Abstract
One of the fundamental ideas of the framework of electronic signatures defined in EU Directive 1999/93/WE is “sole control” over signature creation data. For a long time “sole control” has been understood as using black-box devices for which a certain third party has issued a certificate, whereas the signer was supposed to trust blindly the authorities and certification bodies. This has been claimed as the only feasible solution.
Recent advances in technology and development of verifiable systems show that it is possible to provide systems such that the signer has much more control over the signing process and can really maintain control over the signature creation data. The main idea is that breaches in the system cannot be excluded but if they occur, then the signer can provide evidence of a fraud of a third party.
Supported by Polish Ministry of Science and Higher Education fund for research & development in years 2009/2011, grant No. O R00 0015 07. The first and second authors have been supported by Foundation for Polish Science, “Mistrz” Programme.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
European Parliament and the European Council: Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures. Official Journal of the European Communities L(13) (January 19, 2000)
Wer ist der befugte vierte. Der Spiegel 36 (1996)
Klein, A.: Attacks on the RC4 stream cipher. Des. Codes Cryptography 48(3), 269–286 (2008)
Biryukov, A., Shamir, A., Wagner, D.: Real Time Cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001)
Konstantinou, E., Liagkou, V., Spirakis, P.G., Stamatiou, Y.C., Yung, M.: Electronic national lotteries. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 147–163. Springer, Heidelberg (2004)
Young, A., Yung, M.: The dark side of “Black-box” cryptography, or: Should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)
Young, A., Yung, M.: A Space Efficient Backdoor in RSA and Its Applications. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 128–143. Springer, Heidelberg (2006)
Handschuh, H., Naccache, D., Paillier, P., Tymen, C.: Provably secure chipcard personalization, or, how to fool malicious insiders. In: CARDIS, USENIX (2002)
Polish Parliament: Electronic Signature Act. Dziennik Ustaw 130(1450) (September 18, 2001)
Bleumer, G.: Fail-stop signature. In: van Tilborg, H.C.A. (ed.) Encyclopedia of Cryptography and Security. Springer, Heidelberg (2005)
Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: Instantenous revocation of security capabilities. In: USENIX Security Symposium (2001)
Polish Parliament: Ustawa od dowodach osobistych (act on personal identity documents). Dziennik Ustaw 167(1131) (2010)
Initiative: PKI 2.0 (2011), http://www.pki2.pl
Nicolosi, A., Krohn, M.N., Dodis, Y., Mazières, D.: Proactive two-party signatures for user authentication. In: NDSS. The Internet Society (2003)
Błaśkiewicz, P., Kubiak, P., Kutyłowski, M.: Digital signatures for e-government – a long-term security architecture. China Communications 7(6) (2010)
Błaśkiewicz, P., Kubiak, P., Kutyłowski, M.: Two-head dragon. clone-fail signature creation devices. In: Chen, L. (ed.) INTRUST 2010. LNCS, vol. 6802, pp. 173–188. Springer, Heidelberg (2011)
Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
Rohde, S., Eisenbarth, T., Dahmen, E., Buchmann, J., Paar, C.: Fast Hash-Based Signatures on Constrained Devices. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 104–117. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kutyłowski, M., Błaśkiewicz, P., Krzywiecki, Ł., Kubiak, P., Paluszyński, W., Tabor, M. (2011). Technical and Legal Meaning of “Sole Control” – Towards Verifiability in Signing Systems. In: Abramowicz, W., Maciaszek, L., Węcel, K. (eds) Business Information Systems Workshops. BIS 2011. Lecture Notes in Business Information Processing, vol 97. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25370-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-25370-6_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25369-0
Online ISBN: 978-3-642-25370-6
eBook Packages: Computer ScienceComputer Science (R0)