## Abstract

Forward security (FS) ensures that corrupting the current secret key in the system preserves the privacy or integrity of the prior usages of the system. Achieving forward security is especially hard in the setting of public-key encryption (PKE), where time is divided into periods, and in each period the receiver derives the next-period secret key from their current secret key, while the public key stays constant. Indeed, all current constructions of FS-PKE are built from hierarchical identity-based encryption (HIBE) and are rather complicated. Motivated by applications to secure messaging, recent works of Jost et al. (Eurocrypt’19) and Alwen et al. (CRYPTO’20) consider a natural relaxation of FS-PKE, which they term updatable PKE (UPKE). In this setting, the transition to the next period can be initiated by any sender, who can compute a special update ciphertext. This ciphertext directly produces the next-period public key and can be processed by the receiver to compute the next-period secret key. If done honestly, future (regular) ciphertexts produced with the new public key can be decrypted with the new secret key, but past such ciphertexts cannot be decrypted with the new secret key. Moreover, this is true even if all other previous-period updates were initiated by untrusted senders. Both papers also constructed a very simple UPKE scheme based on the CDH assumption in the random oracle model. However, they left open the question of building such schemes in the standard model, or based on other (e.g., post-quantum) assumptions, without using the heavy HIBE techniques. In this work, we construct two efficient UPKE schemes in the standard model, based on the DDH and LWE assumptions, respectively. Somewhat interestingly, our constructions gain their efficiency (compared to prior FS-PKE schemes from the same assumptions) by using tools from the area of circular-secure and leakage resilient public-key encryption schemes (rather than HIBE).

Original language | English (US) |
---|---|

Title of host publication | Theory of Cryptography - 19th International Conference, TCC 2021, Proceedings |

Editors | Kobbi Nissim, Brent Waters, Brent Waters |

Publisher | Springer Science and Business Media Deutschland GmbH |

Pages | 254-285 |

Number of pages | 32 |

ISBN (Print) | 9783030904555 |

DOIs | |

State | Published - 2021 |

Event | 19th International Conference on Theory of Cryptography, TCC 2021 - Raleigh, United States Duration: Nov 8 2021 → Nov 11 2021 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 13044 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Conference

Conference | 19th International Conference on Theory of Cryptography, TCC 2021 |
---|---|

Country/Territory | United States |

City | Raleigh |

Period | 11/8/21 → 11/11/21 |

## ASJC Scopus subject areas

- Theoretical Computer Science
- General Computer Science