Skip to content

How does proxy re-encryption work?

A quick glossary: Alice is the person sharing a file. Bob is the person she is sharing the file with. Peter is a proxy who does re-encryption tasks.

Alice can give a delegation which lets a proxy re-encrypt a capsule for a particular reader. For example Alice gives a delegation to Peter that lets Peter re-encrypt stuff for Bob.

Delegations can be partial. For example, the delegation could specify that five proxies are needed to complete the task. This means that each proxy is only about to do 1/5 of the re-encryption. This is helpful because reduces the risk of bad proxies who don't follow the rules.

The capsule is the per-file key which is encrypted with Alice's private key.

Steps in proxy re-encryption

  1. Alice symmetrically encrypts the file with a new key, and encrypts this key with her public key (this is the "capsule")
  2. Alice uploads the capsule to the contract along with the URI for the file
  3. Alice creates delegations for Bob and N proxies.
  4. There is access-control in the contract that specifies which capsules can be re-encrypted for Bob.
  5. Alice can add another file by following steps 1 and 2 again (or someone else can add a file on her behalf by encrypting the capsule with her public key)
  6. Bob sends a transaction to the contract requesting the keys to a file
  7. The proxies are waiting for tasks.
  8. If Peter the proxy has a delegation from Alice for Bob, and access to the file is permitted by the access-control policy, then Peter can perform part of the re-encryption and get a reward.
  9. Once N proxies have generated a re-encryption fragment then the task is complete
  10. Bob can get the key and access the file

How DabbaFlow works for proxies

  1. Peter registers with the contract, locks up stake and waits for tasks

  2. When Bob requests the keys for a file, Peter checks if:

    1. He has a delegation from Alice for Bob
    2. Bob is allowed by the access control to access the file

  3. If both conditions are true then Peter makes a key fragment for Bob

  4. Peter submits the key fragment and gets a reward

Staking and slashing

Peter stakes FET in order to register as a proxy, and gets rewards by doing re-encryption tasks. Peter gets slashed if the fragments he submits are not correct. Peter also gets slashed if he doesn't respond to re-encryption tasks.