Paper 2003/234

Generalized Key-Evolving Signature Schemes or How to Foil an Armed Adversary

Gene Itkis and Peng Xie


Key exposures, known or inconspicuous, are a real security threat. Recovery mechanisms from such exposures are required. For digital signatures such a recovery should ideally ---and when possible--- include invalidation of the signatures issued with the compromised keys. We present new signature schemes with such recovery capabilities. We consider two models for key exposures: full and partial reveal. In the first, a key exposure reveals {\em all} the secrets currently existing in the system. This model is suitable for the pessimistic inconspicuous exposures scenario. The partial reveal model permits the signer to conceal some information under exposure: e.g., under coercive exposures the signer is able to reveal a ``fake'' secret key. We propose a definition of {\em generalized key-evolving signature scheme}, which unifies forward-security and security against the coercive and inconspicuous key exposures (previously considered separately \cite{BM99,NPT02-mono,I02-TE}). The new models help us address repudiation problems inherent in the monotone signatures \cite{NPT02-mono}, and achieve performance improvements.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
itkis @ cs bu edu
xp @ cs bu edu
2003-11-10: received
Short URL
Creative Commons Attribution


      author = {Gene Itkis and Peng Xie},
      title = {Generalized Key-Evolving Signature Schemes or How to Foil an Armed Adversary},
      howpublished = {Cryptology ePrint Archive, Paper 2003/234},
      year = {2003},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.