Paper 2014/560

An Investigation of Some Forward Security Properties for PEKS and IBE

Qiang Tang

Abstract

In cryptography, forward secrecy is a well-known property of key agreement protocols. It ensures that a session key remains secure even if one of the long-term secret keys is compromised in the future. In this paper, we investigate some forward security properties for Public-key Encryption with Keyword Search (PEKS) schemes, which allow a client to store encrypted data and delegate search operations to a server. The proposed properties guarantee that the client’s privacy is protected to the maximum extent when his private key is compromised. Motivated by the generic transformation from anonymous Identity-Based Encryption (IBE) to PEKS, we correspondingly propose some forward security properties for IBE, in which case we assume the attacker learns the master secret key. We then study several existing PEKS and IBE schemes, including a PEKS scheme by Nishioka, an IBE scheme by Boneh, Raghunathan and Segev, and an IBE scheme by Arriaga, Tang and Ryan. Our analysis indicates that the proposed forward security properties can be achieved by some of these schemes if the attacker is RO-non-adaptive (the attacker does not define its distributions based on the random oracle). Finally, we show how to extend the Boyen-Waters anonymous IBE scheme to achieve the forward security properties for adaptive attackers.