Cryptology ePrint Archive: Report 2004/372
On The Security of Two Key-Updating Signature Schemes
Abstract: In ICICS 2004, Gonzalez-Deleito, Markowitch and Dall'Olio proposed an efficient strong key-insulated signature scheme. They claimed that it is (N-1,N)-key-insulated, i.e., the compromise of the secret keys for arbitrarily many time periods does not expose the secret keys for any of the remaining time periods. But in this paper, we demonstrate an attack and show that an adversary armed with the signing keys for any two time periods can compute the signing keys for the remaining time periods except for some very special cases. In a second attack, the adversary can forge signatures for many remaining time periods without computing the corresponding signing keys. Therefore it is only equivalent to a (1,N)-key-insulated signature scheme. A variant forward-secure signature scheme was also presented in ICICS 2004 and claimed more robust than traditional forward-secure signature schemes. But we find that the scheme has two similar weaknesses. We try to repair the two schemes in this paper.
Category / Keywords: digital signautre, key-insulated, forward-secure, cryptanalysis
Date: received 27 Dec 2004, last revised 3 Feb 2005, withdrawn 3 Feb 2005
Contact author: saga_gxy at sina com saga_gxy@163 com
Available formats: (-- withdrawn --)
Note: New attacks are found on the schemes in ICICS 2004. Therefore the improved schemes in the previous report must be revised.
Version: 20050204:055322 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]