A protocol to set up shared secret schemes without the assistance of mutually trusted party
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
CRYPTO '89 Proceedings on Advances in cryptology
Global, unpredictable bit generation without broadcast
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
How to share a function securely
STOC '94 Proceedings of the twenty-sixth annual ACM symposium on Theory of computing
Proactive public key and signature systems
Proceedings of the 4th ACM conference on Computer and communications security
How to Time-Stamp a Digital Document
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proactive Secret Sharing Or: How to Cope With Perpetual Leakage
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Robust and Efficient Sharing of RSA Functions
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Efficient Generation of Shared RSA Keys (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Distributed Public Key Cryptosystems
PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Robust threshold DSS signatures
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
A threshold cryptosystem without a trusted party
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
Public-key certificates play an important role in a public-key cryptosystem. In a public-key infrastructure, it is a presupposition that only the issuer of a signature knows the signing key. Since the security of all clients of the CA depends on the secrecy of the CA's signing-key, CA's will pose an attractive target for break-ins[1][2]. Once there is a leakage of information on the signing key, the whole system has to be reconstructed as quickly as possible in order to prevent the spread of damage. However, it requires a long time to reconstruct all certificates, because it involves large computation and communication. In this paper, we present a practical solution to cope with the leakage of the CA's signing-key. In our protocol, two random number generators (RNG) generate distinct random numbers, and combine them to a random number utilized in the signature algorithm and the timestamp which cannot be forged without revealing the secret of both RNG. A verifier can check the timestamp and verify validity and time when the random number has been generated. That is, it is impossible for adversaries to forge arbitrary certificates without revealing the secret of both RNGs. We show a concrete protocol suitable for a digital signature scheme based on the discrete logarithm.