Hard Invalidation of Electronic Signatures
We present a new concept for invalidating electronic signatures which, in many situations, seem to be better suited for real business and society applications. We do not rely on an administrative invalidation process executed separately for each single signing key and based on certificate revocation lists. Instead, all signatures created with a certain group are invalidated by a certain event. We propose a hard invalidation via releasing of the inherent cryptographic proof value – instead of soft invalidation via revoking certificates which leaves intact the cryptographic strength of signatures (even if legal validity is partially lost).
We present concrete efficient realizations of our ideas based on verifiable encryption, trapdoor discrete logarithm groups and ring signatures.
Keywordselectronic signature revocation deniability verifiable encryption trapdoor discrete logarithm ring signature
- 5.Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong key-insulated signature schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 130–144. Springer, Heidelberg (2002)Google Scholar
- 6.European Commission: Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). COM, 11 (2012)Google Scholar
- 7.Federal Republic of Germany: Bundesstrafbuch. BGBl. I S. 3322 (1998)Google Scholar
- 9.Itkis, G.: Cryptographic tamper evidence. IACR Cryptology ePrint Archive 31 (2003)Google Scholar
- 12.Krawczyk, H., Rabin, T.: Chameleon signatures. In: Network and Distributed System Security Symposium, NDSS 2000. The Internet Society (2000)Google Scholar
- 15.Poupard, G., Stern, J.: On the fly signatures based on factoring. In: Motiwalla, J., Tsudik, G. (eds.) 6th ACM Conference on Computer and Communications Security, CCS 1999, pp. 37–45. ACM (1999)Google Scholar
- 17.The European Parliament and European Council: Regulation (EU) no 910/2014 of the European Parliamnt and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Official Journal of the European Union L 257/73 (2014)Google Scholar