View article

Timed-Release Encryption (TRE) could be roughly dened as the encryption of condential data so that the resulting ciphertext cannot be decrypted by anyone, including the designated recipient(s), until a predetermined future time. TRE is useful, and oftentimes necessary, in a broad range of emerging applications (e.g. e-voting, e-auctions, e-contests, e-lottery) where a message transmitted in advance must remain secure for some time. Research on this topic has provided a wealth of theoretical developments and protocols, each with its own strengths and weaknesses. The vast majority of the early attempts at TRE did not satisfy the desired security requirements. More recently, a number of innovative third-party based TRE schemes have emerged especially after the introduction of Identity-Based Encryption (IBE). For the most part, these are pairing-based schemes which use public key infrastructure and come with some form of provable security, scalability and user-anonymity. More specically, in a typical pairing-based TRE (PB-TRE) scheme the sender encrypts the message under a public key and a time information, so the knowledge of both the matching private key and a time-specic trapdoor (i.e. the secret information published by the time-server) are necessary for decryption. In such schemes, the sole role of a time-server is to periodically publish self-authenticated time-dependent trapdoors. Unlike previous non-pairing-based approaches, PB-TREs provide server-passiveness and sender anonymity, because senders do not interact with the time-servers at all. Moreover, due to the bilinearity property, modern schemes support TRE encryption …