4

Suppose Alice has encrypted some plaintext $P$ to Bob. Bob wishes to re-encrypt this information to Charlie via proxy, in such a manner that:

  1. The proxy cannot obtain $P$
  2. The proxy can prove that Bob has provided a valid re-encryption key, meaning that Charlie will be able to obtain $P$ by decrypting with his private key
  3. The proxy can prove that the ciphertext originated from Alice

Is such a scheme possible?

Dr. John A Zoidberg
  • 141
  • 1

1 Answers1

2

PRE schemes guarantee Q1, if they are even remotely worthwhile. Alice could add a signature over her public signing key and the ciphertext to accomplish Q3. I haven't seen any works that guarantee a re-encryption key from B to C is valid.

Bob Wall
  • 444
  • 3
  • 12