Non-Interactive Forward Secrecy

A Non-Interactive Forward-Secret Cryptosystem (NIFS) has a single public key which a sequence of public keys can be derived from. There is a corresponding sequence of private keys which can be deleted after use. To use one would make each public key valid for a time interval and delete the private key after that time interval has expired. It must not be possible to compute previous private keys from current ones.

NIFS Cryptosystems and Identity-based Cryptosystems

It is possible to construct NIFS schemes from ID-based schemes, but the converse is not true. Here is the generic method to use an ID-based cryptosystem as an NIFS cryptosystem: There are at least two weaker requirements which make NIFS schemes potentially simpler than ID-based schemes. Additional desirable features: Other applications:

NIFS Schemes

Chronological NIFS References

Chronological list of references to the NIFS problem:

Identity-Based Crypto Literature

Other terms people have used for Identity-Based Crypto:

Related Work


Comments, html bugs to me (Adam Back) at <adam@cypherspace.org>