Secure Key-Updating for Lazy Revocation

  • Michael Backes
  • Christian Cachin
  • Alina Oprea
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)


We consider the problem of efficient key management and user revocation in cryptographic file systems that allow shared access to files. A performance-efficient solution to user revocation in such systems is lazy revocation, a method that delays the re-encryption of a file until the next write to that file. We formalize the notion of key-updating schemes for lazy revocation, an abstraction to manage cryptographic keys in file systems with lazy revocation, and give a security definition for such schemes. We give two composition methods that combine two secure key-updating schemes into a new secure scheme that permits a larger number of user revocations. We prove the security of two slightly modified existing constructions and propose a novel binary tree construction that is also provably secure in our model. Finally, we give a systematic analysis of the computational and communication complexity of the three constructions and show that the novel construction improves the previously known constructions.


Hash Function Signature Scheme Random Oracle Security Parameter Pseudorandom Generator 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Bellare, M.: Increasing the lifetime of a key: A comparative analysis of the security of re-keying techniques. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 546–559. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Reyzin, L.: A new forward-secure digital signature scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 116–129. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Adya, A., Bolosky, W.J., Castro, M., Cermak, G., Chaiken, R., Douceur, J.R., Howell, J., Lorch, J.R., Theimer, M., Wattenhofer, R.P.: FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In: Proc. 5th Symposium on Operating System Design and Implementation (OSDI), Usenix (2002)Google Scholar
  4. 4.
    Anderson, R.: Two remarks on public-key cryptology. Technical Report UCAM-CL-TR-549, University of Cambridge (2002)Google Scholar
  5. 5.
    Backes, M., Cachin, C., Oprea, A.: Lazy revocation in cryptographic file systems. In: Proc. 3rd Intl. IEEE Security in Storage Workhsop (SISW) (2005)Google Scholar
  6. 6.
    Backes, M., Cachin, C., Oprea, A.: Secure key-updating for lazy revocation, Research Report RZ 3627, IBM Research (August 2005), Appears also as Cryptology ePrint Archive, Report 2005/334Google Scholar
  7. 7.
    Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Bellare, M., Yee, B.S.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Blaze, M.: A cryptographic file system for Unix. In: Proc. First ACM Conference on Computer and Communication Security (CCS), pp. 9–16 (1993)Google Scholar
  10. 10.
    Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Cattaneo, G., Catuogno, L., Sorbo, A.D., Persiano, P.: The design and implementation of a transparent cryptographic file system for Unix. In: Proc. USENIX Annual Technical Conference 2001, Freenix Track, pp. 199–212 (2001)Google Scholar
  12. 12.
    Dodis, Y., Franklin, M., Katz, J., Miyaji, A., Yung, M.: Intrusion-resilient public-key encryption. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 19–32. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-insulated public key cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Dodis, Y., Katz, J., Yung, M.: Strong key-insulated signature schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 130–144. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Fu, K.: Group sharing and random access in cryptographic storage file systems. Master’s thesis, Massachusetts Institute of Technology (1999)Google Scholar
  16. 16.
    Fu, K., Kamaram, S., Kohno, T.: Key regression: Enabling efficient key distribution for secure distributed storage. In: Proc. Network and Distributed Systems Security Symposium (NDSS 2006) (2006)Google Scholar
  17. 17.
    Goh, E., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS: Securing remote untrusted storage. In: Proc. Network and Distributed Systems Security Symposium (NDSS 2003), pp. 131–145 (2003)Google Scholar
  18. 18.
    Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient tree-based revocation in groups of low-state devices. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 511–527. Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Goshi, J., Ladner, R.E.: Algorithms for dynamic multicast key distribution trees. In: Proc. 22nd Symposium on Principles of Distributed Computing (PODC), pp. 243–251. ACM, New York (2003)Google Scholar
  20. 20.
    Itkis, G.: Forward security, adaptive cryptography: Time evolution. Survey, available from:
  21. 21.
    Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 332–354. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Itkis, G., Reyzin, L.: SiBIR: Signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proc. 2nd USENIX Conference on File and Storage Technologies (FAST) (2003)Google Scholar
  24. 24.
    Krawczyk, H.: Simple forward-secure signatures from any signature scheme. In: Proc. 7th ACM Conference on Computer and Communication Security (CCS), pp. 108–115 (2000)Google Scholar
  25. 25.
    Kubiatowicz, J., Bindel, D., Chen, Y., Czerwinski, S., Eaton, P., Geels, D., Gummadi, R., Rhea, S., Weatherspoon, H., Weimer, W., Wells, C., Zhao, B.: Oceanstore: An architecture for global-scale persistent storage. In: Proc. 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 190–201. ACM, New York (2000)CrossRefGoogle Scholar
  26. 26.
    Malkin, T.G., Micciancio, D., Miner, S.K.: Efficient generic forward-secure signatures with an unbounded number of time periods. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 400–417. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  27. 27.
    Malkin, T.G., Obana, S., Yung, M.: The hierarchy of key evolving signatures and a characterization of proxy signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 306–322. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Miller, E., Long, D., Freeman, W., Reed, B.: Strong security for distributed file systems. In: Proc. the First USENIX Conference on File and Storage Technologies (FAST) (2002)Google Scholar
  29. 29.
    Rodeh, O., Birman, K., Dolev, D.: Using AVL trees for fault tolerant group key management. International Journal on Information Security 1(2), 84–99 (2001)CrossRefGoogle Scholar
  30. 30.
    Sherman, A.T., McGrew, D.A.: Key establishment in large dynamic groups using one-way function trees. IEEE Transactions on Software Engineering 29(5), 444–458 (2003)CrossRefGoogle Scholar
  31. 31.
    Tamassia, R., Triandopoulos, N.: Computational bounds on hierarchical data processing with applications to information security. In: Proc. 32nd International Colloquium on Automata, Languages and Programming (ICALP) (2005)Google Scholar
  32. 32.
    Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Transactions on Networking 8(1), 16–30 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Michael Backes
    • 1
  • Christian Cachin
    • 2
  • Alina Oprea
    • 3
  1. 1.Computer Science DepartmentSaarland UniversitySaarbrueckenGermany
  2. 2.Zurich Research LaboratoryIBM ResearchRüschlikonSwitzerland
  3. 3.Dept. of Computer ScienceCarnegie Mellon UniversityUSA

Personalised recommendations