What it is Alice sends a encrypted message to X eg a cloud service Public key belongs to X X cannot decrypt the message But X can convert messages Forward message to B C D using reencryption ID: 638505
Download Presentation The PPT/PDF document "Proxy Re-encryption Phill Hallam-Baker" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Proxy Re-encryption
Phill Hallam-BakerSlide2
What it is
Alice sends
a encrypted message to X (e.g. a cloud service)
Public key ‘belongs to’ X
X cannot decrypt the message
But X can convert messages
Forward message to B, C, D using re-encryption
keys
Holder of private key
creates re-encryption keys
This
can be performed offline
Can be implemented in any DH cryptosystem
Including EC variantsSlide3
Why is it useful
Confidential
mailing list
Cloud
service and only cloud service knows membership
Cloud service can’t decrypt message, not a point of vulnerability
IMAP
/ POP server
Alice has 5 devices, wants end to end encryption to each one
Senders do not want to have to provide 5 decryption blobs
Implement
label based security CRM scheme
Very
powerful, currently encumbered, patents ‘should’ expire soon
Group chats
…Slide4
Next Steps
Well
known in theory circles
Well grounded
Has been overlooked by protocol community
No
standards support
No (direct) support in toolkits
Open questions
What
are the best approaches that are not encumbered?
How should this be expressed in key formats?