Content deleted Content added
new |
No edit summary |
||
Line 1:
'''Proxy re-encryption''' schemes are [[cryptosystem]]s which allow third-parties (proxies) to alter a [[ciphertext]] which has been encrypted for one party, so that it may be decrypted by another. For example, Bob could designate a proxy to re-encrypt
Proxy re-encryption schemes are similar to traditional [[symmetric cryptography|symmetric]] or [[asymmetric cryptography|asymmetric]] encryption schemes, with the addition of two functions. The first, ''delegation'', allows a message recipient (keyholder) to generate a ''re-encryption key'' based on his secret key and the key of the delegated user. This re-encryption key is used by the proxy as input to the ''re-encryption'' function, which is executed by the proxy to translate ciphertexts to the delegated user's key. Asymmetric proxy re-encryption schemes come in bi-directional and uni-directional varieties. In a ''bi-directional'' scheme, the re-encryption scheme is reversible-- that is, the re-encryption key can be used to translate messages from Bob to Charlie, as well as from Charlie to Bob. This can have various security consequences, depending on the application. One notable characteristic of bi-directional schemes is that both the delegator and delegated party (e.g., Charlie and Bob) must combine their secret keys to produce the re-encryption key. A ''uni-directional'' scheme is effectively one-way; messages can be re-encrypted from Bob to Charlie, but not the reverse. Uni-directional schemes can be constructed such that the delegated party need not reveal its secret key. For example, Bob could delegate to Charlie by combining his secret key with Bob's public key.
| |||