Paper 2013/333
Double-authentication-preventing signatures
Bertram Poettering and Douglas Stebila
Abstract
Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a malicious or coerced authority can make multiple certifications for the same subject but different objects. We propose the notion of a \emph{double-authentication-preventing signature}, in which a value to be signed is split into two parts: a \emph{subject} and a \emph{message}. If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property prevents, or at least strongly \emph{discourages}, signers misbehaving. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using the group of sign-agnostic quadratic residues modulo a Blum integer.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- digital signaturesdouble signaturesforgeabilityextractabilitydishonest signertwo-to-one trapdoor functions
- Contact author(s)
- stebila @ qut edu au
- History
- 2016-01-18: last of 3 revisions
- 2013-06-03: received
- See all versions
- Short URL
- https://ia.cr/2013/333
- License
-
CC BY