Cryptology ePrint Archive: Report 2013/333

Double-authentication-preventing signatures

Bertram Poettering and Douglas Stebila

Abstract: Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a malicious or coerced authority can make multiple certifications for the same subject but different objects. We propose the notion of a \emph{double-authentication-preventing signature}, in which a value to be signed is split into two parts: a \emph{subject} and a \emph{message}. If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property prevents, or at least strongly \emph{discourages}, signers misbehaving. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using the group of sign-agnostic quadratic residues modulo a Blum integer.

Category / Keywords: public-key cryptography / digital signatures, double signatures, forgeability, extractability, dishonest signer, two-to-one trapdoor functions

Date: received 29 May 2013

Contact author: stebila at qut edu au

Available format(s): PDF | BibTeX Citation

Version: 20130603:132920 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]