I'm an amateur so bear with me.
I was thinking about an E2E solution for data-at-rest proxy scenarios (like cloud storage provider) that allows you to issue and revoke users via symmetric keys.
I'm thinking that Alice wants to communicate with Bob, via Eve. Without revealing the master key to Bob or Eve, this seems pretty trivial via asymmetrical encryption especially with the properties of homomorphic encryption etc, but algorithms like AES or ChaCha20 are used for their speed in data-at-rest scenarios.
Given three keys such that $ k_c = k_1 \odot k_2 $, Alice can create a cipher text $ y_1 = E(k_1, x_1) $ and send $y_1$ to Eve, and when Alice want's to give Bob access to $x_1$ via Eve by sending $k_c$ to Bob, $k_2$ to Eve, and Eve sends $y_2 = E'(k_1, y_1)$ to Bob, and Bob can decrypt $x_1 = E^{-1}(k_c, y_2)$
Does something like this exist? It feels like it could exist using a AES or ChaCha PRF, but less sure about full constructions (AES-GCM etc), are there any existing tools or search terms I could use to do more research? How does this effect authenticated cipher text? Or would it need to be done with more advanced tools like ElGamal, or Lattice/LWE (LoL)? Is there someway an amateur could go about building software to do this?
I'm not sure why/how this is being mis-interpreted as "double encryption, given some cipher, like AES-256, it should still only require a 256bit key $k_c$, I'm not trying to increase the security of said cipher.
I'm trying to decrease the trust in Eve or Bob, and potentially introduce another Bob, or Eve. And Establish unique session style keys.
The algorithm is meant to facilitate a similar role as Diffe-Hellman and the double racket system does in E2E protocols like what you see in Signal's E2E messenger protocol.
I want Alice be able take 1TB of data, encrypt it, send it to Eve, and then for Alice at a latter date to be able to issue another key, that allows Bob to decrypt the data, but receive the data from Eve, without giving Eve the master key to re-encrypt it, that's it, Alice & Bob don't fully trust Eve with the plaintext, nor that Eve will be compromised at a later date, and Alice want's to issue a pair of ephemeral keys to both Eve and Bob, that can enable Eve to rekey the cipher text so that Bob to decrypt the cipher text.
For example this answer here https://crypto.stackexchange.com/a/48852/58358 which I hadn't seen till just now, says it's possible but $k_2$ would be extremely large, the same size as the uploaded data itself.
