The following is a simple, unidirectional PRE scheme that doesn't use bilinear pairings, in case you find them distracting. It uses a static Diffie-Hellman exchange (i.e, combining the public key of one person with the private key of another) to make it unidirectional. BTW, I'm more used to describing proxy re-encryption as a delegation between Alice and Bob, rather than Bob to Charlie, so I'll use that convention here.
Alice:
- private key: $a$
- public key: $g^a$
Bob
- private key: $b$
- public key: $g^b$
Alice creates a Re-Encryption key for Bob using his public key:
- $rk = \frac{a}{H((pk_B)^{sk_A})} = \frac{a}{H(g^{ab})}$
Anyone can encrypt a message originally intended for Alice:
- $C_A = (g^r, M · g^{ar})$
The proxy re-encrypts $C$ using the re-encryption key:
- $C_B = ( (g^r)^{rk}, M · g^{ar}) = ( g^{\frac{ar}{H(g^{ab})}}, M · g^{ar})$
Bob decrypts using his private key, assuming he knows it was originally Alice's ciphertext (so he knows her public key $g^a$):
- $ x = (C_{B,1})^{H(pk_A^{sk_B})} = g^{ar}$
- $ M = \frac{C_{A,2}}{x}$
As you can see, the main idea is that the same secret that blinds the message ($g^{ar}$) can be produced with normal encryption with Alice's public key, and after re-encryption & decryption by Bob. In other words, you can produce $g^{ar}$ in two ways:
- Alice can produce $g^{ar}$ by taking the $g^r$ component and using her private key $a$.
- The re-encryption process transforms the $g^r$ component of the ciphertext into $g^{\frac{ar}{H(g^{ab})}}$, and Bob completes the process by removing the $H(g^{ab})$ using his private key $b$.
Once you have two methods to produce the same secret by Alice (only by decryption) and Bob (through re-encryption & decryption), then there you go, you have a proxy re-encryption scheme. There are many ways to do this (with bilinear pairings, without them, with lattices, etc.) and the tricks used by each scheme may vary, but in general that's the idea.
For the record, this is a super-simplified version of the Umbral proxy re-encryption scheme used by the NuCypher Network, a distributed network that provides a proxy re-encryption service with hundreds of proxies.