In this work we revisit and formally study the notion of proxy cryptography. Intuitively, various proxy functions allow two cooperating parties F (the “FBI”) and P (the “proxy”) to duplicate the functionality available to the third party U (the “user”), without being able to perform this functionality on their own (without cooperation). The concept is closely related to the notion of threshold cryptography, except we deal with only two parties P and F, and place very strict restrictions on the way the operations are performed (which is done for the sake of efficiency, usability and scalability). For example, for decryption (resp. signature) P (F) sends a single message to F (P), after which the latter can decrypt (sign) the message. Our formal modeling of proxy cryptography significantly generalizes, simplifies and simultaneously clarifies the model of “atomic proxy” suggested by Blaze and Strauss [4]. In particular, we define bidirectional and unidirectional vari...