Proxy Re-Encryption — Allowing Alice To Share Her Protect Secret Key With Bob

Let’s say that Alice has stored an encrypted file, which uses a given key (K_A). Alice can then protect her key by encrypting the key with her public key. She can then decrypt this encrypted key with her private key (E_pk(K_A)):

But let’s say that Alice now wants to share the encrypted document with Bob, and where we want to convert the key encrypted with Alice’s public key, into one that can be decrypted by Bob’s private key. For this, we can use transform (or proxy) re-encryption. At the core of this is a transform key, which is the key which can decrypt the protected key to Bob’s private one. This is done by Trent, who is trusted to take Alice’s private key and Bob’s public key, and create a transform key (T_AB). This can then be given to Bob when required, along with Alice’s protected encryption key:

In this case, Trent can become the proxy and trust create the transformation key, and receive Bob’s public key, and Alice’s private key. So let’s code…