What problem does this paper attempt to address?

The problem that this paper attempts to solve is to design a new highly - efficient Updatable Encryption (UE) scheme, especially for the scenario of Unidirectional Key Update. Specifically: 1. **Enhancing security**: The author constructs a UE scheme based on the key encapsulation mechanism of the FrodoPKE Learning with Errors (LWE) problem, and analyzes the security of this scheme under the random - selection adversary attack model (rand - ind - eu - cpa model). Since the underlying computational hard problem is the LWE problem, this scheme is robust against attacks from both classical computers and quantum computers. 2. **Achieving unidirectional key update**: This scheme can support backward - leak unidirectional key updates. This means that the key \(k_{e + 1}\) can be extracted from the key \(k_e\) and the update token \(\Delta_{e+1}\), but the reverse operation is not feasible. This ensures the security and privacy of key updates. 3. **Optimizing performance**: The paper not only focuses on theoretical security and correctness, but also experimentally evaluates the execution times of UE schemes based on different FrodoPKE variants (such as AES and SHAKE versions) at different security levels (NIST level 1, level 3, and level 5). The experimental results show the average time and standard deviation of each algorithm part (such as key generation, encryption, decryption, token generation, and update operations). ### Formula summary - **LWE problem**: \[ \text{LWE problem assumption}: \text{Given }(A, A\mathbf{s}+\mathbf{e})\text{ and }(A,\mathbf{u}), \text{ where }A\in\mathbb{Z}_q^{n\times m}, \mathbf{s}\in\mathbb{Z}_q^m, \mathbf{e}\sim\chi, \mathbf{u}\leftarrow\mathbb{Z}_q^n, \text{ it is difficult to distinguish between the two.} \] - **Unidirectional key update**: \[ K^*_{b - \text{uni}}=\{e\in[0, l]\mid\text{Corr}_K(e)=\text{true}\} \] where, \[ \text{true}\leftarrow\text{Corr}_K(e)\iff(e\in K)\lor(\text{Corr}_K(e + 1)\land(e + 1)\in T) \] - **Security advantage**: \[ \text{Adv}^{\text{rand - ind - eu - cpa}}_A(n):=\left|\Pr[\text{Exprand - ind - eu - cpa - 0}_{\text{UE}, A}=1]-\Pr[\text{Exprand - ind - eu - cpa - 1}_{\text{UE}, A}=1]\right| \] Through these formulas and experimental results, the paper verifies the feasibility and superiority of the proposed UE scheme in practical applications.