Validating Digital Signatures without Time-Stamping and Certicate Revocation
|
Abstract:
In non-repudiation services where digital signatures usually serve as irrefutable cryptographic evidence for dispute resolution, trusted time-stamping and certicate revocation services, although very costly in practice, must be available, to prevent big loss due to compromising of the signing key. In [11], a new concept called intrusion-resilient signature was proposed to get rid of trusted time-stamping and certi cate revocation services and a concrete scheme was presented. In this paper, we put forward a new scheme that can achieve the same eect in a much more ecient way. In our scheme, forward-secure signature serves as a building block that enables signature validation without trusted time-stamping, and a one-way hash chain is employed to control the validity of public-key certicates without the CA's involvement for certicate revocation. We adopt a model similar to the intrusionresilient signature in [11], where time is divided into predened short periods and a user has two modules, signer and home base. The signer generates forward-secure signatures on his own while the home base manages the validity of the signer's public-key certicate with a one-way hash chain. The signature verier can check the validity of signatures without retrieving the certicate revocation information from the CA. Our scheme is more robust in the sense that loss of synchronization between the signer and the home base could be recovered in the next time period while it is unrecoverable in [11]. To facilitate the implementation of our signature validation scheme, we further present a new forward-secure signature scheme which is more ecient than all of the existing forward-secure signature schemes.
Citations
| 63 | A new forward-secure digital signature scheme – Abdalla, Reyzin - 2000 |
