Abstract
Forward-secure signatures are proposed to diminish the damage of key exposure, in which the security of signatures prior to the period of key exposure can be kept. Identity-based signatures can reduce the complexity and the cost for managing the public key because the public key is replaced by any known information of a user’s identity. In this paper, we discuss a new issue related to integrating forward-secure and identity-based primitives into standard applications of personal network communication security such as pretty good privacy suite and secure/multipurpose internet mail extensions in which the secret key is additionally protected by an extra secret that is possibly derived from a password. One major contribution of this paper is to construct the first forward-secure identity-based signature scheme in untrusted update environments. In this scheme, the public key can be derived from some arbitrary identification value such as an email address or a phone number, and the signing key is additionally shielded by a second factor derived from a user’s password. Key update can be completed by the encrypted version of signing keys. The second factor is only needed when the signatures are produced. In addition, we give the definitions of forward security and update security in this kind of signature. At last, formal proofs of forward security and update security in the random oracle model are provided under the CDH assumption.
Similar content being viewed by others
Notes
It notes that our definition does not contain an algorithm to check the format of encrypted secret key because the validity of encrypted secret key can be verified through verifying algorithm. Therefore an additional algorithm to check the format of encrypted secret key is not necessary in our signature scheme.
References
Anderson, R. Two remarks on public key cryptology. Invited Lecture, ACM-CCS’97.
Bellare, M., & Miner, S. (1999). A forward-secure digital signature scheme. In M. Wiener (Ed.), Proceedings of CRYPTO’99, LNCS (Vol. 1666, pp. 431–448). Springer-Verlag: Berlin.
Abdalla, M., & Reyzin, L. (2000). A new forward-secure digital signature scheme. In T. Okamoto (Ed.), Advances in cryptology Asiacrypt 2000, LNCS 1976 (pp. 116–129). Berlin: Springer.
Krawczyk, H. (2000). Simple forward-secure signatures for any signature scheme. In Proceedings of the 7th ACM conference on computer and communications security (pp. 108–115). New York: ACM Press.
Itkis, G., & Reyzin, L. (2001). Forward-secure signatures with optimal signing and verifying. In J. Kilian (Ed.), Proceedings of Crypto 2001, LNCS (Vol. 2139, pp. 499–514). Springer: Berlin.
Sunitha, N. R., & Amberker, B. B. (2008). Forward-secure multi-signatures. In Distributed computing and internet technology 2008. LNCS 5375 (pp. 89–99). Berlin: Springer.
Chow, S. S. M., Lucas, C. K. H., Yiu, S. M., & Chow, K. P. (2005). Forward-secure multisignature and blind signature schemes. Applied Mathematics and Computation, 168, 895–908.
Hu, F., Wu, C.-H. & Irwin, J. D. (2003). A new forward-secure signature scheme using bilinear maps. Cryptology ePrint Archive, Report 2003/188.
Kang, B. G., Park, J. H., & Hahn, S. G. (2004). A new forward secure signature scheme. Cryptology ePrint Archive, Report 2004/183.
Yu, J., Kong, F. Y., Cheng, X. G., Hao, R., & Li, G. W. (2008). Construction of yet another forward secure signature scheme using bilinear maps. In Second international conference on provable security. LNCS 5324 (pp. 83–97). Berlin: Springer.
Boyen, X., Shacham, H., Shen, E., & Waters, B. (2006). Forward-secure signatures with untrusted update. In The 13th ACM conference on Computer and communications security (pp. 191–200). London: ACM Press.
Libert, B., Quisquater, J., & Yung, M. (2007). Forward-secure signatures in untrusted update environments: Efficient and generic constructions. In The 14th ACM conference on computer and communications security (pp. 266–275). London: ACM Press.
Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Cryptology-Crypto 1984, LNCS 196 (pp. 47–53). Berlin: Springer
Boneh, D., & Franklin, M. (2001). Identity based encryption from the Weil pairing. In Cryptology-Crypto 2001, LNCS 2139 (pp. 213–229). Berlin: Springer.
Cocks, C. (2001). An identity based encryption scheme based on quadratic residues. In Cryptography and Coding 2001, LNCS 2260 (pp. 360–363). Berlin: Springer.
Waters, B. (2005). Efficient identity-based encryption without random oracles. In Advances in Cryptology-EUROCRYPT 2005. LNCS 3494 (pp. 114–127). Berlin: Springer.
Hess, F. (2002). Efficient identity based signature schemes based on pairings. In Selected areas in cryptography, LNCS 2595 (pp. 310–324). Berlin: Springer.
Cha, J. C., & Cheon, J. H. (2003). An identity-based signature from gap Diffie–Hellman groups. In Public key cryptography—PKC 2003, LNCS 2567 (pp. 18–30). Berlin: Springer.
Barreto, P. S. L. M., Libert, B., McCullagh, N., & Quisquater, J. J. (2005). Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In ASIACRYPT’2005, LNCS 3788 (pp. 515–532). Berlin: Springer.
Paterson, K. G., & Schuldt, J. C. N. (2006). Efficient identity-based signatures secure in the standard model. In ACISP’2006, LNCS 4058 (pp. 207–222).
Zhang, F., & Kim, K. (2002). ID-based blind signature and ring signature from pairings. In Advances in cryptology-Asiacrypt 2002, LNCS 2501 (pp. 533–554). Berlin: Springer.
Chow, S. S. M., Yiu, S. M., & Hui, L. C. K. (2005). Efficient identity based ring signature. In Proceedings of ACNS’05, LNCS 3531 (pp. 499–512). Berlin: Springer.
Ren, Y. J., Shen, J., Wang, J., Han, J., & Lee, S. (2015). Mutual verifiable provable data auditing in public cloud storage. Journal of Internet Technology, 16(2), 317–323.
Yu, J., Hao, R., Kong, F. Y., Cheng, X. G., Fan, J. X., & Chen, Y. K. (2011). Forward-secure identity-based signature: Security notions and construction. Information Sciences, 181, 648–660.
Guo, P., Wang, J., Li, B., & Lee, S. (2014). A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology, 15(6), 929–936.
Shen, J., Tan, H. W., Wang, J., Wang, J. W., & Lee, S. (2015). A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology, 16(1), 171–178.
Xie, S. D., & Wang, Y. X. (2014). Construction of tree network with limited delivery latency in homogeneous wireless sensor networks. Wireless Personal Communications, 78(1), 231–246.
Galbraith, S. (2005). Pairings. In Advances in elliptic curve cryptography, volume 317 of London Mathematical Society Lecture Notes, Chapter IX (pp. 183–213). Cambridge: Cambridge University Press.
Goldwasser, S., Micali, S., & Rivest, R. (1988). A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2), 281–308.
Canetti, R., Halevi, S., & Katz, J. (2003). A forward secure public-key encryption scheme. In E. Biham (Ed.), Advances in Cryptology EUROCRYPT 2003, LNCS 2656 (pp. 255–271). Berlin: Springer.
Yu, J., Ren, K., Wang, C., & Varadharajan, V. (2015). Enabling cloud storage auditing with key-exposure resistance. IEEE Transactions on Information Forensics and Security, 10(6), 1167–1179.
Yu, J., Kong, F. Y., Cheng, X. G., Hao, R., & Li, G. W. (2014). One forward-secure signature scheme using bilinear maps and its applications. Information Sciences, 279, 60–76.
Acknowledgments
This research is supported by National Natural Science Foundation of China (61272425, 60703089, 61402245), China Postdoctoral Science special Foundation (2015T80696), PAPD and CICAEET.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yu, J., Xia, H., Zhao, H. et al. Forward-Secure Identity-Based Signature Scheme in Untrusted Update Environments. Wireless Pers Commun 86, 1467–1491 (2016). https://doi.org/10.1007/s11277-015-3001-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-3001-2