Generalized Key-Evolving Signature Schemes or How to Foil an Armed Adversary
Key exposures, known or inconspicuous, are a real security threat. Recovery mechanisms from such exposures are required. For digital signatures such a recovery should ideally – and when possible – include invalidation of the signatures issued with the compromised keys. We present new signature schemes with such recovery capabilities.
We consider two models for key exposures: full and partial reveal. In the first, a key exposure reveals all the secrets currently existing in the system. This model is suitable for the pessimistic inconspicuous exposures scenario. The partial reveal model permits the signer to conceal some information under exposure: e.g., under coercive exposures the signer is able to reveal a “fake” secret key.
We propose a definition of generalized key-evolving signature scheme, which unifies forward-security and security against the coercive and inconspicuous key exposures (previously considered separately [5,18,11]).
The new models help us address repudiation problems inherent in the monotone signatures , and achieve performance improvements.
Keywordsdigital signatures forward-security monotone signatures key-evolving signature schemes key exposures coercion recovery
Unable to display preview. Download preview PDF.
- 1.Third Conference on Security in Communication Networks (SCN 2002), Lecture Notes in Computer Science. Springer, September 12-13 (2002)Google Scholar
- 3.Anderson, R.: Invited lecture. Fourth Annual Conference on Computer and Communications Security, ACM (1997), see http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/forwardsecure.pdf
- 4.Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)Google Scholar
- 6.Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong keyinsulated signature schemes (Unpublished Manuscript) Google Scholar
- 9.Guillou, L.C., Quisquater, J.-J.: A “paradoxical” indentitybased signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1988)Google Scholar
- 11.Itkis, G.: Cryptographic tamper evidence (2002) (submitted), Avaliable from http://www.cs.bu.edu/itkis/papers/
- 16.Krawczyk, H.: Simple forward-secure signatures from any signature scheme. In: Seventh ACM Conference on Computer and Communication Security, November 1-4. ACM, New York (2000)Google Scholar
- 17.Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signatures with an unbounded number of time periods. In: Knudsen, L. (ed.) Advances in Cryptology—EUROCRYPT 2002, 28 April–2 May 2002. LNCS, Springer, Heidelberg (2002)Google Scholar