0

Both RSA and Elgamal have homomorphic properties. So both can re-encrypt the ciphertext. Re-encryption with Elgamal works as seen here.

How does re-encryption work using RSA?

What modification / addition is needed to transform simple RSA to RSA with re-encryption?

The keys for RSA:

Public key: $e$ & $n$

Private key: $d$

Encryption: $C=M^e \bmod n$

Decryption: $M=C^d \bmod n$

I read this answer and it's very similar to what I am looking for. But I have practically a few limitations (as it is textbook RSA, and I have security flaws). I have an arbitrary length (large) plaintext. I want to encrypt it with RSA. I want to re-encrypt the ciphertext (independently and multiple times). Also I don't understand this formatted plaintexts in this question.

Is there a practical scheme / implementation available?

What changes are there needed in RSA to re-encrypt a ciphertext without compromising security?

Squeamish Ossifrage
  • 49,816
  • 3
  • 122
  • 230
abbasi_ahsan
  • 151
  • 6

1 Answers1

1

Both RSA and elGamal have homomorphic property. So both can re-encrypt the cipher text

That doesn't follow.

Re-encryption means being able to take $E_{a}(m)$ and $F(a, b)$ (that is, a function of both private keys), and being able to generate $E_{b}(m)$ (that is, the encryption of the same message under a different private key), but (and this is the critical part) it not being able to recover $m$ from those two. That is, $F(a, b)$ is a key that allows you to "switch keys", but is not sufficient (without the private keys $a$ or $b$) to allow you to decrypt.

What the homomorphic property of RSA is allow you to take $E_{a}(m)$ (and the public key), and allow you to generate $E_{a}(G(m))$ (for certain functions $G$).

That doesn't allow you to switch RSA keys (which would imply changing modulii), and there is no obvious way to do so...

poncho
  • 154,064
  • 12
  • 239
  • 382