David Ammouial
Jul 27, 2017 · 1 min read

Thanks for the article. I like the idea of the ephemeral key sk_e. I’d like to propose the following improvement.

Bob could use sk_e and his own private key, sk_b to yield a re-encryption key rk_eb, send that re-encryption key back to the proxy, and even stop caring about sk_e. This way, the proxy will have rk_ae and rk_eb and will be able to transitively re-encrypt all messages from Alice to Bob:

emsg_b = pre.reencrypt(rk_eb, pre.reencrypt(rk_ae, emsg))

A nice optimisation on top of that would be to be able to derive a single key rk_ab from the pair (rk_ae, rk_eb) in order to avoid having to re-encrypt all messages twice, but I don’t know if that’s technically possible.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade