Skip to main content
SpringerLink
Log in

Intrusion-Resilient Signatures: Generic Constructions, or Defeating Strong Adversary with Minimal Assumptions

  • Conference paper
  • First Online:
Book cover Security in Communication Networks (SCN 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2576))

Included in the following conference series:

Abstract

Signer-Base Intrusion-Resilient (SiBIR) signature schemes were defined in [IR02]. In this model, as in the case of forward security, time is divided into predefined time periods (e.g., days); each signature includes the number of the time period in which it was generated; while the public key remains the same, the secret keys evolve with time. In addition, in SiBIR model, the user has two modules, signer and home base: the former generates all signatures on its own, and the latter is needed only to help update the signer’s key from one time period to the next.

The main strength of the intrusion-resilient schemes, is that they remain secure even after arbitrarily many compromises of both modules, as long as the compromises are not simultaneous. Moreover, even if the intruder does compromise both modules simultaneously, she will still be unable to generate any signatures for the previous time periods (i.e., the forward security is guaranteed even in the case of simultaneous exposures). This paper provides the first generic implementation, called gSiBIR, of the intrusion-resilient signature schemes: it can be based on any ordinary signature scheme used as a black-box. gSiBIR is also the first SiBIR scheme secure against fully-adaptive adversary and does not require random oracle. Our construction does require one-way (and cryptographic hash) functions.

Another contribution of this paper is a new mechanism extending treebased constructions such as gSiBIR and that of [BM99] to avoid the limit on the total number of periods (required by [IR02] and many forwardsecure ones). This mechanism is based on explicit use of prefixless (or selfdelimiting) encodings. Applied to the generic forward-secure singature constructions of [BM99],[MMM02], it extends the first and yields modest but noticable improvements to the second. With this mechanism, gSiBIR becomes the first generic intrusion-resilient signature scheme with no limit on the number of periods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ross Anderson. Invited lecture. Fourth Annual Conference on Computer and Communications Security, ACM (see http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/forwardsecure_OnlinePDF.pdf), 1997.

  2. Michel Abdalla and Leonid Reyzin. A new forward-secure digital signature scheme. In Tatsuaki Okamoto, editor, Advances in Cryptology-ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 116–129, Kyoto, Japan, 3-7 December 2000. Springer-Verlag. Full version available from the Cryptology ePrint Archive, record 2000/002, http://eprint.iacr.org/.

    Chapter  Google Scholar 

  3. Mihir Bellare and Sara Miner. A forward-secure digital signature scheme. In Michael Wiener, editor, Advances in Cryptology-CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 431–448. Springer-Verlag, 15-19 August 1999. Revised version is available from http://www.cs.ucsd.edu/~mihir/.

    Chapter  Google Scholar 

  4. Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Keyinsulated public key cryptosystems. In Knudsen [Knu02].

    Google Scholar 

  5. Oded Goldreich, Shafi Goldwasser, and Silvio Micali. How to construct random functions. Journal of the ACM, 33(4):792–807, October 1986.

    Article  MathSciNet  Google Scholar 

  6. Louis Claude Guillou and Jean-Jacques Quisquater. A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In Shafi Goldwasser, editor, Advances in Cryptology-CRYPTO’ 88, volume 403 of Lecture Notes in Computer Science, pages 216–231. Springer-Verlag, 1990, 21-25 August 1988.

    Chapter  Google Scholar 

  7. Amir Herzberg, Markus Jakobsson, Stanisłlaw Jarecki, Hugo Krawczyk, and Moti Yung. Proactive public key and signature systems. In Fourth ACM Conference on Computer and Communication Security, pages 100–110. ACM, April 1-4 1997.

    Google Scholar 

  8. G. Itkis and L. A. Levin. Power of fast VLSI models is insensitive to wires’ thinness. In 30th Annual Symposium on Foundations of Computer Science, pages 402–407, Research Triangle Park, North Carolina, 30 October-1 November 1989. IEEE.

    Google Scholar 

  9. Gene Itkis and Leonid Reyzin. Forward-secure signatures with optimal signing and verifying. In Joe Kilian, editor, Advances in Cryptology-CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 332–354. Springer-Verlag, 19–23 August 2001.

    Chapter  Google Scholar 

  10. Gene Itkis and Leonid Reyzin. Intrusion-resilient signatures, or towards obsoletion of certificate revocation. In Moti Yung, editor, Advances in Cryptology-CRYPTO 2002, Lecture Notes in Computer Science. Springer-Verlag, 18–22 August 2002. Available from http://eprint.iacr.org/2002/054/.

    Google Scholar 

  11. Lars Knudsen, editor. Advances in Cryptology-EUROCRYPT 2002, Lecture Notes in Computer Science. Springer-Verlag, 28 April-2 May 2002.

    MATH  Google Scholar 

  12. Hugo Krawczyk. Simple forward-secure signatures from any signature scheme. In Seventh ACM Conference on Computer and Communication Security. ACM, November 1-4 2000.

    Google Scholar 

  13. Leslie Lamport. Constructing digital signatures from a one way function. Technical Report CSL-98, SRI International, October 1979.

    Google Scholar 

  14. Leonid A. Levin. On the concept of a random sequence, in Russian). Doklady Akademii Nauk SSSR (Proceedings of National Academy of Science of USSR), 5(14):1413–1416, 1973.

    Google Scholar 

  15. Leonid A. Levin. Laws of information conservation (non-growth) and aspects of the foundations of probability theory, in Russian). Problemy Peredachi Informatsii, 3(10):206–210, 1974.

    Google Scholar 

  16. Ming Li and Paul Vitányi. An Introduction to Kolmogorov Complexity and Its Applications. Springer-Verlag, 1993.

    Google Scholar 

  17. Ralph C. Merkle. A digital signature based on a conventional encryption function. In Carl Pomerance, editor, Advances in Cryptology-CRYPTO’ 87, volume 293 of Lecture Notes in Computer Science, pages 369–378. Springer-Verlag, 1988, 16-20 August 1987.

    Google Scholar 

  18. Ralph C. Merkle. A certified digital signature. In G. Brassard, editor, Advances in Cryptology-CRYPTO’ 89, volume 435 of Lecture Notes in Computer Science, pages 218–238. Springer-Verlag, 1990, 20-24 August 1989.

    Chapter  Google Scholar 

  19. Tal Malkin, Daniele Micciancio, and Sara Miner. Efficient generic forwardsecure signatures with an unbounded number of time periods. In Knudsen [Knu02].

    Google Scholar 

  20. Moni Naor and Moti Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing. (May 15-17 1989: Seattle, WA, USA), pages 33–43, New York, NY 10036, USA, 1989. ACM Press.

    Google Scholar 

  21. Rafail Ostrovsky and Moti Yung. How to withstand mobile virus attacks. In 10-th Annual ACM Symp. on Principles of Distributed Computing, pages 51–59, 1991.

    Google Scholar 

  22. A.C. Yao. Protocols for secure computations. In 23rd Annual Symposium on Foundations of Computer Science, pages 160–164, Chicago, Illinois, 3-5 November 1982. IEEE.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Boston University Computer Science Dept., 111 Cummington St., 02215, Boston, MA, USA

    Gene Itkis

Authors
  1. Gene Itkis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica ed Applicazioni, Università di Salerno, Via S. Allende, 84081, Baronissi (SA), Italy

    Stelvio Cimato  & Giuseppe Persiano  & 

  2. Dept. of Computer Engineering and Informatics, Computer Technology Institute and University of Patras, 26500, Rio, Greece

    Clemente Galdi

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Itkis, G. (2003). Intrusion-Resilient Signatures: Generic Constructions, or Defeating Strong Adversary with Minimal Assumptions. In: Cimato, S., Persiano, G., Galdi, C. (eds) Security in Communication Networks. SCN 2002. Lecture Notes in Computer Science, vol 2576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36413-7_8

Download citation

  • DOI: https://doi.org/10.1007/3-540-36413-7_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00420-2

  • Online ISBN: 978-3-540-36413-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation