Skip to main content
SpringerLink
Log in

Technical and Legal Meaning of “Sole Control” – Towards Verifiability in Signing Systems

  • Conference paper
Book cover Business Information Systems Workshops (BIS 2011)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 97))

Included in the following conference series:

Abstract

One of the fundamental ideas of the framework of electronic signatures defined in EU Directive 1999/93/WE is “sole control” over signature creation data. For a long time “sole control” has been understood as using black-box devices for which a certain third party has issued a certificate, whereas the signer was supposed to trust blindly the authorities and certification bodies. This has been claimed as the only feasible solution.

Recent advances in technology and development of verifiable systems show that it is possible to provide systems such that the signer has much more control over the signing process and can really maintain control over the signature creation data. The main idea is that breaches in the system cannot be excluded but if they occur, then the signer can provide evidence of a fraud of a third party.

Supported by Polish Ministry of Science and Higher Education fund for research & development in years 2009/2011, grant No. O R00 0015 07. The first and second authors have been supported by Foundation for Polish Science, “Mistrz” Programme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. European Parliament and the European Council: Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures. Official Journal of the European Communities L(13) (January 19, 2000)

    Google Scholar 

  2. Wer ist der befugte vierte. Der Spiegel 36 (1996)

    Google Scholar 

  3. Klein, A.: Attacks on the RC4 stream cipher. Des. Codes Cryptography 48(3), 269–286 (2008)

    Article  Google Scholar 

  4. Biryukov, A., Shamir, A., Wagner, D.: Real Time Cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  5. Konstantinou, E., Liagkou, V., Spirakis, P.G., Stamatiou, Y.C., Yung, M.: Electronic national lotteries. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 147–163. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Young, A., Yung, M.: The dark side of “Black-box” cryptography, or: Should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)

    Google Scholar 

  7. Young, A., Yung, M.: A Space Efficient Backdoor in RSA and Its Applications. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 128–143. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Handschuh, H., Naccache, D., Paillier, P., Tymen, C.: Provably secure chipcard personalization, or, how to fool malicious insiders. In: CARDIS, USENIX (2002)

    Google Scholar 

  9. Polish Parliament: Electronic Signature Act. Dziennik Ustaw 130(1450) (September 18, 2001)

    Google Scholar 

  10. Bleumer, G.: Fail-stop signature. In: van Tilborg, H.C.A. (ed.) Encyclopedia of Cryptography and Security. Springer, Heidelberg (2005)

    Google Scholar 

  11. Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: Instantenous revocation of security capabilities. In: USENIX Security Symposium (2001)

    Google Scholar 

  12. Polish Parliament: Ustawa od dowodach osobistych (act on personal identity documents). Dziennik Ustaw 167(1131) (2010)

    Google Scholar 

  13. Initiative: PKI 2.0 (2011), http://www.pki2.pl

  14. Nicolosi, A., Krohn, M.N., Dodis, Y., Mazières, D.: Proactive two-party signatures for user authentication. In: NDSS. The Internet Society (2003)

    Google Scholar 

  15. Błaśkiewicz, P., Kubiak, P., Kutyłowski, M.: Digital signatures for e-government – a long-term security architecture. China Communications 7(6) (2010)

    Google Scholar 

  16. Błaśkiewicz, P., Kubiak, P., Kutyłowski, M.: Two-head dragon. clone-fail signature creation devices. In: Chen, L. (ed.) INTRUST 2010. LNCS, vol. 6802, pp. 173–188. Springer, Heidelberg (2011)

    Google Scholar 

  17. Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)

    Google Scholar 

  18. Rohde, S., Eisenbarth, T., Dahmen, E., Buchmann, J., Paar, C.: Fast Hash-Based Signatures on Constrained Devices. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 104–117. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Wrocław University of Technology, Poland

    Mirosław Kutyłowski, Przemysław Błaśkiewicz, Łukasz Krzywiecki & Przemysław Kubiak

  2. Trusted Information Consulting, Warsaw, Poland

    Wiesław Paluszyński & Michał Tabor

Authors
  1. Mirosław Kutyłowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Przemysław Błaśkiewicz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Łukasz Krzywiecki
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Przemysław Kubiak
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wiesław Paluszyński
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Michał Tabor
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Poznań University of Economics, Al. Niepodległości 10, 60-161, Poznań, Poland

    Witold Abramowicz

  2. Division of Information and Communication Sciences Department of Computing, Macquarie University, 2109, Sydney, NSW, Australia

    Leszek Maciaszek

  3. Poznań University of Economics, Al. Niepodległości 10, 60-967, Poznań, Poland

    Krzysztof Węcel

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kutyłowski, M., Błaśkiewicz, P., Krzywiecki, Ł., Kubiak, P., Paluszyński, W., Tabor, M. (2011). Technical and Legal Meaning of “Sole Control” – Towards Verifiability in Signing Systems. In: Abramowicz, W., Maciaszek, L., Węcel, K. (eds) Business Information Systems Workshops. BIS 2011. Lecture Notes in Business Information Processing, vol 97. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25370-6_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25370-6_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25369-0

  • Online ISBN: 978-3-642-25370-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation