International Journal of Scientific Research and Engineering Development

This study analyzes the use of proxy re-encryption integrated with enhanced envelope encryption to enable rapid and iterative data revocation in an enterprise-scale environment. The need for such analysis is dictated by the fact that in modern large-scale enterprise and provider-independent platforms, especially those focused on the financial sector, lifecycle management of cryptographic keys and flexible control of data access rights have become critically important. The traditional envelope encryption approach, which dominates most infrastructures, encounters operational difficulties when simultaneous mass key rotation or revocation of permissions is required. Each instance of such an operation necessitates re-encryption (re-packing) of individual Data Encryption Keys (DEK) for every object resource, inevitably resulting in significant computational overhead and increased latency. The methodological foundation of this work includes a systematic review of existing encryption models, analysis of contemporary proxy re-encryption (PRE) schemes, as well as comparative performance measurements. The proposed proxy re-encryption enhanced envelope (PRE-EE) architecture envisages delegating to a trusted proxy the task of transforming encrypted keys, thereby enabling key rotation and access revocation without the need to alter the state of each ciphertext in storage, and achieving the operation in constant time from the perspective of the Key Management Infrastructure (KMI). The results obtained demonstrate that PRE-EE represents a scalable and cost-effective solution that eliminates the primary bottlenecks of traditional envelope encryption systems, while minimizing compute, storage, and network overhead to reduce the operational costs of large-scale key management. Furthermore, the approach is aligned with emerging post-quantum threats, where faster and more frequent rotations reduce risk compared to big-bang re-encryption events. The benefits of adopting this model will be of value to secure-system architects, enterprise-platform engineers, and cybersecurity specialists who aim to develop adaptive and reliable mechanisms for protecting confidential data.