Forward-Secure Group Encryptions from Lattices

Publication Name

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)


Group encryption (GE) is a fundamental anonymity primitive analogue of group signature, which guarantees the decryption ability of recipients to specific ciphertexts while hiding these users within a crowd. Since its first birth by Kiayias et al., numerous constructions have been proposed, among which there is only one lattice-based scheme is post-quantum secure. However, the security of all these schemes will be damaged once an unexpected key-exposure attack occurs (which is extremely unavoidable in the real world). To solve this problem, we first consider a forward-secure group encryption primitive and provide a concrete instantiation over lattices, which efficiently mitigates the threats from both key exposure and quantum computation. The key idea is to introduce an appropriate periodical key-updating mechanism into the group encryptions to restrain any key-exposure adversary from breaking ciphertexts generated in prior time periods. Concretely, we modify the Agrawal-Boneh-Boyen HIBEs into the binary tree encryptions (BTE). Then, combining with other cryptographic techniques, we construct a lattice-based GE scheme that features short ciphertexts and achieves the forward-secure message secrecy and anonymity. Finally, we prove that our construction is forward secure in the standard model under the Short Integer Solution (SIS) and Learning With Errors (LWE) assumptions.

Open Access Status

This publication is not available as open access


13083 LNCS

First Page


Last Page


Funding Number


Funding Sponsor

National Natural Science Foundation of China



Link to publisher version (DOI)