Forward-Secure Group Encryptions from Lattices

Group encryption (GE) is a fundamental anonymity primitive analogue of group signature, which guarantees the decryption ability of recipients to specific ciphertexts while hiding these users within a crowd. Since its first birth by Kiayias et al., numerous constructions have been proposed, among which there is only one lattice-based scheme is post-quantum secure. However, the security of all these schemes will be damaged once an unexpected key-exposure attack occurs (which is extremely unavoidable in the real world). To solve this problem, we first consider a forward-secure group encryption primitive and provide a concrete instantiation over lattices, which efficiently mitigates the threats from both key exposure and quantum computation. The key idea is to introduce an appropriate periodical key-updating mechanism into the group encryptions to restrain any key-exposure adversary from breaking ciphertexts generated in prior time periods. Concretely, we modify the Agrawal-Boneh-Boyen HIBEs into the binary tree encryptions (BTE). Then, combining with other cryptographic techniques, we construct a lattice-based GE scheme that features short ciphertexts and achieves the forward-secure message secrecy and anonymity. Finally, we prove that our construction is forward secure in the standard model under the Short Integer Solution (SIS) and Learning With Errors (LWE) assumptions.