Paper 1999/016

A forward-secure digital signature scheme

Mihir Bellare and Sara Miner


We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a <i>forward security</i> property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.

Available format(s)
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Digital signaturesforward securityidentificationfactoring.
Contact author(s)
mihir @ cs ucsd edu
1999-07-13: received
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Sara Miner},
      title = {A forward-secure digital signature scheme},
      howpublished = {Cryptology ePrint Archive, Paper 1999/016},
      year = {1999},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.