Inferensys

Glossary

Proxy Re-Encryption

A cryptographic primitive allowing a semi-trusted proxy to transform a ciphertext encrypted under one public key into a ciphertext encrypted under another without decrypting the underlying plaintext.
Moody home-office setup in a converted highrise loft, analyst working late with multiple screens showing knowledge graph visualizations, city lights through large windows behind.
CRYPTOGRAPHIC DELEGATION

What is Proxy Re-Encryption?

A public-key cryptographic primitive enabling a semi-trusted proxy server to transform ciphertext encrypted under one public key into ciphertext encrypted under a different public key without ever decrypting the underlying plaintext.

Proxy Re-Encryption (PRE) is a cryptographic protocol where a semi-trusted proxy uses a special re-encryption key to convert a ciphertext from Alice's key to Bob's key. Critically, the proxy performs this transformation directly on the ciphertext without accessing the plaintext or either party's private key, maintaining end-to-end confidentiality while enabling secure delegation of decryption rights.

PRE is foundational for secure cloud data sharing and encrypted inference architectures. Unlike standard public-key encryption, it prevents the data owner from needing to download, decrypt, and re-encrypt data for each recipient. In homomorphic inference pipelines, PRE allows a model host to re-encrypt an encrypted result under the end-user's key without exposing the inference output, ensuring the compute node remains blind to the plaintext.

CRYPTOGRAPHIC DELEGATION

Key Properties of Proxy Re-Encryption

Proxy Re-Encryption (PRE) is a cryptographic primitive enabling a semi-trusted proxy to transform ciphertexts between key pairs without accessing the plaintext. These properties define its security model and practical utility in secure data sharing.

01

Unidirectional Transformation

The proxy can only transform ciphertexts from Alice to Bob, not the reverse. This is enforced cryptographically using a re-encryption key (RK) generated by Alice using her secret key and Bob's public key. The RK is mathematically directional—it contains the quotient of the two keys. This prevents the proxy from reversing the transformation or deriving either party's private key. Unidirectionality is critical for delegation scenarios where trust is asymmetric, such as granting read access to a subordinate without enabling them to re-share upward.

  • Key generation: Alice computes RK_{A→B} using sk_A and pk_B
  • Security guarantee: Proxy cannot compute RK_{B→A} from RK_{A→B}
  • Use case: Hierarchical data sharing in enterprise file systems
Directional
Transformation Type
sk_A + pk_B
Key Derivation Inputs
02

Non-Interactive Re-Encryption Key Generation

Alice can generate the re-encryption key without any interaction with Bob. She only needs Bob's public key, which can be retrieved from a public key infrastructure (PKI) or directory. This non-interactive property is essential for asynchronous delegation—Alice can grant access to Bob even when Bob is offline or does not yet exist in the system. The scheme relies on the algebraic structure of pairing-based cryptography or lattice-based hardness assumptions to enable this offline delegation.

  • No handshake required: Bob's participation is unnecessary during RK generation
  • Enables pre-provisioning: Access can be granted before Bob joins the system
  • Contrast with: Interactive proxy re-encryption schemes requiring Bob's secret key
Offline
Delegation Mode
pk_B only
Bob's Required Input
03

Collusion Resistance

Even if the proxy colludes with Bob and shares the re-encryption key, they cannot jointly recover Alice's secret key. This property, known as collusion safety or master secret security, is achieved through cryptographic separation: the re-encryption key encodes a transformation function, not a decryption capability. In pairing-based constructions, this relies on the hardness of the Bilinear Diffie-Hellman (BDH) problem. Without collusion resistance, a malicious proxy and delegatee could conspire to decrypt all of Alice's past and future ciphertexts.

  • Threat model: Proxy + Delegatee coalition
  • Protected secret: Alice's long-term private key sk_A
  • Cryptographic basis: BDH assumption or LWE hardness in lattice-based variants
sk_A
Protected Secret
BDH/LWE
Hardness Assumption
04

Transparency to the Delegatee

From Bob's perspective, a re-encrypted ciphertext is indistinguishable from a ciphertext originally encrypted under his public key. Bob uses his standard secret key sk_B for decryption—no special proxy-aware decryption algorithm is required. This transparency property means Bob's client software needs no modification to receive delegated data. The proxy transformation produces a valid second-level ciphertext that conforms exactly to the underlying encryption scheme's ciphertext space.

  • Bob's decryption: Standard Decrypt(sk_B, C')
  • No proxy metadata: Ciphertext format is identical to direct encryption
  • Backward compatibility: Existing decryption clients work without upgrades
Standard
Decryption Algorithm
Zero
Client Modifications Required
05

Proxy Opacity

The proxy never learns the underlying plaintext during the transformation process. The re-encryption operation is performed entirely on ciphertexts—the proxy takes Enc(pk_A, m) and the re-encryption key RK_{A→B}, and outputs Enc(pk_B, m) without ever seeing m. This opacity is the defining characteristic that distinguishes a semi-trusted proxy from a fully trusted one. It enables architectures where cloud infrastructure or edge nodes can mediate secure data sharing without being granted decryption rights.

  • Proxy's view: Only ciphertexts and re-encryption keys
  • No decryption capability: Proxy lacks any secret key material
  • Architectural implication: Enables secure cloud-based access control proxies
None
Plaintext Exposure
Semi-Trusted
Proxy Trust Level
06

Multi-Hop vs. Single-Hop Delegation

Single-hop PRE allows only one re-encryption: Alice → Proxy → Bob. The resulting ciphertext cannot be re-encrypted again. Multi-hop PRE enables transitive delegation chains: Alice → Proxy1 → Proxy2 → Carol, where each proxy applies its own re-encryption key. Multi-hop schemes require additional cryptographic machinery to prevent ciphertext bloat and manage noise accumulation. The choice between single-hop and multi-hop represents a trade-off between expressiveness and efficiency.

  • Single-hop: Simpler construction, lower overhead, sufficient for most access control
  • Multi-hop: Enables complex delegation graphs and cascading permissions
  • Security consideration: Each hop introduces additional collusion risk vectors
  • Lattice-based PRE: Often supports multi-hop natively via key switching techniques
1 vs. N
Re-Encryption Depth
Expressiveness
Multi-Hop Trade-Off
PROXY RE-ENCRYPTION

Frequently Asked Questions

Answers to common questions about the mechanics, security properties, and practical applications of proxy re-encryption in modern cryptographic systems.

Proxy re-encryption (PRE) is a cryptographic primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under Alice's public key into a ciphertext encrypted under Bob's public key without ever decrypting the underlying plaintext. The mechanism works through a re-encryption key (RK) generated by Alice using her secret key and Bob's public key. Alice delegates this RK to the proxy, which applies a ReEncrypt() algorithm to convert ciphertexts. Critically, the proxy learns nothing about the plaintext or either party's secret key during this transformation. PRE schemes are classified as unidirectional (Alice→Bob only) or bidirectional (interchangeable), and single-hop (one transformation) or multi-hop (cascading re-encryptions). Modern constructions like the AFGH and BBS98 schemes base their security on pairing-based cryptography and the decisional Diffie-Hellman assumption.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.