Two-Head Dragon Protocol: Preventing Cloning of Signature Keys

Work in Progress
  • Przemysław Błaśkiewicz
  • Przemysław Kubiak
  • Mirosław Kutyłowski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6802)


Cryptographic techniques based on possession of private keys rely very much on the assumption that the private keys can be used only by the key’s owner. As contemporary architectures of operating systems do not provide such a guarantee, special devices such as smart cards and TPM modules are intended to serve as secure storage for such keys. When carefully designed, these devices can be examined and certified as secure devices for holding private keys. However, this approach has a serious drawback: certification procedure is expensive, requires very specialized knowledge and its result cannot be verified independently by an end-user. On the other hand, malicious cryptography techniques can be used to circumvent the security mechanisms installed in a device. Moreover, in practice we often are forced to retreat to solutions such as generation of the private keys outside secure devices. In this case we are forced to trust blindly the parties providing such services.

We propose an architecture for electronic signatures and signature creation devices such that in case of key leakage, any use of leaked keys will be detected with a fairly high probability. The main idea is that using the private keys outside the legitimate place leads to disclosure of these keys preventing any claims of validity of signatures in any thinkable legal situation.

Our approach is stronger than fail-stop signatures. Indeed, fail-stop signatures protect against derivation of keys via cryptanalysis of public keys, but cannot do anything about key leakage or making a copy of the key by a service provider that generates the key pairs for the clients.

Our approach is a simple alternative to the usual attempts to make cryptographic cards and TPM as tamper resistant as possible, that is, to solve the problem alone by hardware means. It also addresses the question of using private keys stored in not highly secure environment without a dramatic redesign of operating systems. It can be used as a stand alone solution, or just as an additional mechanism for building trust of an end-user.


signature-creation device electronic signature cloning tamper evidence key compromise legal undeniability 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Young, A., Yung, M.: Kleptography: Using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  2. 2.
    Drimer, S., Murdoch, S.J., Anderson, R.J.: Thinking inside the box: System-level failures of tamper proofing. In: IEEE Symposium on Security and Privacy, pp. 281–295. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  3. 3.
    Itkis, G.: Cryptographic tamper evidence. In: CCS 2003: Proc. 10th ACM Conference on Computer and Communications Security, pp. 355–364. ACM, New York (2003)Google Scholar
  4. 4.
    Pfitzmann, B., Waidner, M.: Fail-stop-signaturen und ihre anwendung. In: Pfitzmann, A., Raubold, E. (eds.) VIS. Informatik-Fachberichte, vol. 271, pp. 289–301. Springer, Heidelberg (1991)Google Scholar
  5. 5.
    van Heyst, E., Pedersen, T.P.: How to make efficient fail-stop signatures. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 366–377. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  6. 6.
    Itkis, G., Reyzin, L.: Sibir: Signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Zhou, J., Bao, F., Deng, R.H.: Validating digital signatures without tTP’s time-stamping and certificate revocation. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 96–110. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Xu, S., Yung, M.: Expecting the unexpected: Towards robust credential infrastructure. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 201–221. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: Instantenous revocation of security capabilities. In: USENIX Security Symposium (2001),
  10. 10.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  11. 11.
    Brands, S.: An efficient off-line electronic cash system based on the representation problem. Technical report (1993)Google Scholar
  12. 12.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  13. 13.
    Young, A., Yung, M.: A space efficient backdoor in RSA and its applications. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 128–143. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Young, A., Yung, M.: An elliptic curve backdoor algorithm for RSASSA. In: Camenisch, J., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 355–374. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Bernstein, D.J.: Proving tight security for Rabin-Williams signatures. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 70–87. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  17. 17.
    Bellare, M., Rogaway, P.: The exact security of digital signatures - how to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  18. 18.
    Liskov, M.: Constructing an ideal hash function from weak ideal compression functions. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 358–375. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Fischlin, M., Lehmann, A.: Multi-property preserving combiners for hash functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 375–392. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols (1995),

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Przemysław Błaśkiewicz
    • 1
  • Przemysław Kubiak
    • 1
  • Mirosław Kutyłowski
    • 1
  1. 1.Institute of Mathematics and Computer ScienceWrocław University of TechnologyPoland

Personalised recommendations