A Forward-Secure Digital Signature Scheme
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Forward-Secure Signatures with Optimal Signing and Verifying
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Key-Insulated Public Key Cryptosystems
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
A New Forward-Secure Digital Signature Scheme
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Strong Key-Insulated Signature Schemes
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
SiBIR: Signer-Base Intrusion-Resilient Signatures
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Forward-secure signatures with fast key update
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Hi-index | 0.00 |
In ICICS 2004, Gonzalez-Deleito, Markowitch and Dall’Olio proposed an efficient strong key-insulated signature scheme. They claimed that it is (N–1,N)-key-insulated, i.e., the compromise of the secret keys for even N–1 time periods does not expose the secret keys for the remaining time period. But in this paper, we demonstrate an attack and show that an adversary armed with the signing keys for any two time periods can derive the signing key for any of the remaining time periods with high probability. In a second attack, the adversary may be able to forge signatures for many remaining time periods without computing the corresponding signing keys. A variant forward-secure signature scheme was also presented in ICICS 2004 and claimed more robust than traditional forward-secure signature schemes. But we find that the scheme has two similar weaknesses. We give the way how to repair the two schemes in this paper.