Paper 2019/912

Fine-Grained Forward Secrecy: Allow-List/Deny-List Encryption and Applications

David Derler, Sebastian Ramacher, Daniel Slamanig, and Christoph Striecks


Forward secrecy is an important feature for modern cryptographic systems and is widely used in secure messaging such as Signal and WhatsApp as well as in common Internet protocols such as TLS, IPSec, or SSH. The benefit of forward secrecy is that the damage in case of key-leakage is mitigated. Forward-secret encryption schemes provide security of past ciphertexts even if a secret key leaks, which is interesting in settings where cryptographic keys often reside in memory for quite a long time and could be extracted by an adversary, e.g., in cloud computing. The recent concept of puncturable encryption (PE; Green and Miers, IEEE S&P'15) provides a versatile generalization of forward-secret encryption: it allows to puncture secret keys with respect to ciphertexts to prevent the future decryption of these ciphertexts. We introduce the abstraction of allow-list/deny-list encryption schemes and classify different types of PE schemes using this abstraction. Based on our classification, we identify and close a gap in existing work by introducing a novel variant of PE which we dub Dual-Form Puncturable Encryption (DFPE). DFPE significantly enhances and, in particular, generalizes previous variants of PE by allowing an interleaved application of allow- and deny-list operations. We present a construction of DFPE in prime-order bilinear groups, discuss a direct application of DPFE for enhancing security guarantees within Cloudflare's Geo Key Manager, and show its generic use to construct forward-secret IBE and forward-secret digital signatures.

Note: Full version of a paper which appears in Financial Cryptography and Data Security – 25th International Conference, FC 2021, Revised Selected Papers, LNCS, Springer. (Compared to prior versions, many parts are updated.)

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Major revision. Financial Cryptography and Data Security – 25th International Conference, FC 2021, Revised Selected Papers, LNCS, Springer
puncturable encryptionforward secrecy
Contact author(s)
david @ dfinity org
sebastian ramacher @ ait ac at
daniel slamanig @ ait ac at
christoph striecks @ ait ac at
2021-03-31: last of 2 revisions
2019-08-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {David Derler and Sebastian Ramacher and Daniel Slamanig and Christoph Striecks},
      title = {Fine-Grained Forward Secrecy: Allow-List/Deny-List Encryption and Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2019/912},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.