Generalized Key-Evolving Signature Schemes or How to Foil an Armed Adversary

  • Gene Itkis
  • Peng Xie
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2846)


Key exposures, known or inconspicuous, are a real security threat. Recovery mechanisms from such exposures are required. For digital signatures such a recovery should ideally – and when possible – include invalidation of the signatures issued with the compromised keys. We present new signature schemes with such recovery capabilities.

We consider two models for key exposures: full and partial reveal. In the first, a key exposure reveals all the secrets currently existing in the system. This model is suitable for the pessimistic inconspicuous exposures scenario. The partial reveal model permits the signer to conceal some information under exposure: e.g., under coercive exposures the signer is able to reveal a “fake” secret key.

We propose a definition of generalized key-evolving signature scheme, which unifies forward-security and security against the coercive and inconspicuous key exposures (previously considered separately [5,18,11]).

The new models help us address repudiation problems inherent in the monotone signatures [18], and achieve performance improvements.


digital signatures forward-security monotone signatures key-evolving signature schemes key exposures coercion recovery 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Third Conference on Security in Communication Networks (SCN 2002), Lecture Notes in Computer Science. Springer, September 12-13 (2002)Google Scholar
  2. 2.
    Abdalla, M., Reyzin, L.: A new forward-secure digital signature scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 116–129. Springer, Heidelberg (2000) Full version available from the Cryptology ePrint Archive, record (2000/2002), CrossRefGoogle Scholar
  3. 3.
    Anderson, R.: Invited lecture. Fourth Annual Conference on Computer and Communications Security, ACM (1997), see
  4. 4.
    Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Bellare, M., Miner, S.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999), Revised version is available from Google Scholar
  6. 6.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong keyinsulated signature schemes (Unpublished Manuscript) Google Scholar
  7. 7.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33(4), 792–807 (1986)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Guillou, L.C., Quisquater, J.-J.: A “paradoxical” indentitybased signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1988)Google Scholar
  10. 10.
    Håstad, J., Jonsson, J., Juels, A., Yung, M.: Funkspiel schemes: an alternative to conventional tamper resistance. In: Proceedings of the 7th ACM conference on Computer and communications security, pp. 125–133. ACM Press, New York (2000)CrossRefGoogle Scholar
  11. 11.
    Itkis, G.: Cryptographic tamper evidence (2002) (submitted), Avaliable from
  12. 12.
    Itkis, G.: Intrusion-resilient signatures: Generic constructions, or defeating strong adversary with minimal assumptions. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 102–118. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 332–354. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Itkis, G., Reyzin, L.: Intrusion-resilient signatures, or towards obsoletion of certificate revocation. In: Yung, M. (ed.) Advances in Cryptology—CRYPTO 2002, August 18-22. LNCS. Springer, Heidelberg (2002), Available from Google Scholar
  15. 15.
    Kozlov, A., Reyzin, L.: Forward-secure signatures with fast key update. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 241–256. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Krawczyk, H.: Simple forward-secure signatures from any signature scheme. In: Seventh ACM Conference on Computer and Communication Security, November 1-4. ACM, New York (2000)Google Scholar
  17. 17.
    Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signatures with an unbounded number of time periods. In: Knudsen, L. (ed.) Advances in Cryptology—EUROCRYPT 2002, 28 April–2 May 2002. LNCS, Springer, Heidelberg (2002)Google Scholar
  18. 18.
    Naccache, D., Pointcheval, D., Tymen, C.: Monotone signatures. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 305–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Gene Itkis
    • 1
  • Peng Xie
    • 1
  1. 1.Boston University Computer Science Dept.BostonUSA

Personalised recommendations