Universally Composable Time-Stamping Schemes with Audit

  • Ahto Buldas
  • Peeter Laud
  • Märt Saarepera
  • Jan Willemson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3650)


We present a Universally Composable (UC) time-stamping scheme based on universal one-way hash functions. The model we use contains an ideal auditing functionality, the task of which is to check that the rounds’ digests are correctly computed. Our scheme uses hash-trees and is just a slight modification of the known schemes of Haber-Stornetta and Benaloh-de Mare, but both the modifications and the audit functionality are crucial for provable security. We prove that our scheme is nearly optimal – in every UC time-stamping scheme, almost all time stamp requests must be communicated to the auditor.


Hash Function Security Condition Security Proof Audit Report Provable Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Backes, M.: Cryptographically Sound Analysis of Security Protocols. PhD thesis, Universit ät des Saarlandes (2002)Google Scholar
  2. 2.
    Backes, M., Pfitzmann, B.: Symmetric Encryption in a Simulatable Dolev-Yao Style Cryptographic Library. In: 17th IEEE Computer Security Foundations Workshop, Pacific Grove, CA (June 2004)Google Scholar
  3. 3.
    Backes, M., Pfitzmann, B., Waidner, M.: Symmetric authentication within a simulatable cryptographic library. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 271–290. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Backes, M., Pfitzmann, B., Waidner, M.: A Universally Composable Cryptographic Library. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, October 2003, ACM Press, Washington (2003)Google Scholar
  5. 5.
    Bayer, D., Haber, S., Stornetta, W.-S.: Improving the efficiency and reliability of digital time-stamping. In: Sequences II: Methods in Communication, Security, and Computer Science, pp. 329–334. Springer, New York (1993)Google Scholar
  6. 6.
    Benaloh, J., de Mare, M.: Efficient broadcast time-stamping. Tech. report 1, Clarkson Univ. Dep. of Mathematics and Computer Science (August 1991)Google Scholar
  7. 7.
    Buldas, A., Laud, P., Lipmaa, H., Villemson, J.: Time-Stamping with Binary Linking Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 486–501. Springer, Heidelberg (1998)Google Scholar
  8. 8.
    Buldas, A., Laud, P., Saarepera, M., Willemson, J.: Universally Composable Time-Stamping Schemes with Audit. IACR ePrint Archive 2005/198 (2005)Google Scholar
  9. 9.
    Buldas, A., Saarepera, M.: On provably secure time-stamping schemes. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 500–514. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Canetti, R.: A unified framework for analyzing security of protocols. Electronic Colloquium on Computational Complexity (ECCC) 8(16) (2001)Google Scholar
  11. 11.
    Canetti, R.: Security and composition of multi-party cryptographic protocols. Journal of Cryptology 13(1), 143–202 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: 42nd FOCS, pp. 136–145 (2001)Google Scholar
  13. 13.
    Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Haber, S., Stornetta, W.-S.: How to time-stamp a digital document. Journal of Cryptology 3(2), 99–111 (1991)CrossRefGoogle Scholar
  16. 16.
    Haber, S., Stornetta, W.-S.: Secure Names for Bit-Strings. In: ACM Conference on Computer and Communications Security, pp. 28–35 (1997)Google Scholar
  17. 17.
    Lindell, Y.: Composition of Secure Multi-Party Protocols. In: Lindell, Y. (ed.) Composition of Secure Multi-Party Protocols. LNCS, vol. 2815, pp. 21–43. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Luby, M.: Pseudorandomness and cryptographic applications. Princeton University Press, Princeton (1996)zbMATHGoogle Scholar
  19. 19.
    Merkle, R.C.: Protocols for public-key cryptosystems. In: Proceedings of the 1980 IEEE Symposium on Security and Privacy, pp. 122–134 (1980)Google Scholar
  20. 20.
    Moran, T., Shaltiel, R., Ta-Shma, A.: Non-interactive timestamping in the bounded storage model. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 460–476. Springer, Heidelberg (2004)Google Scholar
  21. 21.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing, Seattle, May 15–17, 1989, pp. 33–43. ACM Press, New York (1989)CrossRefGoogle Scholar
  22. 22.
    Pfitzmann, B., Schunter, M., Waidner, M.: Cryptographic Security of Reactive Systems. In: Schneider, S., Ryan, P. (eds.) Workshop on Secure Architectures and Information Flow, Royal Holloway, University of London. Electronic Notes in Theoretical Computer Science, vol. 32, Elsevier Science, Amsterdam (2000)Google Scholar
  23. 23.
    Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: CCS 2000, Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece, November 2000, pp. 245–254. ACM Press, New York (2000)CrossRefGoogle Scholar
  24. 24.
    Pfitzmann, B., Waidner, M.: A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. In: 2001 IEEE Symposium on Security and Privacy, Oakland, California, May 2001, pp. 184–200. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  25. 25.
    Russell, A.: Necessary and sufficient conditions for collision-free hashing. Journal of Cryptology 8, 87–99 (1995)zbMATHGoogle Scholar
  26. 26.
    Homepage of Surety,
  27. 27.
    Homepage of Authentidate,
  28. 28.
    Homepage of Digistamp,

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ahto Buldas
    • 1
    • 2
    • 3
  • Peeter Laud
    • 1
    • 2
  • Märt Saarepera
    • 1
  • Jan Willemson
    • 1
    • 4
  1. 1.University of TartuTartuEstonia
  2. 2.CyberneticaTallinnEstonia
  3. 3.Tallinn University of TechnologyTallinnEstonia
  4. 4.Playtech EstoniaTartuEstonia

Personalised recommendations