P. Golle, M. Jakobsson, A. Juels, and P. Syverson
Citation: P. Golle, M. Jakobsson, A. Juels, and P. Syverson. Universal Re-encryption for Mixnets. In T. Okamoto, ed., RSA Conference Cryptographers' Track '04, pp. 163-178. Springer-Verlag, 2004. LNCS no. 2964.
Abstract: In conjunction with colleagues at Palo Alto Research Center (PARCSM) and the U.S. Naval Research Laboratory, scientists at RSA Laboratories have devised a simple scheme that help permit a ciphertext (encrypted string) to be re-encrypted without knowledge of the associated public key. This technique, known as "universal re-encryption" is applicable to RFID privacy.
One possible scenario is this. The RFID tags belonging to a consumer
carry identifiers encrypted under her a unique public key. When the consumer
passes by any reader in a public space, the reader performs the service
of re-encrypting the ciphertexts on her RFID tags. A conventional public-key
cryptosystem requires knowledge of at least a public key in order for
re-encryption to be feasible. This is undesirable in the scenario described
here, because the public key would identify the consumer, thereby undermining
her privacy! Universal re-encryption aims to avoid this problem. (For
those familiar with the concept, we propose a kind of "mixnet"
for RFID tags.)