Technical and Legal Meaning of “Sole Control” – Towards Verifiability in Signing Systems

  • Mirosław Kutyłowski
  • Przemysław Błaśkiewicz
  • Łukasz Krzywiecki
  • Przemysław Kubiak
  • Wiesław Paluszyński
  • Michał Tabor
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 97)

Abstract

One of the fundamental ideas of the framework of electronic signatures defined in EU Directive 1999/93/WE is “sole control” over signature creation data. For a long time “sole control” has been understood as using black-box devices for which a certain third party has issued a certificate, whereas the signer was supposed to trust blindly the authorities and certification bodies. This has been claimed as the only feasible solution.

Recent advances in technology and development of verifiable systems show that it is possible to provide systems such that the signer has much more control over the signing process and can really maintain control over the signature creation data. The main idea is that breaches in the system cannot be excluded but if they occur, then the signer can provide evidence of a fraud of a third party.

Keywords

electronic signature secure signature creation device qualified signature mediated signatures end-to-end verifiability 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    European Parliament and the European Council: Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures. Official Journal of the European Communities L(13) (January 19, 2000) Google Scholar
  2. 2.
    Wer ist der befugte vierte. Der Spiegel 36 (1996)Google Scholar
  3. 3.
    Klein, A.: Attacks on the RC4 stream cipher. Des. Codes Cryptography 48(3), 269–286 (2008)CrossRefGoogle Scholar
  4. 4.
    Biryukov, A., Shamir, A., Wagner, D.: Real Time Cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Konstantinou, E., Liagkou, V., Spirakis, P.G., Stamatiou, Y.C., Yung, M.: Electronic national lotteries. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 147–163. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Young, A., Yung, M.: The dark side of “Black-box” cryptography, or: Should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Young, A., Yung, M.: A Space Efficient Backdoor in RSA and Its Applications. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 128–143. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Handschuh, H., Naccache, D., Paillier, P., Tymen, C.: Provably secure chipcard personalization, or, how to fool malicious insiders. In: CARDIS, USENIX (2002)Google Scholar
  9. 9.
    Polish Parliament: Electronic Signature Act. Dziennik Ustaw 130(1450) (September 18, 2001)Google Scholar
  10. 10.
    Bleumer, G.: Fail-stop signature. In: van Tilborg, H.C.A. (ed.) Encyclopedia of Cryptography and Security. Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: Instantenous revocation of security capabilities. In: USENIX Security Symposium (2001)Google Scholar
  12. 12.
    Polish Parliament: Ustawa od dowodach osobistych (act on personal identity documents). Dziennik Ustaw 167(1131) (2010)Google Scholar
  13. 13.
    Initiative: PKI 2.0 (2011), http://www.pki2.pl
  14. 14.
    Nicolosi, A., Krohn, M.N., Dodis, Y., Mazières, D.: Proactive two-party signatures for user authentication. In: NDSS. The Internet Society (2003)Google Scholar
  15. 15.
    Błaśkiewicz, P., Kubiak, P., Kutyłowski, M.: Digital signatures for e-government – a long-term security architecture. China Communications 7(6) (2010)Google Scholar
  16. 16.
    Błaśkiewicz, P., Kubiak, P., Kutyłowski, M.: Two-head dragon. clone-fail signature creation devices. In: Chen, L. (ed.) INTRUST 2010. LNCS, vol. 6802, pp. 173–188. Springer, Heidelberg (2011)Google Scholar
  17. 17.
    Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  18. 18.
    Rohde, S., Eisenbarth, T., Dahmen, E., Buchmann, J., Paar, C.: Fast Hash-Based Signatures on Constrained Devices. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 104–117. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Mirosław Kutyłowski
    • 1
  • Przemysław Błaśkiewicz
    • 1
  • Łukasz Krzywiecki
    • 1
  • Przemysław Kubiak
    • 1
  • Wiesław Paluszyński
    • 2
  • Michał Tabor
    • 2
  1. 1.Wrocław University of TechnologyPoland
  2. 2.Trusted Information ConsultingWarsawPoland

Personalised recommendations