Long-Term Secure Time-Stamping Using Preimage-Aware Hash Functions
The lifetime of commonly used digital signature schemes is limited because their security is based on computational assumptions that potentially break in the future. In 1993, Bayer et al. suggested that the lifetime of a digital signature can be prolonged by time-stamping the signature together with the signed document. Based on this idea, various long-term timestamp schemes have been proposed and standardized that repeatedly renew the protection with new timestamps. In order to minimize the risk of a design failure affecting the security of these schemes, it is indispensable to formally analyze their security. However, many of the proposed schemes have not been subject to a formal security analysis yet. In this paper, we address this issue by formally describing and analyzing a long-term timestamp scheme that uses hash trees for timestamp renewal. Our analysis shows that the security level of the described scheme degrades cubic over time, which suggests that in practice the scheme should be instantiated with a certain security margin.
KeywordsLong-term security Timestamps Preimage aware hash functions
- 1.Bayer, D., Haber, S., Stornetta, W.S.: Improving the efficiency and reliability of digital time-stamping. In: Capocelli, R., De Santis, A., Vaccaro, U. (eds.) Sequences II: Methods in Communication, Security, and Computer Science, pp. 329–334. Springer, New York (1993). doi: 10.1007/978-1-4613-9323-8_24 CrossRefGoogle Scholar
- 2.Buldas, A., Geihs, M., Buchmann, J.: Long-term secure time-stamping using preimage-aware hash functions. Cryptology ePrint Archive, Report 2017/754 (2017). http://eprint.iacr.org/2017/754
- 7.Geihs, M., Demirel, D., Buchmann, J.A.: A security analysis of techniques for long-term integrity protection. In: 14th Annual Conference on Privacy, Security and Trust, PST 2016, Auckland, New Zealand, 12–14 December 2016, pp. 449–456 (2016)Google Scholar