Double-Authentication-Preventing Signatures

  • Bertram Poettering
  • Douglas Stebila
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8712)


Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a trusted authority could make multiple certifications for the same subject but different objects, be it intentionally, by accident, or following a (legal or illegal) coercion. We propose the notion of a double-authentication-preventing signature, in which a value to be signed is split into two parts: a subject and a message. If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property discourages signers from misbehaving—a form of self-enforcement—and would give binding authorities like CAs some cryptographic arguments to resist legal coercion. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using the group of sign-agnostic quadratic residues modulo a Blum integer.


digital signatures double signatures dishonest signer coercion compelled certificate creation attack self-enforcement two-to-one trapdoor functions 


  1. 1.
    Soghoian, C., Stamm, S.: Certified lies: Detecting and defeating government interception attacks against SSL (short paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 250–259. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Fox-It: Black tulip: Report of the investigation into the DigiNotar certificate authority breach (2012)Google Scholar
  3. 3.
    Google Online Security Blog: An update on attempted man-in-the-middle attacks (2011)Google Scholar
  4. 4.
    Dwork, C., Lotspiech, J.B., Naor, M.: Digital signets: Self-enforcing protection of digital information (preliminary version). In: 28th ACM STOC, pp. 489–498. ACM Press (1996)Google Scholar
  5. 5.
    Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Jakobsson, M., Juels, A., Nguyên, P.Q.: Proprietary certificates. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 164–181. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Kiayias, A., Tang, Q.: How to keep a secret: leakage deterring public-key cryptosystems. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 943–954. ACM Press (2013)Google Scholar
  8. 8.
    Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  9. 9.
    Goyal, V.: Reducing trust in the PKG in identity based cryptosystems. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 430–447. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  11. 11.
    Lamport, L.: Constructing digital signatures from a one way function. Technical Report CSL-98, SRI International (1979)Google Scholar
  12. 12.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  13. 13.
    Waidner, M., Pfitzmann, B.: The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 690–690. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  14. 14.
    van Heyst, E., Pedersen, T.P.: How to make efficient fail-stop signatures. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 366–377. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  15. 15.
    van Heijst, E., Pedersen, T.P., Pfitzmann, B.: New constructions of fail-stop signatures and lower bounds (extended abstract). In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 15–30. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  16. 16.
    Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  17. 17.
    Pedersen, T.P., Pfitzmann, B.: Fail-stop signatures. SIAM Journal on Computing 26, 291–330 (1997)CrossRefzbMATHMathSciNetGoogle Scholar
  18. 18.
    Mashatan, A., Ouafi, K.: Forgery-resilience for digital signature schemes. In: Proc. 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), pp. 24–25. ACM (2012)Google Scholar
  19. 19.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS 2000. The Internet Society (2000)Google Scholar
  20. 20.
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Ateniese, G., de Medeiros, B.: Identity-based chameleon hash and applications. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 164–180. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 281–308 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
    Poettering, B., Stebila, D.: Double-authentication-preventing signatures (full version). Cryptology ePrint Archive, Report 2013/333 (2014)Google Scholar
  24. 24.
    Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 637–653. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Bertram Poettering
    • 1
  • Douglas Stebila
    • 2
  1. 1.Royal Holloway, University of LondonUnited Kingdom
  2. 2.Queensland University of TechnologyBrisbaneAustralia

Personalised recommendations