Cryptology ePrint Archive: Report 2016/1016

Deterring Certificate Subversion: Efficient Double-Authentication-Preventing Signatures

Mihir Bellare and Bertram Poettering and Douglas Stebila

Abstract: This paper presents highly efficient designs of double authentication preventing signatures (DAPS). In a DAPS, signing two messages with the same first part and differing second parts reveals the signing key. In the context of PKIs we suggest that CAs who use DAPS to create certificates have a court-convincing argument to deny big-brother requests to create rogue certificates, thus deterring certificate subversion. We give two general methods for obtaining DAPS. Both start from trapdoor identification schemes. We instantiate our transforms to obtain numerous specific DAPS that, in addition to being efficient, are proven with tight security reductions to standard assumptions. We implement our DAPS schemes to show that they are not only several orders of magnitude more efficient than prior DAPS but competitive with in-use signature schemes that lack the double authentication preventing property.

Category / Keywords: public-key cryptography / signatures, subversion, mass surveillance, implementation

Date: received 25 Oct 2016

Contact author: stebilad at mcmaster ca

Available format(s): PDF | BibTeX Citation

Version: 20161027:210925 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]