]. A cloud user can restrict access to files via the assignment of conditional values. However, the number of re-encryption keys grows proportionately with the number of conditional values. This situation is not optimal for resource constrained devices.<ref>{{cite ~~journal~~book \|last1=W. Chen, C. Fan, Y. Tseng \|title=2018 IEEE Conference on Dependable and Secure Computing (DSC) \|chapter=Efficient Key-Aggregate Proxy Re-Encryption for Secure Data Sharing in Clouds ~~\|journal=2018 IEEE Conference on Dependable and Secure Computing (DSC)~~ \|pages=1–4 \|date=10–13 December 2018 \|doi=10.1109/DESEC.2018.8625149\|isbn=978-1-5386-5790-4 \|s2cid=59232591 \|chapter-url=http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0721117-175956 }}</ref> Proxy re-encryption should not be confused with [[proxy ~~signatures~~signature]]s, which is a separate construction with a different purpose. == See also == Line 23: {{reflist}} * M. Blaze, G. Bleumer, M. Strauss. [https://archive.today/20130212115133/http://link.springer.de/link/service/series/0558/bibs/1403/14030127.htm Divertible Protocols and Atomic Proxy Cryptography]. * Bertino, E., Sandhu, R. [http://ieeexplore.ieee.org/search/wrapper.jsp?arnumber=1416861 "Database security - concepts, approaches, and challenges."]{{dead link\|date=January 2025\|bot=medic}}{{cbignore\|bot=medic}} ''IEEE Transactions on Dependable and Secure Computing'' 2 (2005): 2-19 * G. Ateniese, K. Fu, M. Green, S. Hohenberger. [http://spar.isi.jhu.edu/~mgreen/proxy.pdf Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage]. Proceedings of the 12th Annual Network and Distributed Systems Security Symposium (NDSS 2005), San Diego, California, 2005. * M. Green, G. Ateniese. [http://eprint.iacr.org/2006/473 Identity-Based Proxy Re-encryption]. Applied Cryptography and Network Security Conference, June 2007. * S. Hohenberger, G. Rothblum, a. shelat, and V. Vaikuntanathan. Securely Obfuscating Re-encryption. Proceedings of the Theory of Cryptography Conference (TCC), 2007. * [http://spar.isi.jhu.edu/~mgreen/prl/ The JHU-MIT Proxy Re-cryptography Library] * [https://web.archive.org/web/20150916004239/http://~~tdt~~ndc.~~sjtu~~zjgsu.edu.cn/~jshao/prcbib.htm Bibliography on Proxy Re-Cryptography] ~~[[Category:Cryptography]]~~ [[Category:Public-key cryptography]]