{"title":"A generic method of detecting private key disclosure in digital signature schemes","authors":"F. Bao","doi":"10.4108/CHINACOM.2010.138","DOIUrl":null,"url":null,"abstract":"Digital signature is very critical and useful for achieving security features such as authentication, certification, integrity and non-repudiation etc. In digital signature schemes, private keys play the most fundamental role of security and trust. Once a private key is compromised, the key owner loses all of the protection to himself so that he can be impersonated. Hence it is crucial for a private key owner to know whether his key has been stolen. The first study toward detecting private key disclosure is [4], where the schemes based on the time-division and private key updating are presented. The approach is similar to the forward-secure signature in the key-update style. In this paper we propose a completely different approach for a user to detect whether his private key for signing digital signatures is compromised. The solution satisfies the four attractive properties: 1) the user need not possess another cryptographic key and what he has are his private key and a memorable password; 2) the signature schemes are not in the update of the private key in time-divided manner and our method can be applied to the existing signature schemes; 3) although a trusted party (TP) is required in our method, the user and the TP need not share any secret; and 4) the user is stateless, i.e., he does not need to record all the messages and the signatures he has signed before.","PeriodicalId":422191,"journal":{"name":"2010 5th International ICST Conference on Communications and Networking in China","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 5th International ICST Conference on Communications and Networking in China","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/CHINACOM.2010.138","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Digital signature is very critical and useful for achieving security features such as authentication, certification, integrity and non-repudiation etc. In digital signature schemes, private keys play the most fundamental role of security and trust. Once a private key is compromised, the key owner loses all of the protection to himself so that he can be impersonated. Hence it is crucial for a private key owner to know whether his key has been stolen. The first study toward detecting private key disclosure is [4], where the schemes based on the time-division and private key updating are presented. The approach is similar to the forward-secure signature in the key-update style. In this paper we propose a completely different approach for a user to detect whether his private key for signing digital signatures is compromised. The solution satisfies the four attractive properties: 1) the user need not possess another cryptographic key and what he has are his private key and a memorable password; 2) the signature schemes are not in the update of the private key in time-divided manner and our method can be applied to the existing signature schemes; 3) although a trusted party (TP) is required in our method, the user and the TP need not share any secret; and 4) the user is stateless, i.e., he does not need to record all the messages and the signatures he has signed before.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
