Cryptology ePrint Archive: Report 2003/234

Generalized Key-Evolving Signature Schemes or How to Foil an Armed Adversary

Gene Itkis and Peng Xie

Abstract: Key exposures, known or inconspicuous, are a real security threat. Recovery mechanisms from such exposures are required. For digital signatures such a recovery should ideally ---and when possible--- include invalidation of the signatures issued with the compromised keys. We present new signature schemes with such recovery capabilities. We consider two models for key exposures: full and partial reveal. In the first, a key exposure reveals {\em all} the secrets currently existing in the system. This model is suitable for the pessimistic inconspicuous exposures scenario. The partial reveal model permits the signer to conceal some information under exposure: e.g., under coercive exposures the signer is able to reveal a ``fake'' secret key. We propose a definition of {\em generalized key-evolving signature scheme}, which unifies forward-security and security against the coercive and inconspicuous key exposures (previously considered separately \cite{BM99,NPT02-mono,I02-TE}). The new models help us address repudiation problems inherent in the monotone signatures \cite{NPT02-mono}, and achieve performance improvements.

Category / Keywords: secret-key cryptography /

Date: received 10 Nov 2003

Contact author: {itkis,xp} at cs bu edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20031110:183140 (All versions of this report)

Short URL: ia.cr/2003/234

Discussion forum: Show discussion | Start new discussion