Paper 2020/622

The Direction of Updatable Encryption does not Matter Much

Yao Jiang


Updatable encryption schemes allow for key rotation on ciphertexts. A client outsourcing storage of encrypted data to a cloud server can change its encryption key. The cloud server can update the stored ciphertexts to the new key using only a token provided by the client. This paper solves two open problems in updatable encryption, that of uni-directional vs. bi-directional updates, and post-quantum security. The main result in this paper is to analyze the security notions based on uni- and bi-directional updates. Surprisingly, we prove that uni- and bi-directional variants of each security notion are equivalent. The second result in this paper is to provide a new and efficient updatable encryption scheme based on the Decisional Learning with Error assumption. This gives us post-quantum security. Our scheme is bi-directional, but because of our main result, this is sufficient.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in ASIACRYPT 2020
updatable encryptioncloud storagekey rotationlattice-based cryptographypost-quantum cryptography
Contact author(s)
yao jiang @ ntnu no
2021-06-20: last of 3 revisions
2020-05-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yao Jiang},
      title = {The Direction of Updatable Encryption does not Matter Much},
      howpublished = {Cryptology ePrint Archive, Paper 2020/622},
      year = {2020},
      doi = {10.1007/978-3-030-64840-4_18},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.