Paper 2017/476

Forward-Security under Continual Leakage

Mihir Bellare, Adam O'Neill, and Igors Stepanovs


Current signature and encryption schemes secure against continual leakage fail completely if the key in any time period is fully exposed. We suggest forward security as a second line of defense, so that in the event of full exposure of the current secret key, at least uses of keys prior to this remain secure, a big benefit in practice. (For example if the signer is a certificate authority, full exposure of the current secret key would not invalidate certificates signed under prior keys.) We provide definitions for signatures and encryption that are forward-secure under continual leakage. Achieving these definitions turns out to be challenging, and we make initial progress with some constructions and transforms.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MAJOR revision.16th International Conference on Cryptology and Network Security (CANS 2017)
leakage-resilient cryptographyforward securitydigital signaturespublic-key encryption
Contact author(s)
istepano @ eng ucsd edu
2017-10-10: revised
2017-05-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Adam O'Neill and Igors Stepanovs},
      title = {Forward-Security under Continual Leakage},
      howpublished = {Cryptology ePrint Archive, Paper 2017/476},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.