Article

A Forward-Secure Digital Signature Scheme

Authors:

Mihir Bellare and

Sara K. MinerAuthors Info & Claims

CRYPTO '99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology

August 1999

Pages 431 - 448

Published: 15 August 1999 Publication History

Abstract

We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.

References

[1]

R. ANDERSON, Invited lecture, Fourth Annual Conference on Computer and Communications Security, ACM, 1997.

[2]

M. BELLARE AND S. MINER, "A forward-secure digital signature scheme," Full version of this paper, available via http://www-cse.ucsd.edu/users/mihir.

[3]

M. BELLARE AND P. ROGAWAY, "Random oracles are practical: a paradigm for designing efficient protocols," Proceedings of the First Annual Conference on Computer and Communications Security, ACM, 1993.

[4]

M. BELLARE AND P. ROGAWAY, "The exact security of digital signatures: How to sign with RSA and Rabin," Advances in Cryptology - Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.

[5]

G. R. BLAKLEY, "Safeguarding cryptographic keys." Proceedings of AFIPS 1979 National Computer Conference, AFIPS, 1979.

[6]

L. BLUM, M. BLUM AND M. SHUB, "A simple unpredictable pseudo-random number generator," SIAM Journal on Computing Vol. 15, No. 2, 364-383, May 1986.

[7]

Y. DESMEDT AND Y. FRANKEL, "Threshold cryptosystems." Advances in Cryptology - Crypto 89 Proceedings, Lec. Notes in Comp. Sci. Vol. 435, G. Brassard ed., Springer-Verlag, 1989.

[8]

W. DIFFIE, P. VAN OORSCHOT and M. WIENER, "Authentication and authenticated key exchanges," Designs, Codes and Cryptography, 2, 107-125 (1992).

[9]

U. FEIGE, A. FIAT, AND A. SHAMIR, "Zero-knowledge proofs of identity," J. of Cryptology, 1(1988), 77-94.

[10]

A. FIAT AND A. SHAMIR, "How to prove yourself: Practical solutions to identification and signature problems," Advances in Cryptology - Crypto 86 Proceedings, Lec. Notes in Comp. Sci. Vol. 263, A. Odlyzko ed., Springer-Verlag, 1986.

[11]

S. GOLDWASSER, S. MICALI AND R. RIVEST, "A digital signature scheme secure against adaptive chosen-message attacks," SIAM Journal of Computing, Vol. 17, No. 2, pp. 281-308, April 1988.

[12]

C. GÜNTHER, "An identity-based key-exchange protocol," Advances in Cryptology - Eurocrypt 89 Proceedings, Lec. Notes in Comp. Sci. Vol. 434, J-J. Quisquater, J. Vandewille ed., Springer-Verlag, 1989.

[13]

S. HABER AND W. STORNETTA, "How to Time-Stamp a Digital Document," Advances in Cryptology - Crypto 90 Proceedings, Lec. Notes in Comp. Sci. Vol. 537, A. J. Menezes and S. Vanstone ed., Springer-Verlag, 1990.

[14]

A HERZBERG, M. JAKOBSSON, S. JARECKI, H KRAWCZYK AND M. YUNG, "Proactive public key and signature schemes," Proceedings of the Fourth Annual Conference on Computer and Communications Security, ACM, 1997.

[15]

K. OHTA AND T. OKAMOTO. "On concrete security treatment of signatures derived from identification," Advances in Cryptology - Crypto 98 Proceedings, Lec. Notes in Comp. Sci. Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.

[16]

H. ONG AND C. SCHNORR, "Fast signature generation with a Fiat-Shamir like scheme," Advances in Cryptology - Eurocrypt 90 Proceedings, Lec. Notes in Comp. Sci. Vol. 473, I. Damgård ed., Springer-Verlag, 1990.

[17]

D. POINTCHEVAL AND J. STERN, "Security proofs for signature schemes," Advances in Cryptology - Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.

[18]

A. SHAMIR, "How to share a secret," Communications of the ACM, 22(1979), 612-613.

[19]

V. SHOUP, "On the security of a practical identification scheme," Advances in Cryptology - Eurocrypt 96 Proceedings, Lec. Notes in Comp. Sci. Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.

[20]

H. WILLIAMS, "A Modification of the RSA Public-key Encryption Procedure," IEEE Transactions on Information Theory, Vol. IT-26, No. 6, 1980, pp. 726-729.

Cited By

Li XXu JFan XWang YZhang Z(2020)Puncturable Signatures and Applications in Proof-of-Stake Blockchain ProtocolsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.300173815(3872-3885)Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1109/TIFS.2020.3001738
Shikata JWatanabe Y(2019)Identity-based encryption with hierarchical key-insulation in the standard modelDesigns, Codes and Cryptography10.1007/s10623-018-0503-487:5(1005-1033)Online publication date: 1-May-2019
https://dl.acm.org/doi/10.1007/s10623-018-0503-4
Abdalla MBenhamouda FPointcheval D(2019)On the Tightness of Forward-Secure Signature ReductionsJournal of Cryptology10.1007/s00145-018-9283-232:1(84-150)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s00145-018-9283-2
Show More Cited By

Index Terms

A Forward-Secure Digital Signature Scheme

Index terms have been assigned to the content through auto-classification.

Recommendations

Provably Secure Convertible Nominative Signature Scheme
Information Security and Cryptology

Nominative signature, introduced by Kim, Park and Won, is a useful cryptographic primitive to limit the publicly verifiable property of ordinary digital signature. In a nominative signature scheme, a nominator and a nominee jointly generate a signature ...
Read More
Cryptanalysis of an Improved Forward Secure Proxy Signature Scheme
PACIIA '08: Proceedings of the 2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application - Volume 01

In 2005, Wang et al. proposed a forward secure proxy signature scheme ,they claimed that an adversary could not forge the former proxy signature even if proxy signer’s current secret key is lost. However, Zhang et al. pointed out that their scheme is ...
Read More
A Provably Secure Proxy Signature Scheme in Certificateless Cryptography

A proxy signature scheme enables an original signer to delegate its signing capability to a proxy signer and then the proxy signer can sign a message on behalf of the original signer. Recently, in order to eliminate the use of certificates in certified ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CRYPTO '99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology

August 1999

638 pages

ISBN:3540663479

Editor:
Michael J. Wiener

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 15 August 1999

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

110
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Li XXu JFan XWang YZhang Z(2020)Puncturable Signatures and Applications in Proof-of-Stake Blockchain ProtocolsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.300173815(3872-3885)Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1109/TIFS.2020.3001738
Shikata JWatanabe Y(2019)Identity-based encryption with hierarchical key-insulation in the standard modelDesigns, Codes and Cryptography10.1007/s10623-018-0503-487:5(1005-1033)Online publication date: 1-May-2019
https://dl.acm.org/doi/10.1007/s10623-018-0503-4
Abdalla MBenhamouda FPointcheval D(2019)On the Tightness of Forward-Secure Signature ReductionsJournal of Cryptology10.1007/s00145-018-9283-232:1(84-150)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s00145-018-9283-2
Lee KChoi SLee DPark JYung M(2017)Self-updatable encryptionTheoretical Computer Science10.1016/j.tcs.2016.12.027667:C(51-92)Online publication date: 8-Mar-2017
https://dl.acm.org/doi/10.1016/j.tcs.2016.12.027
Xiang TLi XChen FMu YChen XWang XHuang X(2016)Bilateral-secure Signature by Key EvolvingProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897864(523-533)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897864
Watanabe YShikata J(2016)Identity-Based Hierarchical Key-Insulated Encryption Without Random OraclesProceedings, Part I, of the 19th IACR International Conference on Public-Key Cryptography --- PKC 2016 - Volume 961410.1007/978-3-662-49384-7_10(255-279)Online publication date: 6-Mar-2016
https://dl.acm.org/doi/10.1007/978-3-662-49384-7_10
Hesse JHofheinz DRupp A(2016)Reconfigurable CryptographyProceedings, Part I, of the 13th International Conference on Theory of Cryptography - Volume 956210.1007/978-3-662-49096-9_18(416-445)Online publication date: 10-Jan-2016
https://dl.acm.org/doi/10.1007/978-3-662-49096-9_18
Hartung G(2016)Secure Audit Logs with Verifiable ExcerptsProceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 961010.1007/978-3-319-29485-8_11(183-199)Online publication date: 29-Feb-2016
https://dl.acm.org/doi/10.1007/978-3-319-29485-8_11
Khamespanah ESirjani MSabahi Kaviani ZKhosravi RIzadi M(2015)Timed Rebeca schedulability and deadlock freedom analysis using bounded floating time transition systemScience of Computer Programming10.1016/j.scico.2014.07.00598:P2(184-204)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.1016/j.scico.2014.07.005
Oliveira ALópez J(2015)An Efficient Software Implementation of the Hash-Based Signature Scheme MSS and Its VariantsProceedings of the 4th International Conference on Progress in Cryptology -- LATINCRYPT 2015 - Volume 923010.1007/978-3-319-22174-8_20(366-383)Online publication date: 23-Aug-2015
https://dl.acm.org/doi/10.1007/978-3-319-22174-8_20
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents