Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Fail-stop-Signaturen und ihre Anwendung
VIS '91 Verläßliche Informationssysteme, GI-Fachtagung
SiBIR: Signer-Base Intrusion-Resilient Signatures
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
An Efficient Off-line Electronic Cash System Based On The Representation Problem.
An Efficient Off-line Electronic Cash System Based On The Representation Problem.
Proceedings of the 10th ACM conference on Computer and communications security
Thinking Inside the Box: System-Level Failures of Tamper Proofing
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Expecting the Unexpected: Towards Robust Credential Infrastructure
Financial Cryptography and Data Security
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Kleptography: using cryptography against cryptography
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
How to make efficient fail-stop signatures
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Constructing an ideal hash function from weak ideal compression functions
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
An elliptic curve backdoor algorithm for RSASSA
IH'06 Proceedings of the 8th international conference on Information hiding
Proving tight security for Rabin-Williams signatures
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Multi-property preserving combiners for hash functions
TCC'08 Proceedings of the 5th conference on Theory of cryptography
A space efficient backdoor in RSA and its applications
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
| Hi-index | 0.00 |
Cryptographic techniques based on possession of private keys rely very much on the assumption that the private keys can be used only by the key's owner. As contemporary architectures of operating systems do not provide such a guarantee, special devices such as smart cards and TPM modules are intended to serve as secure storage for such keys. When carefully designed, these devices can be examined and certified as secure devices for holding private keys. However, this approach has a serious drawback: certification procedure is expensive, requires very specialized knowledge and its result cannot be verified independently by an end-user. On the other hand, malicious cryptography techniques can be used to circumvent the security mechanisms installed in a device. Moreover, in practice we often are forced to retreat to solutions such as generation of the private keys outside secure devices. In this case we are forced to trust blindly the parties providing such services. We propose an architecture for electronic signatures and signature creation devices such that in case of key leakage, any use of leaked keys will be detected with a fairly high probability. The main idea is that using the private keys outside the legitimate place leads to disclosure of these keys preventing any claims of validity of signatures in any thinkable legal situation. Our approach is stronger than fail-stop signatures. Indeed, fail-stop signatures protect against derivation of keys via cryptanalysis of public keys, but cannot do anything about key leakage or making a copy of the key by a service provider that generates the key pairs for the clients. Our approach is a simple alternative to the usual attempts to make cryptographic cards and TPM as tamper resistant as possible, that is, to solve the problem alone by hardware means. It also addresses the question of using private keys stored in not highly secure environment without a dramatic redesign of operating systems. It can be used as a stand alone solution, or just as an additional mechanism for building trust of an end-user.