Inferensys

Glossary

Proxy Re-Encryption (PRE)

A cryptographic primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under one public key into a ciphertext decryptable under a different private key, without seeing the plaintext.
Overhead shot of a beautifully lit strategy meeting in a modern WeWork hot desk area, designers and executives gathered around a live AI system diagram projected on smart table surface.
CRYPTOGRAPHIC PRIMITIVE

What is Proxy Re-Encryption (PRE)?

A cryptographic primitive enabling a semi-trusted proxy to transform ciphertext from one public key to another without accessing the underlying plaintext.

Proxy Re-Encryption (PRE) is a public-key cryptographic primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under Alice's public key into a ciphertext decryptable by Bob's private key, without the proxy ever seeing the underlying plaintext or either party's private key. This is achieved through a re-encryption key generated by Alice, which delegates decryption rights to Bob.

In financial fraud anomaly detection, PRE enables secure, collaborative analytics across institutional boundaries. A bank can encrypt sensitive transaction data under its own key, then delegate access to a consortium's fraud detection model via a proxy, ensuring the model operates on encrypted data without exposing raw customer records. This preserves data sovereignty while enabling shared intelligence against money laundering networks.

CRYPTOGRAPHIC PRIMITIVES

Key Properties of Proxy Re-Encryption

Proxy Re-Encryption (PRE) provides a unique set of cryptographic properties that enable secure, blinded delegation of decryption rights. These properties make it a foundational building block for privacy-preserving fraud analytics, allowing a semi-trusted proxy to transform ciphertexts without ever accessing the underlying plaintext.

01

Unidirectional Transformation

A fundamental property where the re-encryption key allows a proxy to transform ciphertexts from Alice to Bob, but not the reverse. This prevents the proxy from using the same key to re-encrypt messages from Bob back to Alice.

  • Directional control: The delegator retains full authority over who can access their data
  • Key generation: Uses Alice's private key and Bob's public key to create a one-way transformation token
  • Security implication: Even if the proxy and Bob collude, they cannot recover Alice's private key

This property is critical for secure data sharing in financial consortiums where a bank may grant an auditor read-only access to encrypted transaction records without the auditor being able to share that access further.

02

Non-Transitivity

The proxy cannot re-delegate decryption rights by combining multiple re-encryption keys. If the proxy holds a key to transform from Alice to Bob and another from Bob to Carol, it cannot compute a valid key from Alice to Carol.

  • Collusion resistance: Prevents unauthorized cascading of access rights
  • Atomic delegation: Each trust relationship must be explicitly authorized by the original data owner
  • Mathematical basis: Relies on the computational hardness of the bilinear Diffie-Hellman problem in pairing-based constructions

In fraud detection networks, this ensures that a regulator granted access by Bank A cannot automatically gain access to Bank B's data through a chain of re-encryption keys, preserving the granularity of consent.

03

Proxy Opacity

The semi-trusted proxy performs the ciphertext transformation while remaining statistically oblivious to the underlying plaintext. The proxy sees only ciphertexts and public keys, never the sensitive data itself.

  • Zero plaintext exposure: The transformation function operates entirely in the encrypted domain
  • Semi-trusted model: The proxy is trusted only to perform the transformation correctly, not to keep secrets
  • Mathematical guarantee: Proven secure under chosen-ciphertext attack (CCA) models in modern PRE schemes

This property enables outsourced secure computation where a cloud service can re-encrypt encrypted transaction logs for different analytical engines without ever seeing raw financial data, a critical requirement for PCI-DSS and GDPR compliance.

04

Collusion Resistance

A robust PRE scheme ensures that even if the proxy and a delegatee (e.g., Bob) collude by pooling their information, they cannot recover the delegator's (Alice's) private key.

  • Master secret safety: The delegator's long-term private key remains uncompromised
  • Forward secrecy: Compromise of one delegatee does not expose past or future communications
  • Cryptographic enforcement: Achieved through the use of ephemeral randomness in re-encryption key generation

In inter-bank fraud analytics, this guarantees that a compromised partner institution cannot use its re-encryption key and proxy access to decrypt transaction data from other consortium members, maintaining the integrity of the entire network.

05

Multi-Hop vs. Single-Hop Capability

PRE schemes are classified by how many times a ciphertext can be re-encrypted. Single-hop schemes allow only one transformation (Alice → Bob), while multi-hop schemes permit chaining (Alice → Bob → Carol).

  • Single-hop advantage: Simpler construction, tighter security proofs, and lower computational overhead
  • Multi-hop advantage: Enables complex delegation chains for hierarchical data access patterns
  • Trade-off: Multi-hop schemes often require larger ciphertext sizes and more complex key management

For fraud detection pipelines, single-hop PRE is typically sufficient—a data owner encrypts for a central analytics engine, which re-encrypts once for a specific model inference node. Multi-hop is reserved for complex regulatory reporting chains.

06

Key Pair Invariance

In identity-based PRE (IB-PRE), users can encrypt data using a recipient's public identity (e.g., an email address or bank routing code) rather than a traditional public key. The re-encryption process remains compatible with standard public-key infrastructure.

  • Simplified key management: Eliminates the need for pre-distributed public key certificates
  • Dynamic delegation: Re-encryption keys can be generated on-demand using identity strings
  • Real-world application: A fraud analyst can encrypt a suspicious transaction report for "[email protected]" and delegate decryption rights without prior key exchange

This property bridges the gap between cryptographic elegance and operational practicality, making PRE deployable in large financial ecosystems without overhauling existing identity management systems.

DELEGATION MECHANISM COMPARISON

PRE vs. Other Cryptographic Delegation Methods

A technical comparison of Proxy Re-Encryption against alternative cryptographic approaches for secure data sharing and access delegation in privacy-preserving fraud analytics.

FeatureProxy Re-Encryption (PRE)Traditional Public-Key EncryptionAttribute-Based Encryption (ABE)Secure Multi-Party Computation (SMPC)

Proxy Access to Plaintext

Delegation Granularity

Per-recipient key transformation

All-or-nothing decryption

Policy-based attribute matching

Function-level computation

Re-encryption Overhead

< 50 ms per transformation

Requires Online Trusted Third Party

Collusion Resistance

Proxy-delegatee collusion resistant

Not applicable

User-attribute collusion resistant

Majority-honest assumption

Ciphertext Size Growth

Constant (no expansion)

Constant

Linear with policy complexity

Circuit-dependent

Key Revocation Mechanism

Delegatee key revocation via proxy

Full re-encryption required

Attribute revocation via authority

Not applicable

Suitable for Real-Time Fraud Queries

PROXY RE-ENCRYPTION

Applications in Privacy-Preserving Fraud Analytics

Proxy Re-Encryption (PRE) enables secure, auditable data sharing between financial institutions without exposing plaintext to intermediaries. This cryptographic primitive is foundational for collaborative fraud detection across competing entities.

01

Cross-Institutional Watchlist Matching

PRE allows a semi-trusted proxy server to transform ciphertexts encrypted for Bank A into ciphertexts decryptable by Bank B. This enables real-time matching of encrypted transaction metadata against shared fraud watchlists without either bank revealing its proprietary data to the other or to the proxy. The proxy never sees the plaintext, ensuring zero-knowledge data sharing for collaborative risk scoring.

Zero
Plaintext Exposure to Proxy
Real-time
Cross-Bank Matching
02

Secure Audit Trail Delegation

A financial institution can encrypt its transaction logs under its own public key for storage. When an auditor requires access, the institution generates a re-encryption key that allows a proxy to transform the stored ciphertexts into ones decryptable by the auditor's private key. This provides fine-grained, revocable access to sensitive data without the institution ever needing to decrypt and re-encrypt the data itself, maintaining a cryptographically secure chain of custody.

Revocable
Access Control
Immutable
Audit Trail
03

Conditional Proxy Re-Encryption (CPRE)

CPRE extends standard PRE by embedding a condition or policy into the ciphertext or re-encryption key. For fraud analytics, a transaction record can be encrypted such that it can only be re-encrypted for a regulator if the transaction amount exceeds a specific threshold or if a fraud score surpasses a defined limit. This enables attribute-based access control directly within the cryptographic layer, automating compliance reporting.

Policy-Enforced
Conditional Access
04

Cloud-Based Encrypted Model Inference

A fraud detection model hosted in a cloud environment can operate on encrypted input data using PRE. A client encrypts transaction features under its own key and sends them to a proxy. The proxy transforms the ciphertext for the cloud model's key without decryption. The model performs homomorphic inference on the re-encrypted data, and the encrypted result is routed back. The cloud provider never accesses raw transaction details, preserving client data sovereignty.

End-to-End
Encrypted Inference
05

Syndicated Loan Fraud Monitoring

In syndicated lending, multiple banks share exposure to a single borrower. PRE enables a neutral third-party service to aggregate encrypted transaction data from all participant banks. The service re-encrypts the aggregated ciphertexts for a joint fraud analytics engine without ever seeing the underlying cash flows. This allows the syndicate to detect anomalous payment patterns or circular money flows indicative of fraud across the entire lending group while maintaining strict inter-bank confidentiality.

Multi-Party
Secure Aggregation
06

Key Rotation Without Decryption

When a financial institution's long-term public key is compromised or requires routine rotation, PRE provides a non-disruptive migration path. A proxy can be given a re-encryption key to transform all ciphertexts stored under the old key into ciphertexts under the new key. This cryptographic re-keying is performed without ever bulk-decrypting the sensitive transaction archive, eliminating a massive window of vulnerability and ensuring continuous protection of data at rest.

Zero
Plaintext Exposure During Rotation
PROXY RE-ENCRYPTION

Frequently Asked Questions

Clear, technically precise answers to the most common questions about proxy re-encryption, its mechanisms, and its role in privacy-preserving fraud analytics.

Proxy re-encryption (PRE) is a cryptographic primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under one public key into a ciphertext decryptable under a different private key, without the proxy ever seeing the underlying plaintext. The mechanism relies on a re-encryption key generated by the original data owner (Alice). Alice uses her private key and Bob's public key to compute this special key, which she delegates to a proxy server. When the proxy receives ciphertext intended for Alice, it applies the re-encryption key, mathematically transforming the ciphertext into one that only Bob's private key can decrypt. Critically, the proxy performs this transformation on encrypted data; it never accesses the plaintext, nor does it possess Alice's or Bob's private keys. This property makes PRE fundamentally different from simple decrypt-and-re-encrypt schemes, which require the proxy to be fully trusted with the secret key. Modern PRE schemes are built on pairing-based cryptography and lattice-based assumptions, offering both unidirectional (Alice-to-Bob only) and collusion-resistant properties, ensuring that even if the proxy and Bob collude, they cannot recover Alice's master secret key.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.