Forward-secure public-key encryption has been discussed here, on sci.crypt, and elsewhere. To recap - the goal is that an adversary who breaks into your computer today can't read messages sent/received yesterday. In the interactive case, you use ephermal Diffie-Hellman. The non-interactive case is more complicated and has had some ideas considered by Ross Anderson, Adam Back, and David Hopwood (among others). Cypherpunks relevance: forward security is nice for remailers. Anyway, there's a new eprint up which shows how to construct such a scheme starting from an ID-based encryption scheme by Boneh + Franklin. "A Forward-Secure Public-Key Encryption Scheme" Jonathan Katz http://eprint.iacr.org/2002/060/ It's worth noting that the scheme this is based on has code available. http://crypto.stanford.edu/ibe/download.html -David