High-Performance Qualified Digital Signatures for X-Road

  • Arne Ansper
  • Ahto Buldas
  • Margus Freudenthal
  • Jan Willemson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8208)

Abstract

In Estonia, the X-Road infrastructure for unified governmental database access has been in use for more than 10 years. The number of queries mediated over the X-Road has exceeded 240 million per year. Even though all the queries and replies are signed by using the X-Road’s own PKI facilities, the resulting signatures are not fully qualified in the sense of the Estonian Digital Signatures Act that requires the use of hardware-protected keys. In order to replace software-protected keys in the X-Road infrastructure with a moderate-cost hardware solution, there are several technical issues to be solved, most notably performance requirements, since the operations needed to achieve qualified signatures (obtaining OCSP responses and time stamps) require time. The topic of this paper is to propose organisational and technical solutions to overcome these challenges. A novel batch signature and time stamp format is proposed allowing to perform many PKI operations at the price of one, helping to meet the performance requirements.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ABFW03]
    Ansper, A., Buldas, A., Freudenthal, M., Willemson, J.: Scalable and Efficient PKI for Inter-Organizational Communication. In: Omondi, A.R., Sedukhin, S.G. (eds.) ACSAC 2003. LNCS, vol. 2823, pp. 308–318. Springer, Heidelberg (2003)Google Scholar
  2. [ABRW01]
    Ansper, A., Buldas, A., Roos, M., Willemson, J.: Efficient long-term validation of digital signatures. In: Kim, K.-C. (ed.) PKC 2001. LNCS, vol. 1992, pp. 402–415. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. [ASi12]
    Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC), ETSI TS 102 918 (February 2012)Google Scholar
  4. [EC211]
    European Commission Decision of 25 February 2011 establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market. 2011/130/EU (February 2011)Google Scholar
  5. [Fia89]
    Fiat, A.: Batch RSA. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 175–185. Springer, Heidelberg (1990)Google Scholar
  6. [Fia97]
    Fiat, A.: Batch RSA. J. Cryptology 10(2), 75–88 (1997)MathSciNetCrossRefMATHGoogle Scholar
  7. [Kal02]
    Kalja, A.: The X-Road Project. A Project to Modernize Estonia’s National Databases. Baltic IT&T Review 24, 47–48 (2002)Google Scholar
  8. [Kal12]
    Kalja, A.: The first ten years of X-road. In: Estonian Information Society Yearbook 2011/2012, pp. 78–80. Department of State Information System, Estonia (2012)Google Scholar
  9. [KV02]
    Kalja, A., Vallner, U.: Public e-Service Projects in Estonia. In: Haav, H.-M., Kalja, A. (eds.) Databases and Information Sustems, Proceedings of the Fifth International Baltic Conference, Baltic DB&IS 2002, vol. 2, pp. 143–153 (June 2002)Google Scholar
  10. [Mer80]
    Merkle, R.C.: Protocols for public key cryptosystems. In: Proc. of the 1980 IEEE Symposium on Security and Privacy, pp. 122–134 (1980)Google Scholar
  11. [PB99]
    Pavlovski, C.J., Boyd, C.: Efficient batch signature generation using tree structures. In: International Workshop on Cryptographic Techniques and E-Commerce: CrypTEC 1999, pp. 70–77. City University of Hong Kong Press (1999)Google Scholar
  12. [WA08]
    Willemson, J., Ansper, A.: A Secure and Scalable Infrastructure for Inter-Organizational Data Exchange and eGovernment Applications. In: Proceedings of The Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 572–577. IEEE Computer Society (2008)Google Scholar
  13. [XAd10]
    Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES), ETSI TS 101 903 (December 2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Arne Ansper
    • 1
    • 2
  • Ahto Buldas
    • 1
    • 2
  • Margus Freudenthal
    • 1
  • Jan Willemson
    • 1
  1. 1.Cybernetica ASTallinnEstonia
  2. 2.ELIKO Competence Centre in Electronics-, Info- and Communication TechnologiesTallinnEstonia

Personalised recommendations