Paper 1998/012

Maintaining Authenticated Communication in the Presence of Break-ins

Ran Canetti, Shai Halevi, and Amir Herzberg


We study the problem of maintaining authenticated communication over untrusted communication channels, in a scenario where the communicating parties may be occasionally and repeatedly broken into for transient periods of time. Once a party is broken into, its cryptographic keys are exposed and perhaps modified. Yet, we want parties whose security is thus compromised to regain their ability to communicate in an authenticated way aided by other parties. In this work we present a mathematical model for this highly adversarial setting, exhibiting salient properties and parameters, and then describe a practically-appealing protocol for the task of maintaining authenticated communication in this model. A key element in our solution is devising {\em proactive distributed signature (PDS) schemes} in our model. Although PDS schemes are known in the literature, they are all designed for a model where authenticated communication and broadcast primitives are available. We therefore show how these schemes can be modified to work in our model, where no such primitives are available a-priori. In the process of devising the above schemes, we also present a new definition of PDS schemes (and of distributed signature schemes in general). This definition may be of independent interest.

Available format(s)
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Authentication protocolsbreak insrecoverydistributed signaturesproactive protocols.
Contact author(s)
canetti @ watson ibm com
1998-04-22: received
Short URL
Creative Commons Attribution


      author = {Ran Canetti and Shai Halevi and Amir Herzberg},
      title = {Maintaining Authenticated Communication in the Presence of Break-ins},
      howpublished = {Cryptology ePrint Archive, Paper 1998/012},
      year = {1998},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.