Advertisement

A Forward-Secure Digital Signature Scheme

  • Mihir Bellare
  • Sara K. Miner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1666)

Abstract

We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.

Keywords

Hash Function Signature Scheme Random Oracle Random Oracle Model Digital Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    R. Anderson, Invited lecture, Fourth Annual Conference on Computer and Communications Security, ACM, 1997.Google Scholar
  2. 2.
    M. Bellare and S. Miner, “A forward-secure digital signature scheme,” Full version of this paper, available via http://www-cse.ucsd.edu/users/mihir.
  3. 3.
    M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” Proceedings of the First Annual Conference on Computer and Communications Security, ACM, 1993.Google Scholar
  4. 4.
    M. Bellare and P. Rogaway, “The exact security of digital signatures: How to sign with RSA and Rabin,” Advances in Cryptology-Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.Google Scholar
  5. 5.
    G. R. Blakley, “Safeguarding cryptographic keys.” Proceedings of AFIPS 1979 National Computer Conference, AFIPS, 1979.Google Scholar
  6. 6.
    L. Blum, M. Blum and M. Shub, “A simple unpredictable pseudo-random number generator,” SIAM Journal on Computing Vol. 15, No. 2, 364–383, May 1986.MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Y. Desmedt and Y. Frankel, “Threshold cryptosystems.” Advances in Cryptology-Crypto 89 Proceedings, Lec. Notes in Comp. Sci. Vol. 435, G. Brassard ed., Springer-Verlag, 1989.Google Scholar
  8. 8.
    W. Diffie, P. van Oorschot and M. Wiener, “Authentication and authenticated key exchanges,” Designs, Codes and Cryptography, 2, 107–125 (1992).CrossRefGoogle Scholar
  9. 9.
    U. Feige, A. Fiat, and A. Shamir, “Zero-knowledge proofs of identity,” J. of Cryptology, 1(1988), 77–94.Google Scholar
  10. 10.
    A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” Advances in Cryptology-Crypto 86 Proceedings, Lec. Notes in Comp. Sci. Vol. 263, A. Odlyzko ed., Springer-Verlag, 1986.Google Scholar
  11. 11.
    S. Goldwasser, S. Micali and R. Rivest, “A digital signature scheme secure against adaptive chosen-message attacks,” SIAM Journal of Computing, Vol. 17, No. 2, pp. 281–308, April 1988.MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    C. Gunther, “An identity-based key-exchange protocol,” Advances in Cryptology-Eurocrypt 89 Proceedings, Lec. Notes in Comp. Sci. Vol. 434, J-J. Quisquater, J. Vandewille ed., Springer-Verlag, 1989.Google Scholar
  13. 13.
    S. Haber and W. Stornetta, “How to Time-Stamp a Digital Document,” Advances in Cryptology-Crypto 90 Proceedings, Lec. Notes in Comp. Sci. Vol. 537, A. J. Menezes and S. Vanstone ed., Springer-Verlag, 1990.Google Scholar
  14. 14.
    A Herzberg, M. Jakobsson, S. Jarecki, H Krawczyk and M. Yung, “Proactive public key and signature schemes,” Proceedings of the Fourth Annual Conference on Computer and Communications Security, ACM, 1997.Google Scholar
  15. 15.
    K. Ohta and T. Okamoto. “On concrete security treatment of signatures derived from identification,” Advances in Cryptology-Crypto 98 Proceedings, Lec. Notes in Comp. Sci. Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.Google Scholar
  16. 16.
    H. Ong and C. Schnorr, “Fast signature generation with a Fiat-Shamir like scheme,” Advances in Cryptology-Eurocrypt 90 Proceedings, Lec. Notes in Comp. Sci. Vol. 473, I. Damgård ed., Springer-Verlag, 1990.Google Scholar
  17. 17.
    D. Pointcheval and J. Stern, “Security proofs for signature schemes,” Advances in Cryptology-Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.Google Scholar
  18. 18.
    A. Shamir, “How to share a secret,” Communications of the ACM, 22(1979), 612–613.MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    V. Shoup, “On the security of a practical identification scheme,” Advances in Cryptology-Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.Google Scholar
  20. 20.
    H. Williams, “A Modification of the RSA Public-key Encryption Procedure,” IEEE Transactions on Information Theory, Vol. IT-26, No. 6, 1980, pp. 726–729.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Sara K. Miner
    • 1
  1. 1.Dept. of Computer Science, & EngineeringUniversity of California at San DiegoLa JollaUSA

Personalised recommendations