Intrusion-Resilient Signatures: Generic Constructions, or Defeating Strong Adversary with Minimal Assumptions

  • Gene Itkis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2576)


Signer-Base Intrusion-Resilient (SiBIR) signature schemes were defined in [IR02]. In this model, as in the case of forward security, time is divided into predefined time periods (e.g., days); each signature includes the number of the time period in which it was generated; while the public key remains the same, the secret keys evolve with time. In addition, in SiBIR model, the user has two modules, signer and home base: the former generates all signatures on its own, and the latter is needed only to help update the signer’s key from one time period to the next.

The main strength of the intrusion-resilient schemes, is that they remain secure even after arbitrarily many compromises of both modules, as long as the compromises are not simultaneous. Moreover, even if the intruder does compromise both modules simultaneously, she will still be unable to generate any signatures for the previous time periods (i.e., the forward security is guaranteed even in the case of simultaneous exposures). This paper provides the first generic implementation, called gSiBIR, of the intrusion-resilient signature schemes: it can be based on any ordinary signature scheme used as a black-box. gSiBIR is also the first SiBIR scheme secure against fully-adaptive adversary and does not require random oracle. Our construction does require one-way (and cryptographic hash) functions.

Another contribution of this paper is a new mechanism extending treebased constructions such as gSiBIR and that of [BM99] to avoid the limit on the total number of periods (required by [IR02] and many forwardsecure ones). This mechanism is based on explicit use of prefixless (or selfdelimiting) encodings. Applied to the generic forward-secure singature constructions of [BM99],[MMM02], it extends the first and yields modest but noticable improvements to the second. With this mechanism, gSiBIR becomes the first generic intrusion-resilient signature scheme with no limit on the number of periods.


Signature Scheme Random Oracle Security Parameter Cryptographic Hash Function Forward Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. And97.
    Ross Anderson. Invited lecture. Fourth Annual Conference on Computer and Communications Security, ACM (see, 1997.
  2. AR00.
    Michel Abdalla and Leonid Reyzin. A new forward-secure digital signature scheme. In Tatsuaki Okamoto, editor, Advances in Cryptology-ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 116–129, Kyoto, Japan, 3-7 December 2000. Springer-Verlag. Full version available from the Cryptology ePrint Archive, record 2000/002, Scholar
  3. BM99.
    Mihir Bellare and Sara Miner. A forward-secure digital signature scheme. In Michael Wiener, editor, Advances in Cryptology-CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 431–448. Springer-Verlag, 15-19 August 1999. Revised version is available from Scholar
  4. DKXY02.
    Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Keyinsulated public key cryptosystems. In Knudsen [Knu02].Google Scholar
  5. GGM86.
    Oded Goldreich, Shafi Goldwasser, and Silvio Micali. How to construct random functions. Journal of the ACM, 33(4):792–807, October 1986.CrossRefMathSciNetGoogle Scholar
  6. GQ88.
    Louis Claude Guillou and Jean-Jacques Quisquater. A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In Shafi Goldwasser, editor, Advances in Cryptology-CRYPTO’ 88, volume 403 of Lecture Notes in Computer Science, pages 216–231. Springer-Verlag, 1990, 21-25 August 1988.Google Scholar
  7. HJJ+97.
    Amir Herzberg, Markus Jakobsson, Stanisłlaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive public key and signature systems. In Fourth ACM Conference on Computer and Communication Security, pages 100–110. ACM, April 1-4 1997.Google Scholar
  8. IL89.
    G. Itkis and L. A. Levin. Power of fast VLSI models is insensitive to wires’ thinness. In 30th Annual Symposium on Foundations of Computer Science, pages 402–407, Research Triangle Park, North Carolina, 30 October-1 November 1989. IEEE.Google Scholar
  9. IR01.
    Gene Itkis and Leonid Reyzin. Forward-secure signatures with optimal signing and verifying. In Joe Kilian, editor, Advances in Cryptology-CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 332–354. Springer-Verlag, 19–23 August 2001.CrossRefGoogle Scholar
  10. IR02.
    Gene Itkis and Leonid Reyzin. Intrusion-resilient signatures, or towards obsoletion of certificate revocation. In Moti Yung, editor, Advances in Cryptology-CRYPTO 2002, Lecture Notes in Computer Science. Springer-Verlag, 18–22 August 2002. Available from Scholar
  11. Knu02.
    Lars Knudsen, editor. Advances in Cryptology-EUROCRYPT 2002, Lecture Notes in Computer Science. Springer-Verlag, 28 April-2 May 2002.zbMATHGoogle Scholar
  12. Kra00.
    Hugo Krawczyk. Simple forward-secure signatures from any signature scheme. In Seventh ACM Conference on Computer and Communication Security. ACM, November 1-4 2000.Google Scholar
  13. Lam79.
    Leslie Lamport. Constructing digital signatures from a one way function. Technical Report CSL-98, SRI International, October 1979.Google Scholar
  14. Lev73.
    Leonid A. Levin. On the concept of a random sequence, in Russian). Doklady Akademii Nauk SSSR (Proceedings of National Academy of Science of USSR), 5(14):1413–1416, 1973.Google Scholar
  15. Lev74.
    Leonid A. Levin. Laws of information conservation (non-growth) and aspects of the foundations of probability theory, in Russian). Problemy Peredachi Informatsii, 3(10):206–210, 1974.Google Scholar
  16. LV93.
    Ming Li and Paul Vitányi. An Introduction to Kolmogorov Complexity and Its Applications. Springer-Verlag, 1993.Google Scholar
  17. Mer87.
    Ralph C. Merkle. A digital signature based on a conventional encryption function. In Carl Pomerance, editor, Advances in Cryptology-CRYPTO’ 87, volume 293 of Lecture Notes in Computer Science, pages 369–378. Springer-Verlag, 1988, 16-20 August 1987.Google Scholar
  18. Mer89.
    Ralph C. Merkle. A certified digital signature. In G. Brassard, editor, Advances in Cryptology-CRYPTO’ 89, volume 435 of Lecture Notes in Computer Science, pages 218–238. Springer-Verlag, 1990, 20-24 August 1989.Google Scholar
  19. MMM02.
    Tal Malkin, Daniele Micciancio, and Sara Miner. Efficient generic forwardsecure signatures with an unbounded number of time periods. In Knudsen [Knu02].Google Scholar
  20. NY89.
    Moni Naor and Moti Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing. (May 15-17 1989: Seattle, WA, USA), pages 33–43, New York, NY 10036, USA, 1989. ACM Press.Google Scholar
  21. OY91.
    Rafail Ostrovsky and Moti Yung. How to withstand mobile virus attacks. In 10-th Annual ACM Symp. on Principles of Distributed Computing, pages 51–59, 1991.Google Scholar
  22. Yao82.
    A.C. Yao. Protocols for secure computations. In 23rd Annual Symposium on Foundations of Computer Science, pages 160–164, Chicago, Illinois, 3-5 November 1982. IEEE.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Gene Itkis
    • 1
  1. 1.Boston University Computer Science Dept.BostonUSA

Personalised recommendations