@article {15120, title = {A forward-secure public-key encryption scheme}, journal = {Journal of Cryptology}, volume = {20}, year = {2007}, month = {2007///}, pages = {265 - 294}, abstract = {Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods. Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than that achieved by some previous constructions in the random oracle model.)}, doi = {10.1007/s00145-006-0442-5}, author = {Canetti,R. and Halevi,S. and Katz, Jonathan} }