We present a forward-secure public-key encryption (PKE)scheme without key update, i.e. both public and private keys are immutable.In contrast, prior forward-secure PKE schemes achieve forward securityby constantly updating the secret keys. Our scheme is based on witnessencryption by Garg et al. (STOC 2013) and a proof-of-stake blockchainwith the distinguishable forking property introduced by Goyal et al. (TCC2017), and ensures a ciphertext cannot be decrypted more than once, therebyrendering a compromised secret key useless with respect to decryption ofpast ciphertext the legitimate user has already decrypted.In this work, we formalize the notion of blockchain-based forwardsecurePKE, show the feasibility of constructing a forward-secure PKEscheme without key update, and discuss interesting properties of our schemesuch as post-compromise security.
展开▼