Abstract
Signature computation is frequently performed on insecure devices—e.g., mobile phones — operating in an environment where the private (signing)k ey is likely to be exposed. Strong key-insulated signature schemes are one way to mitigate the damage done when this occurs. In the key-insulated model [6], the secret key stored on an insecure device is refreshed at discrete time periods via interaction with a physically-secure device which stores a “master key”. All signing is still done by the insecure device, and the public key remains fixed throughout the lifetime of the protocol. In a strong (t,N)-key-insulated scheme, an adversary who compromises the insecure device and obtains secret keys for up to t periods is unable to forge signatures for any of the remaining N-t periods. Furthermore, the physically-secure device (or an adversary who compromises only this device)is unable to forge signatures for any time period.
We present here constructions of strong key-insulated signature schemes based on a variety of assumptions. First, we demonstrate a generic construction of a strong (N— 1,N)-key-insulated signature scheme using any standard signature scheme. We then give a construction of a strong (t,N)-signature scheme whose security may be based on the discrete logarithm assumption in the random oracle model. This construction offers faster signing and verification than the generic construction, at the expense of O(t)k ey update time and key length. Finally, we construct strong (N —1,N)-key-insulated schemes based on any “trapdoor signature scheme” (a notion we introduce here); our resulting construction in fact serves as an identity-based signature scheme as well. This leads to very efficient solutions based on, e.g., the RSA assumption in the random oracle model.
Work done in part while at DIMACS.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abdalla and M. Bellare. Rekeyed Digital Signature Schemes: Damage-Containment in the Face of Key Exposure. Manuscript. July, 2001. 132, 134
R. Anderson. Invited lecture, CCCS’ 97. 133
M. Bellare and S.K. Miner. A Forward-Secure Digital Signature Scheme. Crypto’ 99. 133, 134
J. Cha and J. Cheon. An Identity-based Signature Scheme from Gap Diffie-Hellman Groups. Available at http://eprint.iacr.org/2002/018/. 132, 142
J. Cheon. A Universal Forgery of Hess’s Second ID-based Signature against the Known-message Attack. Available at http://eprint.iacr.org/2002/028/. 142
Y. Dodis, J. Katz, S. Xu and M. Yung. Key-Insulated Public-Key Cryptosystems. Eurocrypt 2002. 130, 131, 132, 134, 135
Y. Dodis and L. Reyzin. On the Power of Claw-Free Permutations. SCN 2002. 141
A. Fiat and A. Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. Crypto’ 86. 141
R. Gennaro, T. Rabin, S. Jarecki, and H. Krawczyk. Robust and Efficient Sharing of RSA Functions. J. Crypto 13(2): 273–300 (2000). 142
M. Girault. Relaxing Tamper-Resistance Requirements for Smart Cards Using (Auto)-Proxy Signatures. CARDIS’ 98. 132
O. Goldreich, B. Pfitzmann, and R. L. Rivest. Self-Delegation with Controlled Propagation — or — What if You Lose Your Laptop? Crypto’ 98. 133
S. Goldwasser, S. Micali, and R.L. Rivest. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Computing 17(2): 281–308 (1988).
L. C. Guillou and J.-J. Quisquater. A Practical Zero-Knowledge Protocol Fitted to Security Microprocessors Minimizing Both Transmission and Memory. Eurocrypt’ 88. 134, 141
F. Hess. Exponent Group Signature Schemes and Efficient Identity Based Signature Schemes Based on Pairings. Available at http://eprint.iacr.org/ 2002/012/. 132, 142
G. Itkis. Intrusion-Resilient Signatures: Generic Constructions, or Defeating Strong Adversary with Minimal Assumptions. SCN 2002. 133
G. Itkis and L. Reyzin. SiBIR: Signer-Base Intrusion-Resilient Signatures. Crypto 2002. 133, 136
A. Joux and K. Nguyen. Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. Available at http://eprint.iacr.org/2001/003/. 142
J. Katz and M. Yung. Threshold Crytptosystems Based on Factoring. Asiacrypt 2002. 142
C.-F. Lu and S.W. Shieh. Secure Key-Evolving Protocols for Discrete Logarithm Schemes. RSA 2002. 132
S. Micali. A Secure and Efficient Digital Signature Algorithm. Technical Report MIT/LCS/TM-501, MIT, 1994. 141
K. Ohta and T. Okamoto. On Concrete Security Treatment of Signatures Derived from Identification. Crypto’ 98. 139
T. Okamoto. Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes. Crypto’ 92. 139
H. Ong and C. Schnorr. Fast Signature Generation with a Fiat-Shamir-Like Scheme. Eurocrypt’ 90. 134, 141
K. Paterson. ID-based Signatures from Pairings on Elliptic Curves. Available at http://eprint.iacr.org/2002/004/. 132, 142
R. Sakai, K. Ohgishi, M. Kasahara. Cryptosystems based on pairing. SCIC 2001.132, 142
C.P. Schnorr. Efficient Signature Generation by Smart Cards. J. Crypto 4(3): 161–174 (1991). 139
C.P. Schnorr. Security of 2t-root Identification and Signatures. Crypto’ 96. 141
A. Shamir. Identity-Based Cryptosystems and Signature Schemes. Crypto’ 84. 134, 142
V. Shoup. On the Security of a Practical Identification Scheme. J. Crypto 12(4): 247–160 (1999). 141
W.-G. Tzeng and Z.-J. Tzeng. Robust Key-Evolving Public Key Encryption Schemes. Available at http://eprint.iacr.org/2001/009/. 132
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dodis, Y., Katz, J., Xu, S., Yung, M. (2003). Strong Key-Insulated Signature Schemes. In: Desmedt, Y.G. (eds) Public Key Cryptography — PKC 2003. PKC 2003. Lecture Notes in Computer Science, vol 2567. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36288-6_10
Download citation
DOI: https://doi.org/10.1007/3-540-36288-6_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00324-3
Online ISBN: 978-3-540-36288-3
eBook Packages: Springer Book Archive