Inferensys

Glossary

Proxy Re-Encryption (PRE)

A cryptographic scheme allowing a semi-trusted proxy to transform ciphertext encrypted under one public key into ciphertext encrypted under another, without the proxy ever learning the underlying plaintext.
Moody home-office setup in a converted highrise loft, analyst working late with multiple screens showing knowledge graph visualizations, city lights through large windows behind.
CRYPTOGRAPHIC DELEGATION

What is Proxy Re-Encryption (PRE)?

A cryptographic scheme enabling a semi-trusted proxy to transform ciphertext encrypted under one public key into ciphertext encrypted under another, without the proxy ever learning the underlying plaintext.

Proxy Re-Encryption (PRE) is a public-key cryptographic primitive that allows a semi-trusted proxy server to transform a ciphertext encrypted for Alice into a ciphertext encrypted for Bob, without the proxy ever gaining access to the plaintext or the private keys of either party. This is achieved through a re-encryption key generated by Alice, which delegates decryption rights to Bob.

In healthcare federated learning, PRE enables a secure data-sharing architecture where encrypted patient records stored on a hospital's server can be re-encrypted by a proxy for a research institution's public key, ensuring the cloud or proxy infrastructure handling the transformation remains blind to the sensitive clinical data. This is distinct from standard decryption-and-re-encryption, which would expose the plaintext to the intermediary.

CRYPTOGRAPHIC ARCHITECTURE

Key Properties of PRE Schemes

Proxy Re-Encryption (PRE) is defined by a set of distinct cryptographic properties that determine its suitability for different trust models and deployment scenarios. These properties govern the directionality of transformation, the number of re-encryption hops permitted, and the level of trust placed in the proxy.

01

Unidirectionality

A unidirectional PRE scheme allows the proxy to transform ciphertexts from Alice to Bob but not from Bob to Alice without a separate delegation key. This is the standard for secure data sharing, as it prevents the proxy from reversing the flow of information. In contrast, bidirectional schemes use a single delegation key that enables transformation in both directions, which is computationally efficient but requires a higher degree of mutual trust between the delegator and delegatee.

02

Single-Hop vs. Multi-Hop

This property defines the re-encryption chain depth.

  • Single-Hop: A ciphertext can be re-encrypted only once. If Alice delegates to Bob, Bob cannot re-delegate that ciphertext to Carol. This provides strict access control and prevents transitive trust.
  • Multi-Hop: A ciphertext can be re-encrypted sequentially multiple times (Alice → Bob → Carol). This enables cascading data sharing workflows but requires careful management to prevent unauthorized downstream access.
03

Transparency

In a transparent PRE scheme, the delegatee (Bob) uses his standard private key to decrypt a re-encrypted ciphertext, without any awareness that re-encryption occurred. The process is invisible to the end recipient. In a non-transparent scheme, Bob requires a separate, delegation-specific secret key. Transparency simplifies key management and is preferred for seamless user experiences in production systems.

04

Collusion Resistance

Collusion resistance defines the scheme's resilience when the proxy and delegatee conspire to recover the delegator's secret key.

  • Collusion-Safe (Non-Transferable): Even if the proxy and Bob combine their knowledge (re-encryption key and Bob's private key), they cannot compute Alice's full private key. This is a critical security property for untrusted proxy environments.
  • Collusion-Insecure: The proxy and delegatee can collude to expose the delegator's private key, limiting use to fully trusted proxies.
05

Interactivity

This property governs the delegation key generation process.

  • Interactive: Alice must engage in a multi-round protocol with Bob (or a trusted third party) to generate the re-encryption key. This requires Bob to be online and cooperative.
  • Non-Interactive: Alice can generate the re-encryption key independently using only her private key and Bob's public key. This is essential for asynchronous, scalable systems where delegates may be offline or unknown at key generation time.
06

Key Optimality

A key-optimal PRE scheme ensures that the delegatee's ciphertext size and decryption cost remain constant regardless of how many times the ciphertext has been re-encrypted. Without this property, a multi-hop ciphertext would grow linearly in size and computational complexity with each hop, making it impractical for deep delegation chains. Key optimality is a standard requirement for efficient, production-grade multi-hop schemes.

CRYPTOGRAPHIC COMPARISON

PRE vs. Alternative Secure Sharing Methods

A technical comparison of Proxy Re-Encryption against other cryptographic primitives used for secure data sharing across healthcare institutions, evaluating trust assumptions, computational overhead, and access control granularity.

FeatureProxy Re-Encryption (PRE)Fully Homomorphic Encryption (FHE)Secure Multi-Party Computation (SMPC)

Core Mechanism

Transforms ciphertext from one public key to another without decryption

Computes arbitrary functions directly on encrypted ciphertexts

Distributes private inputs across parties to jointly compute a function

Proxy Trust Requirement

Semi-trusted (honest-but-curious); proxy never sees plaintext

No proxy required; computation on untrusted cloud

No proxy; assumes honest majority or uses malicious-secure protocols

Data Sharing Model

One-to-many delegation with revocable access via re-encryption keys

Many-to-one computation; data owner encrypts, server computes

Many-to-many joint computation over private inputs simultaneously

Computational Overhead

Low; single asymmetric operation per re-encryption

Extremely high; 10,000x to 1,000,000x slowdown vs plaintext

High; communication rounds scale quadratically with parties

Ciphertext Expansion

Minimal; constant-size overhead per re-encryption layer

Significant; ciphertexts orders of magnitude larger than plaintext

N/A; shares are typically same size as original inputs

Access Revocation

Suitable for Real-Time Clinical Data Access

Standardization Maturity

Emerging (IEEE P2830, NIST IR 8459 consideration)

Standardized (NIST FIPS 204, ISO/IEC 18033-6)

Standardized (IETF RFC 9380, NIST SP 800-221)

CRYPTOGRAPHIC ACCESS CONTROL

PRE Use Cases in Healthcare Federated Learning

Proxy Re-Encryption (PRE) enables secure, auditable sharing of encrypted patient data across institutions without exposing plaintext to intermediaries, forming the cryptographic backbone for consent-driven healthcare collaborations.

01

Consent-Based Data Sharing

PRE enables dynamic patient consent management by allowing a semi-trusted proxy to re-encrypt data for new recipients without ever accessing plaintext. When a patient consents to share their genomic data with a research institution, the hospital's proxy transforms ciphertext encrypted under the hospital's key into ciphertext decryptable only by the researcher's key.

  • Granular revocation: Revoking access requires simply ceasing re-encryption operations
  • Auditable trail: Every re-encryption event can be logged immutably
  • Patient sovereignty: The data owner retains ultimate control over who can decrypt their protected health information (PHI)
HIPAA
Compliance Framework
02

Cross-Institutional Model Training

In federated learning scenarios, PRE secures the transmission of encrypted model gradients between hospitals and a central aggregation server. Each hospital encrypts its local model updates under the aggregator's public key, and a proxy can re-encrypt aggregated results back to individual participants without the proxy learning the model parameters.

  • Prevents gradient leakage: Even if the proxy is compromised, model updates remain ciphertext
  • Non-collusion guarantees: The proxy and recipients cannot collude to decrypt data intended for other parties
  • Scalable architecture: Supports hundreds of participating clinical sites with minimal key management overhead
End-to-End
Encryption Guarantee
03

Secure Cloud-Based EHR Storage

Hospitals can store encrypted electronic health records (EHRs) in cloud environments while delegating re-encryption capabilities to a cloud-hosted proxy. When a specialist requires access, the proxy transforms the hospital-encrypted records into ciphertext the specialist's device can decrypt, all without the cloud provider seeing patient data.

  • Zero-knowledge cloud: The storage provider never possesses plaintext or decryption keys
  • Delegation without decryption: Eliminates the need for the data owner to be online to grant access
  • Emergency access protocols: Pre-authorized break-glass re-encryption policies for critical care scenarios
Zero
Plaintext Exposure
04

Multi-Site Clinical Trial Data Aggregation

Pharmaceutical companies running multi-site clinical trials use PRE to securely aggregate patient outcomes from disparate hospital systems. Each site encrypts trial data under the sponsor's key, and a neutral third-party proxy re-encrypts the data for statistical analysis without ever viewing individual patient responses.

  • Blinded analysis: Statisticians receive re-encrypted data without site-level identification
  • Regulatory compliance: Satisfies GDPR and HIPAA requirements for cross-border data transfers
  • Immutable provenance: Cryptographic proofs ensure data integrity from collection to analysis
GDPR
Cross-Border Compliance
05

IoT Medical Device Telemetry

Wearable medical devices and remote patient monitoring systems generate continuous encrypted telemetry. PRE allows a healthcare proxy service to re-encrypt this streaming data for multiple consumers—primary care physicians, specialists, and AI diagnostic systems—each with distinct decryption keys, without buffering plaintext at the edge.

  • Bandwidth-efficient: Single encrypted stream serves multiple authorized recipients
  • Device-agnostic: Works with constrained IoT hardware that cannot manage complex key distribution
  • Real-time access control: Instantly grant or revoke specialist access to live patient vitals
< 50ms
Re-Encryption Latency
06

Blockchain-Anchored Audit Logs

Combining PRE with distributed ledger technology creates tamper-proof audit trails for healthcare data access. Each re-encryption operation is recorded on-chain, providing immutable evidence of who accessed what data and when, while PRE ensures the underlying patient data remains encrypted throughout the logging process.

  • Cryptographic non-repudiation: Access events are mathematically provable
  • Smart contract integration: Automate re-encryption policies based on consent tokens
  • Regulatory readiness: Provides auditable proof for HIPAA accounting of disclosures requirements
Immutable
Audit Trail Integrity
PROXY RE-ENCRYPTION EXPLAINED

Frequently Asked Questions

Clear, technical answers to the most common questions about how proxy re-encryption enables secure, delegated data sharing in healthcare federated learning networks.

Proxy Re-Encryption (PRE) is a cryptographic scheme that allows a semi-trusted proxy server to transform ciphertext encrypted under Alice's public key into ciphertext encrypted under Bob's public key, without the proxy ever learning the underlying plaintext or either party's private key. The mechanism works as follows: Alice encrypts data with her public key and stores the ciphertext on a cloud server. When she wants to grant Bob access, she generates a re-encryption key (rk_{A→B}) using her private key and Bob's public key. She delegates this re-encryption key to the proxy. The proxy applies the re-encryption key to Alice's ciphertext, transforming it into a ciphertext that only Bob can decrypt with his private key. Critically, the re-encryption key is unidirectional (Alice→Bob only) and non-transitive (the proxy cannot combine rk_{A→B} and rk_{B→C} to create rk_{A→C}). This property makes PRE fundamentally different from traditional decryption-and-re-encryption approaches, where the proxy would require access to plaintext data.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.