Paper 2001/035

Forward-Security in Private-Key Cryptography

Mihir Bellare and Bennet Yee


This paper provides a comprehensive treatment of forward-security in the context of shared-key based cryptographic primitives, as a practical means to mitigate the damage caused by key-exposure. We provide definitions of security, practical proven-secure constructions, and applications for the main primitives in this area. We identify forward-secure pseudorandom bit generators as the central primitive, providing several constructions and then showing how forward-secure message authentication schemes and symmetric encryption schemes can be built based on standard schemes for these problems coupled with forward-secure pseudorandom bit generators. We then apply forward-secure message authentication schemes to the problem of maintaining secure access logs in the presence of break-ins.

Note: Earlier titled ``Design and application of pseudorandom number generators with forward security.'' The first version of this paper dates to 1998.

Available format(s)
Publication info
Published elsewhere. An extended abstract of this paper appears in the Proceedings of the CT-RSA 2003 conference. This is the full version.
pseudorandom number generatorsforward securityaudit logs
Contact author(s)
mihir @ cs ucsd edu
2002-11-18: last of 5 revisions
2001-05-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Bennet Yee},
      title = {Forward-Security in Private-Key Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2001/035},
      year = {2001},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.