Jul 27, 2017 · 1 min read
Thanks for the article. I like the idea of the ephemeral key sk_e. I’d like to propose the following improvement.
Bob could use sk_e and his own private key, sk_b to yield a re-encryption key rk_eb, send that re-encryption key back to the proxy, and even stop caring about sk_e. This way, the proxy will have rk_ae and rk_eb and will be able to transitively re-encrypt all messages from Alice to Bob:
emsg_b = pre.reencrypt(rk_eb, pre.reencrypt(rk_ae, emsg))A nice optimisation on top of that would be to be able to derive a single key rk_ab from the pair (rk_ae, rk_eb) in order to avoid having to re-encrypt all messages twice, but I don’t know if that’s technically possible.
