Proxy Re-Encryption (PRE) is a public-key cryptographic primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under Alice's public key into a ciphertext decryptable by Bob's private key, without the proxy ever seeing the underlying plaintext or either party's private key. This is achieved through a re-encryption key generated by Alice, which delegates decryption rights to Bob.
Glossary
Proxy Re-Encryption (PRE)

What is Proxy Re-Encryption (PRE)?
A cryptographic primitive enabling a semi-trusted proxy to transform ciphertext from one public key to another without accessing the underlying plaintext.
In financial fraud anomaly detection, PRE enables secure, collaborative analytics across institutional boundaries. A bank can encrypt sensitive transaction data under its own key, then delegate access to a consortium's fraud detection model via a proxy, ensuring the model operates on encrypted data without exposing raw customer records. This preserves data sovereignty while enabling shared intelligence against money laundering networks.
Key Properties of Proxy Re-Encryption
Proxy Re-Encryption (PRE) provides a unique set of cryptographic properties that enable secure, blinded delegation of decryption rights. These properties make it a foundational building block for privacy-preserving fraud analytics, allowing a semi-trusted proxy to transform ciphertexts without ever accessing the underlying plaintext.
Unidirectional Transformation
A fundamental property where the re-encryption key allows a proxy to transform ciphertexts from Alice to Bob, but not the reverse. This prevents the proxy from using the same key to re-encrypt messages from Bob back to Alice.
- Directional control: The delegator retains full authority over who can access their data
- Key generation: Uses Alice's private key and Bob's public key to create a one-way transformation token
- Security implication: Even if the proxy and Bob collude, they cannot recover Alice's private key
This property is critical for secure data sharing in financial consortiums where a bank may grant an auditor read-only access to encrypted transaction records without the auditor being able to share that access further.
Non-Transitivity
The proxy cannot re-delegate decryption rights by combining multiple re-encryption keys. If the proxy holds a key to transform from Alice to Bob and another from Bob to Carol, it cannot compute a valid key from Alice to Carol.
- Collusion resistance: Prevents unauthorized cascading of access rights
- Atomic delegation: Each trust relationship must be explicitly authorized by the original data owner
- Mathematical basis: Relies on the computational hardness of the bilinear Diffie-Hellman problem in pairing-based constructions
In fraud detection networks, this ensures that a regulator granted access by Bank A cannot automatically gain access to Bank B's data through a chain of re-encryption keys, preserving the granularity of consent.
Proxy Opacity
The semi-trusted proxy performs the ciphertext transformation while remaining statistically oblivious to the underlying plaintext. The proxy sees only ciphertexts and public keys, never the sensitive data itself.
- Zero plaintext exposure: The transformation function operates entirely in the encrypted domain
- Semi-trusted model: The proxy is trusted only to perform the transformation correctly, not to keep secrets
- Mathematical guarantee: Proven secure under chosen-ciphertext attack (CCA) models in modern PRE schemes
This property enables outsourced secure computation where a cloud service can re-encrypt encrypted transaction logs for different analytical engines without ever seeing raw financial data, a critical requirement for PCI-DSS and GDPR compliance.
Collusion Resistance
A robust PRE scheme ensures that even if the proxy and a delegatee (e.g., Bob) collude by pooling their information, they cannot recover the delegator's (Alice's) private key.
- Master secret safety: The delegator's long-term private key remains uncompromised
- Forward secrecy: Compromise of one delegatee does not expose past or future communications
- Cryptographic enforcement: Achieved through the use of ephemeral randomness in re-encryption key generation
In inter-bank fraud analytics, this guarantees that a compromised partner institution cannot use its re-encryption key and proxy access to decrypt transaction data from other consortium members, maintaining the integrity of the entire network.
Multi-Hop vs. Single-Hop Capability
PRE schemes are classified by how many times a ciphertext can be re-encrypted. Single-hop schemes allow only one transformation (Alice → Bob), while multi-hop schemes permit chaining (Alice → Bob → Carol).
- Single-hop advantage: Simpler construction, tighter security proofs, and lower computational overhead
- Multi-hop advantage: Enables complex delegation chains for hierarchical data access patterns
- Trade-off: Multi-hop schemes often require larger ciphertext sizes and more complex key management
For fraud detection pipelines, single-hop PRE is typically sufficient—a data owner encrypts for a central analytics engine, which re-encrypts once for a specific model inference node. Multi-hop is reserved for complex regulatory reporting chains.
Key Pair Invariance
In identity-based PRE (IB-PRE), users can encrypt data using a recipient's public identity (e.g., an email address or bank routing code) rather than a traditional public key. The re-encryption process remains compatible with standard public-key infrastructure.
- Simplified key management: Eliminates the need for pre-distributed public key certificates
- Dynamic delegation: Re-encryption keys can be generated on-demand using identity strings
- Real-world application: A fraud analyst can encrypt a suspicious transaction report for "[email protected]" and delegate decryption rights without prior key exchange
This property bridges the gap between cryptographic elegance and operational practicality, making PRE deployable in large financial ecosystems without overhauling existing identity management systems.
PRE vs. Other Cryptographic Delegation Methods
A technical comparison of Proxy Re-Encryption against alternative cryptographic approaches for secure data sharing and access delegation in privacy-preserving fraud analytics.
| Feature | Proxy Re-Encryption (PRE) | Traditional Public-Key Encryption | Attribute-Based Encryption (ABE) | Secure Multi-Party Computation (SMPC) |
|---|---|---|---|---|
Proxy Access to Plaintext | ||||
Delegation Granularity | Per-recipient key transformation | All-or-nothing decryption | Policy-based attribute matching | Function-level computation |
Re-encryption Overhead | < 50 ms per transformation | |||
Requires Online Trusted Third Party | ||||
Collusion Resistance | Proxy-delegatee collusion resistant | Not applicable | User-attribute collusion resistant | Majority-honest assumption |
Ciphertext Size Growth | Constant (no expansion) | Constant | Linear with policy complexity | Circuit-dependent |
Key Revocation Mechanism | Delegatee key revocation via proxy | Full re-encryption required | Attribute revocation via authority | Not applicable |
Suitable for Real-Time Fraud Queries |
Applications in Privacy-Preserving Fraud Analytics
Proxy Re-Encryption (PRE) enables secure, auditable data sharing between financial institutions without exposing plaintext to intermediaries. This cryptographic primitive is foundational for collaborative fraud detection across competing entities.
Cross-Institutional Watchlist Matching
PRE allows a semi-trusted proxy server to transform ciphertexts encrypted for Bank A into ciphertexts decryptable by Bank B. This enables real-time matching of encrypted transaction metadata against shared fraud watchlists without either bank revealing its proprietary data to the other or to the proxy. The proxy never sees the plaintext, ensuring zero-knowledge data sharing for collaborative risk scoring.
Secure Audit Trail Delegation
A financial institution can encrypt its transaction logs under its own public key for storage. When an auditor requires access, the institution generates a re-encryption key that allows a proxy to transform the stored ciphertexts into ones decryptable by the auditor's private key. This provides fine-grained, revocable access to sensitive data without the institution ever needing to decrypt and re-encrypt the data itself, maintaining a cryptographically secure chain of custody.
Conditional Proxy Re-Encryption (CPRE)
CPRE extends standard PRE by embedding a condition or policy into the ciphertext or re-encryption key. For fraud analytics, a transaction record can be encrypted such that it can only be re-encrypted for a regulator if the transaction amount exceeds a specific threshold or if a fraud score surpasses a defined limit. This enables attribute-based access control directly within the cryptographic layer, automating compliance reporting.
Cloud-Based Encrypted Model Inference
A fraud detection model hosted in a cloud environment can operate on encrypted input data using PRE. A client encrypts transaction features under its own key and sends them to a proxy. The proxy transforms the ciphertext for the cloud model's key without decryption. The model performs homomorphic inference on the re-encrypted data, and the encrypted result is routed back. The cloud provider never accesses raw transaction details, preserving client data sovereignty.
Syndicated Loan Fraud Monitoring
In syndicated lending, multiple banks share exposure to a single borrower. PRE enables a neutral third-party service to aggregate encrypted transaction data from all participant banks. The service re-encrypts the aggregated ciphertexts for a joint fraud analytics engine without ever seeing the underlying cash flows. This allows the syndicate to detect anomalous payment patterns or circular money flows indicative of fraud across the entire lending group while maintaining strict inter-bank confidentiality.
Key Rotation Without Decryption
When a financial institution's long-term public key is compromised or requires routine rotation, PRE provides a non-disruptive migration path. A proxy can be given a re-encryption key to transform all ciphertexts stored under the old key into ciphertexts under the new key. This cryptographic re-keying is performed without ever bulk-decrypting the sensitive transaction archive, eliminating a massive window of vulnerability and ensuring continuous protection of data at rest.
Frequently Asked Questions
Clear, technically precise answers to the most common questions about proxy re-encryption, its mechanisms, and its role in privacy-preserving fraud analytics.
Proxy re-encryption (PRE) is a cryptographic primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under one public key into a ciphertext decryptable under a different private key, without the proxy ever seeing the underlying plaintext. The mechanism relies on a re-encryption key generated by the original data owner (Alice). Alice uses her private key and Bob's public key to compute this special key, which she delegates to a proxy server. When the proxy receives ciphertext intended for Alice, it applies the re-encryption key, mathematically transforming the ciphertext into one that only Bob's private key can decrypt. Critically, the proxy performs this transformation on encrypted data; it never accesses the plaintext, nor does it possess Alice's or Bob's private keys. This property makes PRE fundamentally different from simple decrypt-and-re-encrypt schemes, which require the proxy to be fully trusted with the secret key. Modern PRE schemes are built on pairing-based cryptography and lattice-based assumptions, offering both unidirectional (Alice-to-Bob only) and collusion-resistant properties, ensuring that even if the proxy and Bob collude, they cannot recover Alice's master secret key.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Proxy Re-Encryption (PRE) is a fundamental building block for secure data sharing. It relies on and complements several other cryptographic primitives to build complete privacy-preserving systems.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us