Proxy Re-encryption
   HOME

TheInfoList



Click Here for Items Related To - Proxy Re-encryption
OR:
Proxy Re-encryption on:   [Wikipedia]   [Google]   [Amazon]

Proxy re-encryption (PRE) schemes are
cryptosystems In cryptography, a cryptosystem is a suite of cryptographic algorithms needed to implement a particular security service, such as confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one for ...
which allow third parties ( proxies) to alter a
ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...
which has been
encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...
for one party, so that it may be decrypted by another.


Examples of use

A proxy re-encryption is generally used when one party, say Bob, wants to reveal the contents of messages sent to him and encrypted with his public key to a third party, Charlie, without revealing his private key to Charlie. Bob does not want the proxy to be able to read the contents of his messages. Bob could designate a proxy to re-encrypt one of his messages that is to be sent to Charlie. This generates a new key that Charlie can use to decrypt the message. Now if Bob sends Charlie a message that was encrypted under Bob's key, the proxy will alter the message, allowing Charlie to decrypt it. This method allows for a number of applications such as
e-mail forwarding Email forwarding generically refers to the operation of re-sending an email message delivered to one email address to one or more different email addresses. The term ''forwarding'', used for mail since long before electronic communications, has no ...
, law-enforcement monitoring, and content distribution. A weaker re-encryption scheme is one in which the proxy possesses both parties' keys simultaneously. One key decrypts a
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of com ...
, while the other encrypts it. Since the goal of many proxy re-encryption schemes is to avoid revealing either of the keys or the underlying plaintext to the proxy, this method is not ideal.


Defining functions

Proxy re-encryption schemes are similar to traditional
symmetric Symmetry (from grc, συμμετρία "agreement in dimensions, due proportion, arrangement") in everyday language refers to a sense of harmonious and beautiful proportion and balance. In mathematics, "symmetry" has a more precise definiti ...
or
asymmetric encryption Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...
schemes, with the addition of two functions: * Delegation – allows a message recipient (keyholder) to generate a re-encryption key based on his secret key and the key of the delegated user. This re-encryption key is used by the proxy as input to the re-encryption function, which is executed by the proxy to translate ciphertexts to the delegated user's key. Asymmetric proxy re-encryption schemes come in bi-directional and uni-directional varieties. ** In a ''bi-directional scheme'', the re-encryption scheme is reversible—that is, the re-encryption key can be used to translate messages from Bob to Charlie, as well as from Charlie to Bob. This can have various security consequences, depending on the application. One notable characteristic of bi-directional schemes is that both the delegator and delegated party (e.g., Charlie and Bob) must combine their secret keys to produce the re-encryption key. ** A ''uni-directional scheme'' is effectively one-way; messages can be re-encrypted from Bob to Charlie, but not the reverse. Uni-directional schemes can be constructed such that the delegated party need not reveal its secret key. For example, Bob could delegate to Charlie by combining his secret key with Charlie's public key. * Transitivity – Transitive proxy re-encryption schemes allow for a ciphertext to be re-encrypted an unlimited number of times. For example, a ciphertext might be re-encrypted from Bob to Charlie, and then again from Charlie to David and so on. Non-transitive schemes allow for only one (or a limited number) of re-encryptions on a given ciphertext. Most known schemes are bi-directional and transitive. Currently, the only known uni-directional, transitive proxy re-encryption is done through the use of
Homomorphic Encryption Homomorphic encryption is a form of encryption that permits users to perform computations on its encrypted data without first decrypting it. These resulting computations are left in an encrypted form which, when decrypted, result in an identical ...
. * Cloud Computing – Proxy re-encryption has potential applications for secure sharing in a cloud computing environment. In the cloud scenario the re-encryption key is provided to the cloud operator/admin. Looking at the Bob, Charlie, David example, the cloud would take the place of Charlie. Bob generates a re-encryption key to supply to the cloud. The cloud operator/admin completes a re-encrypt of Bob’s encrypted files into David’s files whenever David downloads Bob’s files. Challenges exist with the cloud solution. A user could conspire with a cloud operator to gain access to all a user’s, such as Bob, files. A second potential challenge is segmentation via access control. A cloud user can restrict access to files via the assignment of conditional values. However, the number of re-encryption keys grows proportionately with the number of conditional values. This situation is not optimal for resource constrained devices. Proxy re-encryption should not be confused with proxy signatures, which is a separate construction with a different purpose.


See also

*
Identity-based conditional proxy re-encryption Identity-based conditional proxy re-encryption (IBCPRE) is a type of proxy re-encryption (PRE) scheme in the identity-based public key cryptographic setting. An IBCPRE scheme is a natural extension of proxy re-encryption on two aspects. The firs ...


References

{{reflist * M. Blaze, G. Bleumer, M. Strauss
Divertible Protocols and Atomic Proxy Cryptography
* Bertino, E., Sandhu, R
"Database security - concepts, approaches, and challenges."
''IEEE Transactions on Dependable and Secure Computing'' 2 (2005): 2-19 * G. Ateniese, K. Fu, M. Green, S. Hohenberger.
Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage
Proceedings of the 12th Annual Network and Distributed Systems Security Symposium (NDSS 2005), San Diego, California, 2005. * M. Green, G. Ateniese.
Identity-Based Proxy Re-encryption
Applied Cryptography and Network Security Conference, June 2007. * S. Hohenberger, G. Rothblum, a. shelat, and V. Vaikuntanathan. Securely Obfuscating Re-encryption. Proceedings of the Theory of Cryptography Conference (TCC), 2007.
The JHU-MIT Proxy Re-cryptography Library


Public-key cryptography