Journal of Cryptology

, Volume 20, Issue 3, pp 265–294 | Cite as

A Forward-Secure Public-Key Encryption Scheme

  • Ran CanettiEmail author
  • Shai HaleviEmail author
  • Jonathan KatzEmail author


Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods. Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than that achieved by some previous constructions in the random oracle model.)


Encryption Scheme Signature Scheme Random Oracle Random Oracle Model Decryption Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2007

Authors and Affiliations

  1. 1.IBM T.J. Watson Research Center, 19 Skyline DriveHawthorne, NY 10532USA
  2. 2.Department of Computer Science, University of MarylandCollege Park, MD 20742USA

Personalised recommendations