Abstract
The availability of fast and reliable Digital Identities is an essential ingredient for the successful implementation of the public-key infrastructure of the Internet. All digital identity schemes must include a method for revoking someone's digital identity in the case that this identity is stolen (or canceled) before its expiration date (similar to the cancelation of a credit-cards in the case that they are stolen). In 1995, S. Micali proposed an elegant method of identity revocation which requires very little communication between users and verifiers in the system. In this paper, we extend his scheme by reducing the overall CA to Directory communication, while still maintaining the same tiny user to vendor communication. We contrast our scheme to other proposals as well.
Part of this work was done while this author visited Bellcore, also partially supported by DIMACS.
Chapter PDF
Keywords
References
W. Diffie, M. Hellman, “New directions in cryptography”, IEEE Trans, on Inf. Theory, IT-22, pp. 644–654, 1976.
S. Even, O. Goldreich and S. Micali “On-line/Off-line Digital Signatures” CRYPTO 1989.
S. Goldwasser, S. Micali “Probabilistic Encryption” JCSS Vol. 28 No. 22. April 1984.
S. Goldwasser, S. Micali, R. Rivest “A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks” SIAM Journal of Computing, Vol. 17, No 2, April 1988, pp. 281–308.
C. Jutla and M. Yung “Paytree: amortized signature for flexible micropayments” In Second USENIX workshop on Electronic Commerce, November 1996.
P. Kocker, “A quick introduction to Certificate Revocation Trees (CRTs),” http://www.valicert.com/company/crt.html.
L. Lamport “Password authentication with insecure communication” Communications of ACM, 24(11):770–771, November 1981.
R. C. Merkle, “A Certified Digital Signature,” Proceedings of Crypto'89, pp. 234–246, 1989.
S. Micali “Enhanced Certificate Revocation System” Technical memo MIT/LCS/TM-542, November 1995. available online URL ftp://ftp-pubs.lcs.mit.edu/pub/lcs-pubs/tm.outbox/
S. Micali “Certificate Revocation System” U.S. Patent number 5666416, issued Sep. 9, 1997.
M. Naor and K. Nissim, “Certificate Revocation and Certificate Update,” Proceedings of USENIX '98.
R. Rivest “The MD5 message-digest algorithm” Internet Request for Comments, April 1992. RFC 1321 available online URL http://theory.lcs.mit.edu/rivest/publications.html
R. Rivest, A. Shamir, L. Adleman “A Method for Obtaining Digital Signature and Public Key Cryptosystems” Comm. ACM, Vol 21, No. 2, 1978.
R. Rivest, B. Lampson “SDSI-A Simple Distributed Security Infrastructure” available online URL http://theory.lcs.mit.edu/ rivest/sdsi10.html
M. Reiter, S. Stubblebine “Towards Acceptable Metrics of Authentication” In Proc. of 1997 IEEE Symposium on Security and Privacy.
VeriSign Corporation, available online URL http://www.verisign.com/
Microsoft “Proposal for Authenticating Code Via the Internet” April 1996, available online URL http://www.eu.microsoft.com/security/tech/authcode/authcode.htm
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aiello, W., Lodha, S., Ostrovsky, R. (1998). Fast digital identity revocation. In: Krawczyk, H. (eds) Advances in Cryptology — CRYPTO '98. CRYPTO 1998. Lecture Notes in Computer Science, vol 1462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055725
Download citation
DOI: https://doi.org/10.1007/BFb0055725
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64892-5
Online ISBN: 978-3-540-68462-6
eBook Packages: Springer Book Archive