Abstract
In non-repudiation services where digital signatures usually serve as irrefutable cryptographic evidence for dispute resolution, trusted time-stamping and certificate revocation services, although very costly in practice, must be available, to prevent big loss due to compromising of the signing key. In [12], a new concept called intrusion-resilient signature was proposed to get rid of trusted time-stamping and certificate revocation services and a concrete scheme was presented. In this paper, we put forward a new scheme that can achieve the same effect in a much more efficient way. In our scheme, forward-secure signature serves as a building block that enables signature validation without trusted time-stamping, and a one-way hash chain is employed to control the validity of public-key certificates without the CA’s involvement for certificate revocation. We adopt a model similar to the intrusion-resilient signature in [12], where time is divided into predefined short periods and a user has two modules, signer and home base. The signer generates forward-secure signatures on his own while the home base manages the validity of the signer’s public-key certificate with a one-way hash chain. The signature verifier can check the validity of signatures without retrieving the certificate revocation information from the CA. Our scheme is more robust in the sense that loss of synchronization between the signer and the home base could be recovered in the next time period while it is unrecoverable in [12]. Our scheme is also more flexible in the real implementation as it allows an individual user to control the validity of his own certificate without using the home base.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Reyzin, L.: A new forward-secure digital signature scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 116–129. Springer, Heidelberg (2000)
Admas, C., Cain, P., Pinkas, D., Zuccherato, R.: Internet X.509 public key infrastructure time-stamp protocol (TSP). RFC 3161 (August 2001)
Akl, S.G.: Digital signatures: a tutorial survey. Computer 16(2), 15–24 (1983)
Bellare, M., Miner, S.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–438. Springer, Heidelberg (1999)
Bellovin, S., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proceedings of 1992 IEEE Symposium on Security and Privacy, pp. 72–84, Oakland, California (May 1992)
Booth, K.S.: Authentication of signatures using public key encryption. Communications of the ACM 24(11), 772–774 (1981)
DeMillo, R., Merritt, M.: Protocols for data security. Computer 16(2), 39–50 (1983)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong key-insulated signature schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 130–144. Springer, Heidelberg (2003)
Guillou, L.C., Quisquater, J.J.: A paradoxical identity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1988)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. RFC 2459 (January 1999)
Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 332–354. Springer, Heidelberg (2001)
Itkis, G., Reyzin, L.: SiBIR: Signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)
ITU-T. Information technology – Open systems interconnection – The directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509(V4) (2000)
Kozlov, A., Reyzin, L.: Forward-secure signatures with fast key update. In: Proceedings of 3rd Conference on Security in Communication Networks, Amalfi, Italy (September 2002)
Krawczyk, H.: Simple forward-secure signatures from any signature scheme. In: Proceedings of 7th ACM Conference on Computer and Communications Security, pp. 108–115, Athens, Greece (November 2000)
Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signature with an unbounded number of time period. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 400–417. Springer, Heidelberg (2002)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet public key infrastructure on-line certificate status protocol (OCSP). RFC 2560 (June 1999)
Sella, Y.: On the computation-storage trade-offs of hash chain traversal. In: Proceedings of 2003 Financial Cryptography, Gosier, Guadeloupe, LNCS (January 2003)
Song, D.: Practical forward secure group signature schemes. In: Proceedings of 8th ACM Conference on Computer and Communication Security, pp. 225–234, Philadelphia (November 2001)
Wu, T.: The secure remote password protocol. In: Proceedings of 1998 Internet Society Network and Distributed System Security Symposium, pp. 97–111, San Diego, California (March 1998)
Zhou, J.: Non-repudiation in electronic commerce. Computer Security Series, Artech House (2001)
Zhou, J.: Maintaining the validity of digital signatures in B2B applications. In: Proceedings of 2002 Australasian Conference on Information Security and Privacy, Melbourne, Australia, July 2002. LNCS, pp. 303–315 (2002)
Zhou, J., Lam, K.Y.: Securing digital signatures for non-repudiation. Computer Communications 22(8), 710–716 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, J., Bao, F., Deng, R. (2003). Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_8
Download citation
DOI: https://doi.org/10.1007/10958513_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive