Paper 2007/264
The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks
Thomas Ristenpart and Scott Yilek
Abstract
Multiparty signature protocols need protection against rogue-key attacks, made possible whenever an adversary can choose its public key(s) arbitrarily. For many schemes, provable security has only been established under the knowledge of secret key (KOSK) assumption where the adversary is required to reveal the secret keys it utilizes. In practice, certifying authorities rarely require the strong proofs of knowledge of secret keys required to substantiate the KOSK assumption. Instead, proofs of possession (POPs) are required and can be as simple as just a signature over the certificate request message. We propose a general registered key model, within which we can model both the KOSK assumption and in-use POP protocols. We show that simple POP protocols yield provable security of Boldyreva's multisignature scheme [11], the LOSSW multisignature scheme [28], and a 2-user ring signature scheme due to Bender, Katz, and Morselli [10]. Our results are the first to provide formal evidence that POPs can stop rogue-key attacks.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Preliminary version appears in Eurocrypt 2007.
- Keywords
- Proofs of possessionPKImultisignaturesring signaturesbilinear maps
- Contact author(s)
- tristenp @ cs ucsd edu
- History
- 2007-07-09: received
- Short URL
- https://ia.cr/2007/264
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/264,
author = {Thomas Ristenpart and Scott Yilek},
title = {The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks},
howpublished = {Cryptology {ePrint} Archive, Paper 2007/264},
year = {2007},
url = {https://eprint.iacr.org/2007/264}
}
