Skip to main content
SpringerLink
Log in

Digital Signatures for e-Government - A Long-Term Security Architecture

  • Conference paper
Forensics in Telecommunications, Information, and Multimedia (e-Forensics 2010)

Abstract

The framework of digital signature based on qualified certificates and X.509 architecture is known to have many security risks. Moreover, the fraud prevention mechanism is fragile and does not provide strong guarantees that might be regarded necessary for flow of legal documents.

Recently, mediated signatures have been proposed as a mechanism to effectively disable signature cards. In this paper we propose further mechanisms that can be applied on top of mediated RSA, so that we obtain signatures compatible with the standard format, but providing security guarantees even in the case when RSA becomes broken or the keys are compromised. Our solution is well suited for deploying a large-scale, long-term digital signature system for signing legal documents. Moreover, the solution is immune to kleptographic attacks as only deterministic algorithms are used on user’s side.

The paper is partially supported by Polish Ministry of Science and Higher Education, grant N N206 2701 33, and by “MISTRZ” programme of Foundation for Polish Science.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Young, A., Yung, M.: The dark side of “Black-box” cryptography, or: Should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)

    Google Scholar 

  2. Young, A., Yung, M.: The prevalence of kleptographic attacks on discrete-log based cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264–276. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  3. Young, A.L., Yung, M.: A timing-resistant elliptic curve backdoor in RSA. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 427–441. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Young, A., Yung, M.: A space efficient backdoor in RSA and its applications. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 128–143. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Young, A., Yung, M.: An elliptic curve backdoor algorithm for RSASSA. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 355–374. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: SSYM 2001: Proceedings of the 10th Conference on USENIX Security Symposium, p. 22. USENIX Association, Berkeley (2001)

    Google Scholar 

  7. Tsudik, G.: Weak forward security in mediated RSA. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 45–54. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Boneh, D., Ding, X., Tsudik, G.: Fine-grained control of security capabilities. ACM Trans. Internet Techn. 4(1), 60–82 (2004)

    Article  Google Scholar 

  9. Bellare, M., Sandhu, R.: The security of practical two-party RSA signature schemes. Cryptology ePrint Archive, Report 2001/060 (2001)

    Google Scholar 

  10. Coppersmith, D., Coron, J.S., Grieu, F., Halevi, S., Jutla, C.S., Naccache, D., Stern, J.P.: Cryptanalysis of ISO/IEC 9796-1. J. Cryptology 21(1), 27–51 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  11. Coron, J.S., Naccache, D., Tibouchi, M., Weinmann, R.P.: Practical cryptanalysis of ISO/IEC 9796-2 and EMV signatures. Cryptology ePrint Archive, Report 2009/203 (2009)

    Google Scholar 

  12. RSA Laboratories: PKCS#1 v2.1 — RSA Cryptography Standard + Errata (2005)

    Google Scholar 

  13. Jonsson, J.: Security proofs for the RSA-PSS signature scheme and its variants. Cryptology ePrint Archive, Report 2001/053 (2001)

    Google Scholar 

  14. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptology 17(4), 297–319 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  15. Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle signatures with virtually unlimited signature capacity. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 31–45. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Kubiak, P., Kutyłowski, M., Lauks-Dutka, A., Tabor, M.: Mediated signatures - towards undeniability of digital data in technical and legal framework. In: 3rd Workshop on Legal Informatics and Legal Information Technology (LIT 2010). LNBIP. Springer, Heidelberg (2010)

    Google Scholar 

  18. Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. J. ACM 48(4), 702–722 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  19. Malkin, M., Wu, T.D., Boneh, D.: Experimenting with shared generation of RSA keys. In: NDSS. The Internet Society, San Diego (1999)

    Google Scholar 

  20. Frankel, Y., MacKenzie, P.D., Yung, M.: Robust efficient distributed RSA-key generation. In: PODC, vol. 320 (1998)

    Google Scholar 

  21. Gilboa, N.: Two party RSA key generation (Extended abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 116–129. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  22. Algesheimer, J., Camenisch, J., Shoup, V.: Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. Cryptology ePrint Archive, Report 2002/029 (2002)

    Google Scholar 

  23. MacKenzie, P.D., Reiter, M.K.: Delegation of cryptographic servers for capture-resilient devices. Distributed Computing 16(4), 307–327 (2003)

    Article  Google Scholar 

  24. Coron, J.S., Icart, T.: An indifferentiable hash function into elliptic curves. Cryptology ePrint Archive, Report 2009/340 (2009)

    Google Scholar 

  25. Coron, J.-S.: On the Exact Security of Full Domain Hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  26. Coron, J.-S., Joux, A., Kizhvatov, I., Naccache, D., Paillier, P.: Fault attacks on RSA signatures with partially unknown messages. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 444–456. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  27. Coron, J.-S., Naccache, D., Tibouchi, M.: Fault attacks against emv signatures. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 208–220. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  28. Barker, E., Kelsey, J.: Recommendation for random number generation using deterministic random bit generators (revised). NIST Special Publication 800-90 (2007)

    Google Scholar 

  29. Shumow, D., Ferguson, N.: On the possibility of a back door in the NIST SP800-90 Dual EC Prng (2007), http://rump2007.cr.yp.to/15-shumow.pdf

  30. Infineon Technologies AG: Chip Card & Security: SLE 66CLX800PE(M) Family, 8/16-Bit High Security Dual Interface Controller For Contact based and Contactless Applications (2009)

    Google Scholar 

  31. Liskov, M.: Constructing an ideal hash function from weak ideal compression functions. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 358–375. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  32. Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  33. Rivest, R.L., Agre, B., Bailey, D.V., Crutchfield, C., Dodis, Y., Elliott, K., Khan, F.A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y.L.: The MD6 hash function. a proposal to NIST for SHA-3 (2009)

    Google Scholar 

  34. Granger, R., Page, D.L., Smart, N.P.: High security pairing-based cryptography revisited. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 480–494. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  35. Lenstra, A.K.: Key lengths. In: The Handbook of Information Security, vol. 2, Wiley, Chichester (2005), http://www.keylength.com/biblio/Handbook_of_Information_Security_-_Keylength.pdf

    Google Scholar 

  36. Babbage, S., Catalano, D., Cid, C., de Weger, B., Dunkelman, O., Gehrmann, C., Granboulan, L., Lange, T., Lenstra, A., Mitchell, C., Näslund, M., Nguyen, P., Paar, C., Paterson, K., Pelzl, J., Pornin, T., Preneel, B., Rechberger, C., Rijmen, V., Robshaw, M., Rupp, A., Schläffer, M., Vaudenay, S., Ward, M.: ECRYPT2 yearly report on algorithms and keysizes (2008-2009) (2009)

    Google Scholar 

  37. Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (Informational) (1997)

    Google Scholar 

  38. Qian, H., Li, Z.-b., Chen, Z.-j., Yang, S.: A practical optimal padding for signature schemes. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 112–128. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Mathematics and Computer Science, Wrocław University of Technology, Poland

    Przemysław Błaśkiewicz, Przemysław Kubiak & Mirosław Kutyłowski

Authors
  1. Przemysław Błaśkiewicz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Przemysław Kubiak
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mirosław Kutyłowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 800 Dong Chuan Road, 200240, Shanghai, P.R. China

    Xuejia Lai  & Dawu Gu  & 

  2. The 3rd Research Institute of Ministry of Public Security, 339 bi Shen Road, A 303, Zhang Jiang, Pu Dong, 210031, Shangahi, P.R. China

    Bo Jin

  3. East China University of Political Science and Law, No. 555, Longyuan Road, Songjiang District, 201620, Shanghai, China

    Yongquan Wang

  4. Xidian University, P.O. Box 101, 710071, Xian, Shaanxi, P.R. China

    Hui Li

Rights and permissions

Reprints and permissions

Copyright information

© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Błaśkiewicz, P., Kubiak, P., Kutyłowski, M. (2011). Digital Signatures for e-Government - A Long-Term Security Architecture. In: Lai, X., Gu, D., Jin, B., Wang, Y., Li, H. (eds) Forensics in Telecommunications, Information, and Multimedia. e-Forensics 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23602-0_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23602-0_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23601-3

  • Online ISBN: 978-3-642-23602-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation