Remotely keyed encryption schemes (RKESs) support high-bandwidth cryptographic applications in which long-lived secrets (such as users' private keys) never leave lower-bandwidth environments such as secure smart-cards. We provide a formal framework in which to study the security of RKESs and suggest RKESs that satisfy our formal security requirements. These schemes are efficient in that the amount of communication and computation that they require of the smart-card is independent of the input size. Our proof of security uses the pseudorandom permutation framework of Naor and Reingold (see this paper ) in an essential way.
Postscript , gzipped Postscript .