On the Security of Two Key-Updating Signature Schemes
In ICICS 2004, Gonzalez-Deleito, Markowitch and Dall’Olio proposed an efficient strong key-insulated signature scheme. They claimed that it is (N–1,N)-key-insulated, i.e., the compromise of the secret keys for even N–1 time periods does not expose the secret keys for the remaining time period. But in this paper, we demonstrate an attack and show that an adversary armed with the signing keys for any two time periods can derive the signing key for any of the remaining time periods with high probability. In a second attack, the adversary may be able to forge signatures for many remaining time periods without computing the corresponding signing keys. A variant forward-secure signature scheme was also presented in ICICS 2004 and claimed more robust than traditional forward-secure signature schemes. But we find that the scheme has two similar weaknesses. We give the way how to repair the two schemes in this paper.
KeywordsSuccess Probability Signature Scheme Valid Signature Secure Device Current Time Period
Unable to display preview. Download preview PDF.
- 2.Anderson, R.: Two remarks on public key cryptology. In: Invited lecture, 4th Conference on Computer and Communications Security, ACM, New York (1997)Google Scholar
- 3.Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)Google Scholar