Helmich, RolandRolandHelmichBraubach, LarsLarsBraubach2026-01-142026-01-142025-10https://media.suub.uni-bremen.de/handle/elib/23932Secure file sharing is essential in today's digital environment, yet many systems remain vulnerable: if an attacker steals client keys, they can often decrypt both past and future content. To address this challenge, we propose a novel file-sharing architecture that strengthens post-compromise security while remaining practical. Our contributions are threefold. First, we design a concept that integrates Messaging Layer Security group key exchange, attribute-based access control, and a tamper-resistant, versioned metadata store, providing post-compromise security and, with some limitations, forward secrecy. Second, we present a reference architecture and a working prototype. Third, we evaluate security against common threats and benchmark key distribution scalability. Results demonstrate that our system preserves end-to-end confidentiality even with a fully compromised server, restores security after client compromise, and scales key delivery efficiently—for example, distributing 10,000 keys to 1000 clients is only about 40% slower than to 100 clients. Overall, our approach delivers stronger security guarantees than popular alternatives while remaining practical.en000 Informatik, Informationswissenschaft, allgemeine WerkeText::Zeitschrift::Wissenschaftlicher Artikel10.1002/cpe.70414