Cryptology ePrint Archive: Report 2019/390

KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures

Michael Specter and Sunoo Park and Matthew Green

Abstract: Email breaches are commonplace, and they expose a wealth of personal, business, and political data whose release may have devastating consequences. Such damage is compounded by email’s strong attributability: today, any attacker who gains access to your email can easily prove to others that the stolen messages are authentic, a property arising from a necessary anti-spam/anti-spoofing protocol called DKIM. This greatly increases attackers’ capacity to do harm by selling the stolen information to third parties, blackmail, or publicly releasing intimate or sensitive messages — all with built-in cryptographic proof of authenticity.

This paper introduces non-attributable email, which guarantees that a wide class of adversaries are unable to convince discerning third parties of the authenticity of stolen emails. We formally define non-attributability, and present two system proposals — KeyForge and TimeForge — that provably achieve non-attributability while maintaining the important spam/spoofing protections currently provided by DKIM. Finally, we implement both and evaluate their speed and bandwidth performance overhead. We demonstrate the practicality of KeyForge, which achieves reasonable verification overhead while signing faster and requiring 42% less bandwidth per message than DKIM’s RSA-2048.

Category / Keywords: cryptographic protocols / deniability, key management, public-key cryptography, digital signatures, applications

Date: received 12 Apr 2019, last revised 31 Aug 2020

Contact author: specter at mit edu

Available format(s): PDF | BibTeX Citation

Version: 20200831:232505 (All versions of this report)

Short URL: ia.cr/2019/390


[ Cryptology ePrint archive ]