|
Abstract : |
Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious and realistic concern. In an e#ort to mitigate the damage caused by exposure of secret data stored on such devices, the paradigm of forward security was introduced. In this model, secret keys are updated at regular intervals throughout the lifetime of the system; furthermore, exposure of a secret key corresponding to a given interval does not enable an adversary to "break " the system (in the appropriate sense) for any prior time period. A number of constructions of forward-secure digital signature schemes and symmetric-key schemes are known. We present the first construction of a forward-secure public-key encryption scheme whose security is based on the bilinear Di#e-Hellman assumption in the random oracle model. Our scheme can be extended to achieve chosen-ciphertext security at minimal additional cost. The construction we give is quite e#cient: all parameters of the scheme grow (at most) poly-logarithmically with the total number of time periods. 1, |
