Forward-Secure Certificate-Based Encryption and its Generic Construction

In this paper, we introduce a new asymmetric encryption paradigm called Forward-Secure CertificateBased Encryption. It preserves the advantages of certificatebased encryption (CBE) such as implicit certificate and no private key escrow. At the same time it also inherits the properties of the forward-secure public key encryption. In a forward-secure CBE scheme, all users’ private keys are updated at regular periods throughout the lifetime of the system; exposure of a user’s private key corresponding to a given time period does not enable an adversary to break the security of the ciphertext sent to this user for any prior time period. We first provide the formal definition for forwardsecure CBE and its security model. Then we propose a generic construction of forward-secure CBE and prove it to be secure against chosen plaintext attacks in the standard model. We also describe how this construction can be enhanced to achieve security against adaptive chosenciphertext attacks both in the standard model and in the random oracle model. Finally, a concrete forward-secure CBE scheme is constructed.