Paper 2004/372
On The Security of Two Key-Updating Signature Schemes
Xingyang Guo
Abstract
In ICICS 2004, Gonzalez-Deleito, Markowitch and Dall'Olio proposed an efficient strong key-insulated signature scheme. They claimed that it is (N-1,N)-key-insulated, i.e., the compromise of the secret keys for arbitrarily many time periods does not expose the secret keys for any of the remaining time periods. But in this paper, we demonstrate an attack and show that an adversary armed with the signing keys for any two time periods can compute the signing keys for the remaining time periods except for some very special cases. In a second attack, the adversary can forge signatures for many remaining time periods without computing the corresponding signing keys. Therefore it is only equivalent to a (1,N)-key-insulated signature scheme. A variant forward-secure signature scheme was also presented in ICICS 2004 and claimed more robust than traditional forward-secure signature schemes. But we find that the scheme has two similar weaknesses. We try to repair the two schemes in this paper.
Note: New attacks are found on the schemes in ICICS 2004. Therefore the improved schemes in the previous report must be revised.
Metadata
- Available format(s)
- -- withdrawn --
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- digital signautrekey-insulatedforward-securecryptanalysis
- Contact author(s)
- History
- 2005-02-04: withdrawn
- 2004-12-29: received
- See all versions
- Short URL
- https://ia.cr/2004/372
- License
-
CC BY