Intrusion-Resilient Signatures: Generic Constructions, or Defeating Strong Adversary with Minimal Assumptions
Signer-Base Intrusion-Resilient (SiBIR) signature schemes were defined in [IR02]. In this model, as in the case of forward security, time is divided into predefined time periods (e.g., days); each signature includes the number of the time period in which it was generated; while the public key remains the same, the secret keys evolve with time. In addition, in SiBIR model, the user has two modules, signer and home base: the former generates all signatures on its own, and the latter is needed only to help update the signer’s key from one time period to the next.
The main strength of the intrusion-resilient schemes, is that they remain secure even after arbitrarily many compromises of both modules, as long as the compromises are not simultaneous. Moreover, even if the intruder does compromise both modules simultaneously, she will still be unable to generate any signatures for the previous time periods (i.e., the forward security is guaranteed even in the case of simultaneous exposures). This paper provides the first generic implementation, called gSiBIR, of the intrusion-resilient signature schemes: it can be based on any ordinary signature scheme used as a black-box. gSiBIR is also the first SiBIR scheme secure against fully-adaptive adversary and does not require random oracle. Our construction does require one-way (and cryptographic hash) functions.
Another contribution of this paper is a new mechanism extending treebased constructions such as gSiBIR and that of [BM99] to avoid the limit on the total number of periods (required by [IR02] and many forwardsecure ones). This mechanism is based on explicit use of prefixless (or selfdelimiting) encodings. Applied to the generic forward-secure singature constructions of [BM99],[MMM02], it extends the first and yields modest but noticable improvements to the second. With this mechanism, gSiBIR becomes the first generic intrusion-resilient signature scheme with no limit on the number of periods.
KeywordsSignature Scheme Random Oracle Security Parameter Cryptographic Hash Function Forward Security
Unable to display preview. Download preview PDF.
- And97.Ross Anderson. Invited lecture. Fourth Annual Conference on Computer and Communications Security, ACM (see http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/forwardsecure.pdf), 1997.
- AR00.Michel Abdalla and Leonid Reyzin. A new forward-secure digital signature scheme. In Tatsuaki Okamoto, editor, Advances in Cryptology-ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 116–129, Kyoto, Japan, 3-7 December 2000. Springer-Verlag. Full version available from the Cryptology ePrint Archive, record 2000/002, http://eprint.iacr.org/.CrossRefGoogle Scholar
- BM99.Mihir Bellare and Sara Miner. A forward-secure digital signature scheme. In Michael Wiener, editor, Advances in Cryptology-CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 431–448. Springer-Verlag, 15-19 August 1999. Revised version is available from http://www.cs.ucsd.edu/~mihir/.Google Scholar
- DKXY02.Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Keyinsulated public key cryptosystems. In Knudsen [Knu02].Google Scholar
- GQ88.Louis Claude Guillou and Jean-Jacques Quisquater. A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In Shafi Goldwasser, editor, Advances in Cryptology-CRYPTO’ 88, volume 403 of Lecture Notes in Computer Science, pages 216–231. Springer-Verlag, 1990, 21-25 August 1988.Google Scholar
- HJJ+97.Amir Herzberg, Markus Jakobsson, Stanisłlaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive public key and signature systems. In Fourth ACM Conference on Computer and Communication Security, pages 100–110. ACM, April 1-4 1997.Google Scholar
- IL89.G. Itkis and L. A. Levin. Power of fast VLSI models is insensitive to wires’ thinness. In 30th Annual Symposium on Foundations of Computer Science, pages 402–407, Research Triangle Park, North Carolina, 30 October-1 November 1989. IEEE.Google Scholar
- IR02.Gene Itkis and Leonid Reyzin. Intrusion-resilient signatures, or towards obsoletion of certificate revocation. In Moti Yung, editor, Advances in Cryptology-CRYPTO 2002, Lecture Notes in Computer Science. Springer-Verlag, 18–22 August 2002. Available from http://eprint.iacr.org/2002/054/.Google Scholar
- Kra00.Hugo Krawczyk. Simple forward-secure signatures from any signature scheme. In Seventh ACM Conference on Computer and Communication Security. ACM, November 1-4 2000.Google Scholar
- Lam79.Leslie Lamport. Constructing digital signatures from a one way function. Technical Report CSL-98, SRI International, October 1979.Google Scholar
- Lev73.Leonid A. Levin. On the concept of a random sequence, in Russian). Doklady Akademii Nauk SSSR (Proceedings of National Academy of Science of USSR), 5(14):1413–1416, 1973.Google Scholar
- Lev74.Leonid A. Levin. Laws of information conservation (non-growth) and aspects of the foundations of probability theory, in Russian). Problemy Peredachi Informatsii, 3(10):206–210, 1974.Google Scholar
- LV93.Ming Li and Paul Vitányi. An Introduction to Kolmogorov Complexity and Its Applications. Springer-Verlag, 1993.Google Scholar
- Mer87.Ralph C. Merkle. A digital signature based on a conventional encryption function. In Carl Pomerance, editor, Advances in Cryptology-CRYPTO’ 87, volume 293 of Lecture Notes in Computer Science, pages 369–378. Springer-Verlag, 1988, 16-20 August 1987.Google Scholar
- Mer89.Ralph C. Merkle. A certified digital signature. In G. Brassard, editor, Advances in Cryptology-CRYPTO’ 89, volume 435 of Lecture Notes in Computer Science, pages 218–238. Springer-Verlag, 1990, 20-24 August 1989.Google Scholar
- MMM02.Tal Malkin, Daniele Micciancio, and Sara Miner. Efficient generic forwardsecure signatures with an unbounded number of time periods. In Knudsen [Knu02].Google Scholar
- NY89.Moni Naor and Moti Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing. (May 15-17 1989: Seattle, WA, USA), pages 33–43, New York, NY 10036, USA, 1989. ACM Press.Google Scholar
- OY91.Rafail Ostrovsky and Moti Yung. How to withstand mobile virus attacks. In 10-th Annual ACM Symp. on Principles of Distributed Computing, pages 51–59, 1991.Google Scholar
- Yao82.A.C. Yao. Protocols for secure computations. In 23rd Annual Symposium on Foundations of Computer Science, pages 160–164, Chicago, Illinois, 3-5 November 1982. IEEE.Google Scholar