Rekeyed Digital Signature Schemes: Damage containment in the face of key exposure

pages

English

Documents

Écrit par
Michel Abdalla

Publié par
profil-meshug-2012

Lire

Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres

pages

English

Documents

Lire

Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres

Publié par

profil-meshug-2012

Nombre de lectures

Langue

English

Niveau: Supérieur, Bac+5
Rekeyed Digital Signature Schemes: Damage-containment in the face of key exposure Michel Abdalla? Mihir Bellare† July 2001 Abstract Motivated by the problem of delegating signing keys to vulnerable mobile devices, we de- fine rekeyed digital signature schemes. We provide an adversary model and a strong notion of security for such schemes, and show that the classic self-certification paradigm, properly imple- mented, provably meets this notion of security. We then suggest altnerative solutions, based on identification schemes, and having certain performance benefits compared to self-certification. Keywords: Digital signatures, key exposure, delegation, forward security, identification schemes, proofs of security. ?Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, California 92093, USA. E-Mail: . URL: Supported by CAPES under Grant BEX3019/95-2. †Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093, USA. E-mail: . URL: Supported in part by a 1996 Packard Foundation Fellowship in Science and Engineering. 1

session key

input pk

digital signature

secret key

primary public

rekeyed encryption

ong-schnorr scheme

public key

associated secret

Voir

Publié par

profil-meshug-2012

Nombre de lectures

Langue

English

RekeyedDigitalSignatureSchemes:
Damage-containmentinthefaceofkeyexposure

MichelAbdalla

MihirBellare
†

July2001

Abstract
Motivatedbytheproblemofdelegatingsigningkeystovulnerablemobiledevices,wede-
nerekeyeddigitalsignatureschemes.Weprovideanadversarymodelandastrongnotionof
securityforsuchschemes,andshowthattheclassicself-certicationparadigm,properlyimple-
mented,provablymeetsthisnotionofsecurity.Wethensuggestaltnerativesolutions,basedon
identicationschemes,andhavingcertainperformancebenetscomparedtoself-certication.

Keywords:
Digitalsignatures,keyexposure,delegation,forwardsecurity,identicationschemes,
proofsofsecurity.

Dept.ofComputerScience&Engineering,UniversityofCaliforniaatSanDiego,9500GilmanDrive,La
Jolla,California92093,USA.E-Mail:
mabdalla@cs.ucsd.edu
.URL:
http://www.michelabdalla.net
.Supported
byCAPESunderGrantBEX3019/95-2.
†
Dept.ofComputerScience&Engineering,UniversityofCaliforniaatSanDiego,9500GilmanDrive,LaJolla,
CA92093,USA.E-mail:
mihir@cs.ucsd.edu
.URL:
http://www-cse.ucsd.edu/users/mihir
.Supportedinpartby
a1996PackardFoundationFellowshipinScienceandEngineering.

Contents

Introduction

Denitions

Theself-certicationscheme

Therekeyediterated-rootscheme

Comparisonoftworekeyedsignatureschemes

ProofofLemma3.2

ProofofLemma4.4

Voir