Modern encryption technologies are one of the most effective technological building-blocks for providing confidentiality within information systems. Most modern encryption systems support operations in which data is encrypted in a way where it can be decrypted only by users with a unique decryption key. For symmetric key encryption systems, such as Advanced Encryption Standard (AES), the encryption and decryption keys are the same, and every effort must be made in practice from leaking the keys to adversaries lest the adversaries gain the ability to decrypt and access sensitive data. For public key encryption systems, such as RSA, a paired public key and secret key are used such that data, once encrypted with a public key, can only be decrypted with its corresponding secret key. If an adversary obtains the public key, the adversary could still not decrypt the data.
A limitation of most modern cryptosystems is that once data is encrypted, it is generally impossible to delegate access to a recipient unless the recipient has the original decryption key associated with the encryption key. Access to encrypted data could be used, for example, with publish-subscribe use cases where publishers encrypt data that is published to an information broker server, and subscribers can later access and decrypt the data. In this use case, current cryptosystems require publishers and subscribers to coordinate and share an agreed-upon decryption key before access is granted. Accordingly, there is a need in the art to securely delegate data access to a new recipient, after the data has been encrypted.