Abstract
We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
R. Anderson, Invited lecture, Fourth Annual Conference on Computer and Communications Security, ACM, 1997.
M. Bellare and S. Miner, “A forward-secure digital signature scheme,” Full version of this paper, available via http://www-cse.ucsd.edu/users/mihir.
M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” Proceedings of the First Annual Conference on Computer and Communications Security, ACM, 1993.
M. Bellare and P. Rogaway, “The exact security of digital signatures: How to sign with RSA and Rabin,” Advances in Cryptology-Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.
G. R. Blakley, “Safeguarding cryptographic keys.” Proceedings of AFIPS 1979 National Computer Conference, AFIPS, 1979.
L. Blum, M. Blum and M. Shub, “A simple unpredictable pseudo-random number generator,” SIAM Journal on Computing Vol. 15, No. 2, 364–383, May 1986.
Y. Desmedt and Y. Frankel, “Threshold cryptosystems.” Advances in Cryptology-Crypto 89 Proceedings, Lec. Notes in Comp. Sci. Vol. 435, G. Brassard ed., Springer-Verlag, 1989.
W. Diffie, P. van Oorschot and M. Wiener, “Authentication and authenticated key exchanges,” Designs, Codes and Cryptography, 2, 107–125 (1992).
U. Feige, A. Fiat, and A. Shamir, “Zero-knowledge proofs of identity,” J. of Cryptology, 1(1988), 77–94.
A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” Advances in Cryptology-Crypto 86 Proceedings, Lec. Notes in Comp. Sci. Vol. 263, A. Odlyzko ed., Springer-Verlag, 1986.
S. Goldwasser, S. Micali and R. Rivest, “A digital signature scheme secure against adaptive chosen-message attacks,” SIAM Journal of Computing, Vol. 17, No. 2, pp. 281–308, April 1988.
C. Gunther, “An identity-based key-exchange protocol,” Advances in Cryptology-Eurocrypt 89 Proceedings, Lec. Notes in Comp. Sci. Vol. 434, J-J. Quisquater, J. Vandewille ed., Springer-Verlag, 1989.
S. Haber and W. Stornetta, “How to Time-Stamp a Digital Document,” Advances in Cryptology-Crypto 90 Proceedings, Lec. Notes in Comp. Sci. Vol. 537, A. J. Menezes and S. Vanstone ed., Springer-Verlag, 1990.
A Herzberg, M. Jakobsson, S. Jarecki, H Krawczyk and M. Yung, “Proactive public key and signature schemes,” Proceedings of the Fourth Annual Conference on Computer and Communications Security, ACM, 1997.
K. Ohta and T. Okamoto. “On concrete security treatment of signatures derived from identification,” Advances in Cryptology-Crypto 98 Proceedings, Lec. Notes in Comp. Sci. Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.
H. Ong and C. Schnorr, “Fast signature generation with a Fiat-Shamir like scheme,” Advances in Cryptology-Eurocrypt 90 Proceedings, Lec. Notes in Comp. Sci. Vol. 473, I. Damgård ed., Springer-Verlag, 1990.
D. Pointcheval and J. Stern, “Security proofs for signature schemes,” Advances in Cryptology-Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.
A. Shamir, “How to share a secret,” Communications of the ACM, 22(1979), 612–613.
V. Shoup, “On the security of a practical identification scheme,” Advances in Cryptology-Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.
H. Williams, “A Modification of the RSA Public-key Encryption Procedure,” IEEE Transactions on Information Theory, Vol. IT-26, No. 6, 1980, pp. 726–729.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bellare, M., Miner, S.K. (1999). A Forward-Secure Digital Signature Scheme. In: Wiener, M. (eds) Advances in Cryptology — CRYPTO’ 99. CRYPTO 1999. Lecture Notes in Computer Science, vol 1666. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48405-1_28
Download citation
DOI: https://doi.org/10.1007/3-540-48405-1_28
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66347-8
Online ISBN: 978-3-540-48405-9
eBook Packages: Springer Book Archive