Efficient Signature Validation Based on a New PKI

  • Jianying Zhou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2738)


Digital signatures usually serve as irrefutable cryptographic evidence to support dispute resolution in electronic transactions. Trusted time-stamping and certificate revocation services, although very costly in practice, must be available to prevent big loss due to compromising of the signing key. In this paper, we employ a revocation-free public-key framework to improve the efficiency in maintaining the validity of digital signatures as non-repudiation evidence. The new PKI allows an end user to control the validity of his own public-key certificate and enables certificate verification without retrieving the revocation information from the CA. Based on this new PKI, we could validate generic digital signatures using a TSA only. Moreover, we could validate forward-secure digital signatures without the TTP’s involvement.


Digital Signature Expiry Date Certification Authority Trusted Third Party Hash Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ALO98]
    Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 137–152. Springer, Heidelberg (1998)Google Scholar
  2. [AR00]
    Abdalla, M., Reyzin, L.: A new forward-secure digital signature scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 116–129. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. [BM99]
    Bellare, M., Miner, S.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–438. Springer, Heidelberg (1999)Google Scholar
  4. [Bo81]
    Booth, K.S.: Authentication of signatures using public key encryption. Communications of the ACM 24(11), 772–774 (1981)CrossRefGoogle Scholar
  5. [Co00]
    Cooper, D.: A more efficient use of delta-CRLs. In: Proceedings of 2000 IEEE Symposium on Security and Privacy, Oakland, California, pp. 190–202 (May 2000)Google Scholar
  6. [ISO13888-1]
    ISO/IEC 13888-1. Information technology - Security techniques -Non-repudiation - Part 1: General. ISO/IEC (1997)Google Scholar
  7. [IR01]
    Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 332–354. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. [IR02]
    Itkis, G., Reyzin, L.: SiBIR: Signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. [Ko98]
    Kocher, P.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. [Kr00]
    Krawczyk, H.: Simple forward-secure signatures from any signature scheme. In: Proceedings of 7th ACM Conference on Computer and Communications Security, Athens, Greece, pp. 108–115 (November 2000)Google Scholar
  11. [La81]
    Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981)CrossRefMathSciNetGoogle Scholar
  12. [Mi01]
    Micali, S.: Certificate revocation system. US Patent 6292893 (September 2001)Google Scholar
  13. [MJ00]
    McDaniel, P., Jamin, S.: Windowed certificate revocation. In: Proceedings of IEEE INFOCOM 2000, Tel-Aviv, Israel, pp. 1406–1414 (March 2000)Google Scholar
  14. [NN98]
    Naor, M., Nissim, K.: Certificate revocation and certificate update. In: Proceedings 7th USENIX Security Symposium, San Antonio, Texas (January 1998)Google Scholar
  15. [RFC2459]
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. RFC 2459 (January 1999)Google Scholar
  16. [RFC2560]
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X. 509 Internet public key infrastructure on-line certificate status protocol (OCSP). RFC 2560 (June 1999)Google Scholar
  17. [RFC3161]
    Admas, C., Cain, P., Pinkas, D., Zuccherato, R.: Internet X. 509 public key infrastructure time-stamp protocol (TSP). RFC 3161 (August 2001)Google Scholar
  18. [WLM00]
    Wright, R., Lincoln, P., Millen, J.: Efficient fault-tolerant certificate revocation. In: Proceedings of 7th ACM Conference on Computer and Communications Security, Athens, Greece, pp. 19–24 (November 2000)Google Scholar
  19. [Zh01]
    Zhou, J.: Non-repudiation in electronic commerce. Computer Security Series. Artech House (2001)Google Scholar
  20. [Zh02]
    Zhou, J.: Maintaining the validity of digital signatures in B2B applications. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 303–315. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. [ZBD02]
    Zhou, J., Bao, F., Deng, R.: NewPKI. Internal document (2002)Google Scholar
  22. [ZL99]
    Zhou, J., Lam, K.Y.: Securing digital signatures for nonrepudiation. Computer Communications 22(8), 710–716 (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Jianying Zhou
    • 1
  1. 1.Institute for Infocomm ResearchSingapore

Personalised recommendations