Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Strong key-insulated signature schemes. In Public Key Cryptography, pages 130--144, 2003.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....Exposure does not imply that the secrets become publicly known. Moreover, nobody except the adversary is aware of the exposure taking place. and references include threshold [DF89,Ped91,BF97] pro active [OY91,HJJ 97,CHH00] remotelykeyed [Bla95,Bla96,Luc97,BFN98] key insulated [DKXY02,DKXY] intrusion resilient [IR02,Itk02] all or nothing protection [CDH 00] etc. In these methods, secrets are typically protected by being distributed (shared among multiple modules) thus minimizing the e ect of partial exposures. In this paper, however, we focus on the total and ....

....Exposure does not imply that the secrets become publicly known. Moreover, nobody except the adversary is aware of the exposure taking place. and references include threshold [DF89,Ped91,BF97] pro active [OY91,HJJ 97,CHH00] remotelykeyed [Bla95,Bla96,Luc97,BFN98] key insulated [DKXY02,DKXY] intrusion resilient [IR02,Itk02] all or nothing protection [CDH 00] etc. In these methods, secrets are typically protected by being distributed (shared among multiple modules) thus minimizing the e ect of partial exposures. In this paper, however, we focus on the total and inconspicuous ....

Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Strong key-insulated signature schemes. Unpublished Manuscript.

No context found.

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC'03, to appear.

No context found.

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC 2003, LNCS vol. 2567, pp. 130--144, Springer-Verlag, 2003.

No context found.

Y. Dodis, J. Katz, S. Xu and M. Yung, Strong Key-Insulated Signature Schemes, Proc. PKC2003, Lecture Notes in Computer Science, vol. 2567, pp. 130--144, 2003.

No context found.

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC 2003.

....sense) for any prior time periods t t. The e ect of key exposure is thereby contained as much as possible given that a single user stores all secret keying information. To address the issue of obtaining security for time periods following key exposure, the notion of key insulation [11, 12] was proposed. This model had the distinguishing feature of assuming (a limited amount of) secure storage on a server with which the user periodically interacts. Here, one can imagine the user as a mobile device and the server as a desktop PC in the user s home. The user can perform all ....

....1. 1 Our Contributions Much work has focused on the design and analysis of forward secure signature schemes [5, 20, 2, 16, 21] and, more recently, a forward secure public key encryption scheme has been constructed [8] Key insulated public key encryption schemes [11, 7, 6] and signature schemes [12] are also known. Thus far, however, only constructions of intrusion resilient signature schemes [17, 15] have been proposed. Here, we give the rst definitions of intrusion resilient public key encryption and the rst construction of an intrusion resilient public key encryption scheme. Our ....

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC 2003.

....one key into ciphertext for another key without revealing any information about the secret decryption keys or the clear text. In the case of signatures, the proxy functions convert a valid signature for one key into a valid We will also mention yet another off line variant implicitly studied by [9, 10]. signature for another key without disclosing the secret signature keys. We extend and generalize this notion as follows. Intuitively, proxy functions allow one user to correctly decrypt ciphertexts or generate valid signatures on behalf of another user without holding any information about the ....

....as specific schemes for both encryption and signature proxy functions. We briefly consider extensions to the multi user setting, and use recent results from identity based cryptography [26, 5] to improve the efficiency in this setting. In addition, we adapt the key insulated model presented in [9, 10] to create offline bidirectional schemes that do not require the proxy agent P to continuously assist the law enforcement agency F. The unidirectional and bidirectional primitives can be considered as special cases of general threshold cryptography [6, 8] However, most threshold systems assume a ....

[Article contains additional citation context not shown here]

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC, 2002.

....(see also [20, Section 4. 10.2] Our key observation (see Appendix B) is that this hidden bits paradigm (which is usually achieved using trapdoor permutations) may be implemented using publicly verifiable trapdoor predicates a generalization of trapdoor permutations considered previously [16] and formally introduced here. We furthermore show in Appendix B how the decisional BDH assumption naturally gives rise to a publicly verifiable trapdoor predicate. Combining these results yields the following theorem: the sense of SN CCA. In the random oracle model, we can achieve a more ....

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong key-insulated signature schemes. PKC '03, LNCS vol. 2567, pp. 130--144, Springer-Verlag, 2003.

....Reiter [27] also give a protocol for two party generation of DSA signatures [16] Two party signatures can also be viewed as a special case of general secure two party computation [36] Resisting compromise. Two party signatures are also related to the notion of key insulated signature schemes [13]. In this model, a server helps the client update its secret key from period to period. Though public keys remain the same across updates, signatures reflect the period in which they were created. Thus, a verifier can reject signatures produced in periods during which the client was known to be ....

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong key-insulated signature schemes. Unpublished Manuscript, 2002.

....one key into ciphertext for another key without revealing any information about the secret decryption keys or the clear text. In the case of signatures, the proxy functions convert a valid signature for one key into a valid We will also mention yet another off line variant implicitly studied by [7, 8]. signature for another key without disclosing the secret signature keys. We extend and generalize this notion as follows. Intuitively, proxy functions allow one user to correctly decrypt ciphertexts or generate valid signatures on behalf of another user without holding any information about the ....

....as specific schemes for both encryption and signature proxy functions. We briefly consider extensions to the multi user setting, and use recent results from identity based cryptography [18, 5] to improve the efficiency in this setting. In addition, we adapt the forward secure model presented in [7, 8] to create offline symmetric schemes that do not require the proxy agent P to continuously assist the law enforcement agency F. 3 Model For a better understanding and consistency throughout the rest of the paper, we will explain and use the key escrow scenario as a model for our definitions. ....

[Article contains additional citation context not shown here]

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC, 2002.

....The complexity of all our schemes is essentially independent of the total number of users N . However, at least one of the parameters is polynomial in t. This makes our schemes applicable only for moderate values of t, which is, however, sucient for many applications. In a companion paper [16], we consider key insulated security of signature schemes. Related Work. Arriving at the right de nitions and models for the notion we put forth here has been somewhat elusive. For example, Girault [22] considers a notion similar to key insulated security of signature schemes. However, 22] does ....

....encryption scheme without the random oracle assumption. 2 De nitions 2. 1 The Model We now provide a formal model for key insulated security, focusing on the case of public key encryption (other key insulated primitives can be de ned similarly; e.g. signature schemes are treated in [16]) Our de nition of a key updating encryption scheme parallels the de nition of a keyevolving signature scheme which appears in [5] with one key di erence: in a key updating scheme there is some data (in particular, SK ) which is never erased since it is stored on a physically secure device. ....

Y. Dodis, J. Katz, S. Xu and M. Yung. Strong Key-Insulated Signature Schemes. Manuscript, 2002. 16

....instance in which forward security was considered for primitives other than signature identification schemes is the work of Bellare and Yee [5] focusing on the privatekey setting. Motivated by work on forward security, the related notion of key insulated cryptography has recently been introduced [9, 10]. Although in both models the stored secret keys are updated so as to limit the e#ect of key exposures, the models are in fact incomparable. On one hand, the key insulated model achieves a stronger level of security in that, even after multiple key exposures occur, all non exposed time periods ....

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. Manuscript, April 2002.

No context found.

Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Strong key-insulated signature schemes. In Public Key Cryptography, pages 130--144, 2003.

No context found.

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong key-insulated signature schemes. In Proc. of the 6th Annual International Workshop on Practice and Theory in Public Key Cryptography (PKC '03), 2003.

No context found.

Y. Dodis, J. Katz, and M. Yung, "Strong key-insulated signature schemes," in Proc. Workshop of Public Key Cryptography (PKC), vol. 2567 of Lecture Notes in Computer Science, pp. 130--144, SpringerVerlag, 2002.

No context found.

Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Strong key-insulated signature schemes. In Desmedt [Des02], pages 130--144.

No context found.

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong key-insulated signature schemes. In PKC 2003, volume 2567 of LNCS, pages 130--144. Springer-Verlag, 2003.

No context found.

Y. Dodis, J. Katz, S. Xu and M. Yung. Strong key-insulated signature schemes. In Public Key Cryptography-PKC'03, LNCS 2567, pp. 130-144, Springer-Verlag, 2003.

No context found.

Dodis Y., Katz J., Xu S., et al.. Strongkey-insulated signature schemes. DIMICS Technical Report 2002-25, November 2002. http://citeseer.nj.nec.com/dodis02strong.html 4

No context found.

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong key-insulated signature schemes. In Y. Desmedt, editor, PKC

No context found.

Y. Dodis, J. Katz, S. Xu and M. Yung. Strong key-insulated signature scheme. Public Key Cryptography - PKC

No context found.

Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Strong keyinsulated signature schemes. Unpublished Manuscript.

No context found.

Y. Dodis, J. Katz, S. Xu, M. Yung, Strong key-insulated signature schemes, in: Y. Desmedt (Ed.), 6th International Workshop on Practice and Theory in Public Key Cryptography, Vol. 2567 of LNCS, 2003, pp. 130--144.

No context found.

Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong key-insulated signature schemes. In Proc. of the 6th Annual International Workshop on Practice and Theory in Public Key Cryptography (PKC '03), 2003.

No context found.

Y. Dodis, J. Katz, S. Xu and M. Yung, Strong Key-Insulated Signature Schemes. In Proceeding of PKC'03 , LNCS 2567, pp. 130-144, 2003.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC