TY - JOUR
T1 - A forward-secure public-key encryption scheme
AU - Canetti, Ran
AU - Halevi, Shai
AU - Katz, Jonathan
PY - 2007/7
Y1 - 2007/7
N2 - Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods. Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than that achieved by some previous constructions in the random oracle model.)
AB - Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods. Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than that achieved by some previous constructions in the random oracle model.)
KW - Forward sercurity
KW - Identity-based encryption
KW - Public-key encryption
UR - http://www.scopus.com/inward/record.url?scp=34547218499&partnerID=8YFLogxK
U2 - 10.1007/s00145-006-0442-5
DO - 10.1007/s00145-006-0442-5
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:34547218499
SN - 0933-2790
VL - 20
SP - 265
EP - 294
JO - Journal of Cryptology
JF - Journal of Cryptology
IS - 3
ER -