Process Flow
Request data
Proxy Re-Encryption
Proxy Re-Encryption (PRE) allows secure data sharing without trusting the storage provider. The data owner encrypts the data with their private key and derives a re-encryption key for the receiver. The storage provider can re-encrypt the data for the receiver without decrypting it.
Access Control Permissions
- Verifier requests data access from Owner.
- Owner encrypts data with symmetric key and encrypts with their private key .
- Owner generates re-encryption keys for each EDV and uploads encrypted data and keys.
- Verifier requests re-encrypted key from an and decrypts it to obtain .
- Verifier requests encrypted data from the and decrypts it using .
Revoke Access to Data
- initiates revocation and signs the request.
- Signed request is submitted to validators for verification and consensus.
- Validators instruct EDVs to delete or disable re-encryption keys.
- The ledger is updated to reflect the revocation.
This process ensures secure data sharing and controlled access revocation while maintaining data privacy and integrity.