Crypto Reading Group - Pranshu Kumar-Generic Transformations for Updatable PKEs

Abstract: Updatable Public-Key Encryption (UPKE) augments the security of PKE with Forward Secrecy properties. It was originally proposed by Jost et al. (EUROCRYPT 2019) to provide security guarantees in secure messaging applications efficiently. Later, Alwen et al. (CRYPTO 2020) showed that TreeKEM, when used for Continuous Group Key Agreement (CGKA) in Message Layer Security (MLS), failed to achieve adequate security and proposed using UPKEs to modify TreeKEM. Since then, UPKEs have become a part of the Message Layer Security specification, and their security properties have been extensively studied. Alwen, Fuchsbauer, and Mularczyk (AFM, Eurocrypt’24) presented the strongest security notion to date, adding many additional properties that strengthen its security in CGKA and MLS.