On the security of two key-updating signature schemes

Authors:
Xingyang Guo;Quan Zhang;Chaojing Tang
Affiliations:
School of Electronic Science and Engineering, National University, of Defense Technology, P.R. China;School of Electronic Science and Engineering, National University, of Defense Technology, P.R. China;School of Electronic Science and Engineering, National University, of Defense Technology, P.R. China
Venue:
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Year:
2005

Citing 7
Cited 0

A Forward-Secure Digital Signature Scheme

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Forward-Secure Signatures with Optimal Signing and Verifying

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Key-Insulated Public Key Cryptosystems

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
A New Forward-Secure Digital Signature Scheme

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Strong Key-Insulated Signature Schemes

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
SiBIR: Signer-Base Intrusion-Resilient Signatures

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Forward-secure signatures with fast key update

SCN'02 Proceedings of the 3rd international conference on Security in communication networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In ICICS 2004, Gonzalez-Deleito, Markowitch and Dall’Olio proposed an efficient strong key-insulated signature scheme. They claimed that it is (N–1,N)-key-insulated, i.e., the compromise of the secret keys for even N–1 time periods does not expose the secret keys for the remaining time period. But in this paper, we demonstrate an attack and show that an adversary armed with the signing keys for any two time periods can derive the signing key for any of the remaining time periods with high probability. In a second attack, the adversary may be able to forge signatures for many remaining time periods without computing the corresponding signing keys. A variant forward-secure signature scheme was also presented in ICICS 2004 and claimed more robust than traditional forward-secure signature schemes. But we find that the scheme has two similar weaknesses. We give the way how to repair the two schemes in this paper.