Proxy Re-Encryption (PRE) is a cryptographic scheme where a semi-trusted proxy agent transforms a ciphertext originally encrypted for Alice into a ciphertext that Bob can decrypt, using a special re-encryption key generated by Alice. The proxy performs this transformation without ever seeing the plaintext data or possessing the private keys of either party, making it fundamentally different from simple decrypt-and-re-encrypt approaches that would expose the underlying information to the intermediary.
Glossary
Proxy Re-Encryption (PRE)

What is Proxy Re-Encryption (PRE)?
Proxy re-encryption is a public-key cryptographic primitive that enables a semi-trusted proxy to transform ciphertext encrypted under one public key into ciphertext encrypted under another, without the proxy ever accessing the underlying plaintext or either party's private key.
PRE is critical for secure data sharing in encrypted vector databases and sovereign AI infrastructure, where access policies must change dynamically without exposing stored embeddings. By delegating decryption rights through cryptographic means rather than key sharing, PRE enables secure multi-party computation workflows, encrypted email forwarding, and distributed access control systems where a central proxy can manage permissions while remaining completely blind to the protected content.
Key Properties of Proxy Re-Encryption
Proxy Re-Encryption (PRE) is defined by a set of core cryptographic properties that distinguish it from traditional public-key encryption and enable secure, delegated access control. These properties ensure the proxy remains blind to plaintext while transforming ciphertext between key pairs.
Uni-Directionality
The re-encryption key (RK) allows a proxy to transform ciphertexts from Alice to Bob, but not from Bob to Alice. This is a critical security property ensuring that delegation is a one-way street.
- Mechanism: The RK is mathematically constructed using Alice's secret key and Bob's public key, making it computationally infeasible to reverse.
- Contrast: Bi-directional schemes exist but are less common in enterprise access control where strict hierarchical or need-to-know delegation is required.
- Example: A CTO can delegate access to quarterly financial reports to an auditor without the auditor being able to re-delegate or reverse the flow to access the CTO's other files.
Non-Transitivity
The proxy cannot combine multiple re-encryption keys to create new, unauthorized delegation chains. Possessing RK(A→B) and RK(B→C) does not allow the proxy to compute RK(A→C).
- Security Implication: This prevents privilege escalation attacks where a semi-trusted proxy could chain delegations to grant access beyond the original data owner's intent.
- Collusion Resistance: Even if the proxy colludes with delegate Bob, they cannot compute Alice's secret key, a property known as collusion safety.
- Real-World Scenario: A cloud storage gateway holding re-encryption keys for multiple departments cannot silently grant the marketing team access to HR documents by chaining keys.
Proxy Opacity
The proxy server performing the re-encryption operation never sees the underlying plaintext data at any point in the process. It transforms one ciphertext into another while both remain encrypted.
- Blind Transformation: The proxy applies the re-encryption key to the ciphertext through a mathematical operation that changes the encapsulating public key without decryption.
- Trust Model: The proxy is semi-trusted—trusted to perform the transformation correctly and honestly, but not trusted with access to the data itself.
- Use Case: A managed file transfer service can convert files encrypted for an on-premises server into files encrypted for a cloud analytics platform without ever reading the file contents.
Key Optimality
A delegate (Bob) decrypts a re-encrypted ciphertext using their own existing private key. No new key material, software, or hardware tokens are required on the delegate's side.
- Seamless User Experience: Bob does not need to manage separate keys for each delegator. His single private key decrypts both his own ciphertexts and any ciphertexts re-encrypted for him.
- Contrast with Traditional Wrapping: Unlike key-wrapping approaches where a symmetric key is encrypted for each recipient, PRE does not require the data owner to be online to perform the wrapping.
- Example: A researcher's standard PGP key can decrypt a dataset that was originally encrypted for a collaborator at a different institution, without any pre-coordination or shared secrets.
Collusion Resistance (Non-Transferability)
Even if the proxy and a delegate collude by sharing all their cryptographic material, they cannot jointly compute the delegator's secret key. This is the strongest security property in modern PRE schemes.
- Mathematical Foundation: This property relies on the hardness of the Discrete Logarithm Problem or Lattice-Based assumptions, ensuring that the re-encryption key leaks no information about the original secret.
- Type Distinction: Schemes are classified as CPA-secure (Chosen-Plaintext Attack) or CCA-secure (Chosen-Ciphertext Attack) against collusion, with CCA being the gold standard for production systems.
- Enterprise Impact: A cloud provider (proxy) and a terminated employee (delegate) cannot work together to recover the company's master decryption key, preserving zero-trust security postures.
Multi-Hop vs. Single-Hop
This property defines how many times a ciphertext can be re-encrypted sequentially. Single-hop PRE allows one transformation (A→B), while multi-hop PRE allows chains (A→B→C).
- Single-Hop Advantages: Simpler constructions with stronger security proofs and better performance. Suitable for most enterprise file-sharing and access control scenarios.
- Multi-Hop Complexity: Requires more complex cryptographic machinery, often incurring larger ciphertext sizes that grow linearly with each hop.
- Practical Guidance: Single-hop suffices for the vast majority of use cases. Multi-hop is reserved for complex, multi-layered data pipeline scenarios where data must traverse several processing enclaves.
Frequently Asked Questions
Clear, technically precise answers to the most common questions about Proxy Re-Encryption (PRE), a cryptographic primitive that enables secure, delegated access control for encrypted data without exposing plaintext to the intermediary.
Proxy Re-Encryption (PRE) is a public-key cryptographic scheme where a semi-trusted proxy server transforms a ciphertext encrypted under Alice's public key into a ciphertext encrypted under Bob's public key, without ever decrypting the underlying plaintext or learning the secret keys of either party. The mechanism relies on a special re-encryption key (rk_{A→B}) generated by Alice using her private key and Bob's public key. This re-encryption key is delegated to the proxy, which applies a ReEncrypt() function to the original ciphertext. Critically, the proxy remains blind to the message content throughout the entire process. The scheme is fundamentally unidirectional (Alice → Bob, but not Bob → Alice) and non-interactive, meaning Bob does not need to be online during the transformation. This makes PRE ideal for secure cloud storage sharing, encrypted email forwarding, and distributed access control in sovereign AI infrastructure.
Proxy Re-Encryption vs. Related Cryptographic Primitives
A technical comparison of Proxy Re-Encryption against other cryptographic schemes that enable secure data sharing, delegation, and access control over encrypted data.
| Feature | Proxy Re-Encryption (PRE) | Attribute-Based Encryption (ABE) | Secure Multi-Party Computation (SMPC) |
|---|---|---|---|
Core Mechanism | Transforms ciphertext from one public key to another via a semi-trusted proxy without decryption | Encrypts data under an access policy; decryption requires a key with matching attributes | Distributes computation across multiple parties where each holds a private input |
Proxy Sees Plaintext | |||
Delegation Granularity | Per-recipient or per-ciphertext; supports fine-grained, one-to-many re-encryption | Policy-based; one-to-many via attribute sets embedded in keys | Computation-specific; not designed for persistent data sharing |
Requires Sender Online | |||
Computational Overhead | Moderate; single re-encryption operation per delegation | Moderate to high; pairing-based cryptography on elliptic curves | Very high; multiple rounds of interactive communication |
Post-Quantum Readiness | Emerging; lattice-based PRE constructions exist | Limited; most schemes rely on bilinear pairings vulnerable to Shor's algorithm | Partial; some lattice-based SMPC protocols available |
Primary Use Case | Secure cloud data sharing, encrypted email forwarding, distributed file systems | Fine-grained access control in cloud storage, IoT, and healthcare | Collaborative analytics, private set intersection, auctions |
Trust Model | Semi-trusted proxy; honest-but-curious assumption | Trusted central authority for key generation and attribute assignment | No single trusted party; security holds against up to n-1 corrupt participants |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Proxy Re-Encryption relies on a constellation of foundational cryptographic schemes and privacy-enhancing technologies. Understanding these related primitives clarifies the security guarantees and operational boundaries of PRE in sovereign AI infrastructure.
Homomorphic Encryption (HE)
A cryptographic method enabling computation directly on ciphertext. The proxy in PRE performs a key-switching operation, which is a specific, limited form of homomorphic evaluation. Unlike general HE, the proxy is restricted to a single transformation function—re-encrypting a ciphertext from one public key to another—without ever seeing the plaintext or enabling arbitrary computation.
Ciphertext-Policy Attribute-Based Encryption (CP-ABE)
A public-key encryption scheme where ciphertexts embed an access policy and user keys are associated with attributes. PRE extends this paradigm by allowing a semi-trusted proxy to dynamically re-encrypt data for new attribute sets without the original encryptor being online. This enables revocation and delegation in encrypted access control systems where CP-ABE alone would require re-encryption by the data owner.
Secure Multi-Party Computation (SMPC)
A protocol distributing computation across multiple parties where no single party sees the others' private inputs. PRE complements SMPC by efficiently handling the input distribution phase: a data owner can encrypt data once under their own key, and a proxy transforms it for delivery to specific computation nodes without the owner participating in the multi-party protocol or decrypting the data first.
Lattice-Based Cryptography
A class of post-quantum cryptographic constructions based on hard problems on high-dimensional lattices, such as Ring Learning With Errors (RLWE). Modern PRE schemes are increasingly built on lattice assumptions to resist quantum attacks. These constructions provide collusion resistance, preventing a proxy and a delegatee from combining their keys to recover the delegator's full private key—a critical security property absent in early bilinear-pairing-based PRE.
Searchable Symmetric Encryption (SSE)
A primitive allowing a server to search encrypted data without decryption. In an encrypted vector database architecture, PRE and SSE work in tandem: SSE enables private keyword or token queries over encrypted indexes, while PRE handles the secure delegation of the retrieved encrypted results to authorized querying parties without exposing the master encryption key to the database server.
Zero-Knowledge Proof (ZKP)
A protocol where a prover convinces a verifier of a statement's truth without revealing the underlying witness. ZKPs can be integrated with PRE to provide verifiable re-encryption: the proxy generates a succinct proof that the transformation was performed correctly—converting ciphertext under key A to ciphertext under key B—without revealing either key or the plaintext. This prevents a malicious proxy from substituting ciphertext.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us