Navigation: DEDIS :: Cothority :: Building Blocks :: Distributed Reencryption
Once a DKG has been set up, its aggregated public key can be used to encrypt data, for example using ElGamal encryption. In some circumstances you don't want to directly decrypt that data, but merely give access to another user, without the distributed setup seeing what the original data is.
We call this re-encryption, because it takes encrypted data and outputs an encrypted blob that can be decrypted by another private key than the one used in the DKG. This is done by having each node decrypting the data with his share of the key, and then encrypting it to the new key. As each no only has a share of the key, the original data is never revealed. However, the end result is encrypted to a new public key and can be decrypted using the corresponding private key.
The re-encryption protocol is called ocs and is defined in the following files:
- CALYPSO - Auditable Sharing of Private Data over Blockchains