Content deleted Content added
Ryan Prior (talk | contribs) This page could use some additional organization and links to source sites. |
No edit summary |
||
Line 2:
''This page could use some additional organization and links to source sites.''
'''Proxy re-encryption''' schemes are [[cryptosystem]]s which allow third-parties (proxies) to alter a [[ciphertext]] which has been encrypted for one party, so that it may be decrypted by another. For example, Bob could designate a proxy to re-encrypt message encrypted for him so that Charlie can decrypt them with his key. When Alice sends a message encrypted under Bob's key, the proxy alters the message and thus Charlie can decrypt it. This makes possible a number of applications, including email forwarding, law-enforcement monitoring, and content distribution. Clearly a naive proxy re-encryption scheme is possible if the proxy possesses both parties' keys, and simply decrypts with one to reveal a plaintext which is then encrypted with the other. However, the goal of many proxy re-encryption schemes is to avoid revealing either the keys, or the underlying plaintext to the proxy.
Proxy re-encryption schemes are similar to traditional [[symmetric cryptography|symmetric]] or [[asymmetric cryptography|asymmetric]] encryption schemes, with the addition of two functions. The first, ''delegation'', allows a message recipient (keyholder) to generate a ''re-encryption key'' based on his secret key and the key of the delegated user. This re-encryption key is used by the proxy as input to the ''re-encryption'' function, which is executed by the proxy to translate ciphertexts to the delegated user's key. Asymmetric proxy re-encryption schemes come in bi-directional and uni-directional varieties. In a ''bi-directional'' scheme, the re-encryption scheme is reversible-- that is, the re-encryption key can be used to translate messages from Bob to Charlie, as well as from Charlie to Bob. This can have various security consequences, depending on the application. One notable characteristic of bi-directional schemes is that both the delegator and delegated party (e.g., Charlie and Bob) must combine their secret keys to produce the re-encryption key. A ''uni-directional'' scheme is effectively one-way; messages can be re-encrypted from Bob to Charlie, but not the reverse. Uni-directional schemes can be constructed such that the delegated party need not reveal its secret key. For example, Bob could delegate to Charlie by combining his secret key with Bob's public key.
| |||