A forward-secure public-key encryption scheme

Ran Canetti*, Shai Halevi, Jonathan Katz

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

610 Scopus citations

Abstract

Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious and realistic concern. In an effort to mitigate the damage caused by exposure of secret data (e.g., keys) stored on such devices, the paradigm of forward security was introduced. In a forward-secure scheme, secret keys are updated at regular periods of time; furthermore, exposure of a secret key corresponding to a given time period does not enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. A number of constructions of forward-secure digital signature schemes, key-exchange protocols, and symmetric-key schemes are known. We present the first constructions of a (non-interactive) forward-secure public-key encryption scheme. Our main construction achieves security against chosen plaintext attacks under the decisional bilinear Diffie-Hellman assumption in the standard model. It is practical, and all complexity parameters grow at most logarithmically with the total number of time periods. The scheme can also be extended to achieve security against chosen ciphertext attacks.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsEli Biham
PublisherSpringer Verlag
Pages255-271
Number of pages17
ISBN (Print)3540140395, 9783540140399
DOIs
StatePublished - 2003
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2656
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • Bilinear Diffie-Hellman
  • Encryption
  • Forward security
  • Key exposure

Fingerprint

Dive into the research topics of 'A forward-secure public-key encryption scheme'. Together they form a unique fingerprint.

Cite this