DLT-based personal data access control with key-redistribution

Data management services frequently grapple with trust issues due to the easy access service managers have to server-stored data. Although decentralized data services and smart contracts offer solutions to the pitfalls of centralized authorities, they also raise concerns regarding compliance with data protection laws like GDPR. Historically, encryption has mitigated some of these issues but at the expense of hindering data sharing. To address this, we introduce the Key-Redistribution Proxy Re-Encryption (KeRePRE) system-a decentralized, encrypted data service that incorporates authorization servers as part of a threshold proxy re-encryption scheme. This system leverages a key-redistribution mechanism to seamlessly add or remove managers in a trustless environment, achieving proactive security. Our proof of concept, implemented via smart contracts on a Layer 2 of IOTA, showcases an access control list that authorizes read-only access by the servers.