Home

reencryption

Reencryption is a cryptographic operation that transforms a ciphertext produced under one public key into a new ciphertext that can be decrypted under a different public key, without exposing the underlying plaintext. This enables data to be shared or reallocated to new recipients without requiring the data owner to re-encrypt and resend the data.

The most studied form is proxy re-encryption (PRE). In a PRE scheme, there are typically three parties:

Variants of reencryption differ in capabilities and security. Some schemes allow multi-hop re-encryption, where ciphertext can

Applications include secure data sharing in cloud storage, revocable access control, and end-to-end encrypted collaboration. Reencryption

the
data
owner
(the
delegator),
the
intended
new
recipient,
and
a
semi-trusted
proxy.
The
owner
uses
their
private
key
and
the
new
recipient’s
public
key
to
generate
a
re-encryption
key.
The
proxy
applies
this
key
to
an
existing
ciphertext,
producing
a
new
ciphertext
that
the
recipient
can
decrypt
with
their
private
key.
In
ideal
PRE
schemes,
the
proxy
learns
nothing
about
the
plaintext
during
transformation.
be
transformed
through
a
chain
of
recipients,
while
others
are
single-hop.
Non-interactive
PRE
schemes
do
not
require
ongoing
interaction
after
the
re-encryption
key
is
issued.
Security
analyses
focus
on
preserving
ciphertext
indistinguishability
(against
chosen-plaintext
or
chosen-ciphertext
attacks)
and
ensuring
the
proxy
cannot
recover
plaintext
or
derive
private
keys.
supports
key
rotation
and
access
revocation
by
enabling
re-encryption
to
new
recipients
without
re-encrypting
the
entire
dataset.
Challenges
include
key
management,
performance
overhead,
and
ensuring
robust
revocation
and
trust
assumptions
about
the
proxy.