Home

reencrypt

Reencrypt, or re-encrypt, is the process of transforming ciphertext that was produced under one encryption key so that it can be decrypted with a different key. In a straightforward setting, this is achieved by decrypting the ciphertext with the original key and then re-encrypting the plaintext with the new key. In public-key systems, a more advanced form known as proxy re-encryption allows a separate entity (a proxy) to transform a ciphertext from one recipient’s public key to another’s without learning the underlying plaintext.

Proxy re-encryption schemes enable controlled data sharing and key management in environments such as cloud storage

Applications of re-encryption include secure data sharing in the cloud, where a data owner can grant access

and
distributed
systems.
The
concept
was
introduced
by
researchers
Blaze,
Bleumer,
and
Schellekens
in
the
late
1990s,
and
since
then
schemes
have
been
developed
with
various
security
guarantees
and
performance
characteristics.
Re-encryption
can
be
configured
to
support
delegation
of
access,
revocation
of
rights,
and
key
rotation,
depending
on
the
design
of
the
scheme.
to
a
third
party
without
re-encrypting
data
locally,
and
scenarios
that
require
key
rotation
to
limit
exposure
or
to
migrate
data
between
systems.
Security
considerations
emphasize
protecting
the
proxy
and
the
re-encryption
keys,
since
a
compromised
proxy
or
keys
could
enable
unauthorized
access
or
ciphertext
transformation.
Some
designs
prioritize
stronger
confidentiality
guarantees
at
the
cost
of
efficiency,
while
others
emphasize
practical
deployment
and
interoperability
with
existing
cryptographic
primitives.