5th International ICST Conference on Communications and Networking in China

Research Article

A generic method of detecting private key disclosure in digital signature schemes

Download118 downloads
  • @INPROCEEDINGS{10.4108/chinacom.2010.138,
        author={Feng Bao},
        title={A generic method of detecting private key disclosure in digital signature schemes},
        proceedings={5th International ICST Conference on Communications and Networking in China},
        publisher={IEEE},
        proceedings_a={CHINACOM},
        year={2011},
        month={1},
        keywords={Encryption},
        doi={10.4108/chinacom.2010.138}
    }
    
  • Feng Bao
    Year: 2011
    A generic method of detecting private key disclosure in digital signature schemes
    CHINACOM
    ICST
    DOI: 10.4108/chinacom.2010.138
Feng Bao1
  • 1: Institute for Inforcomm Research, 1 Fusionopolis Way, #21-01 Connexis, Singapore 138632

Abstract

Digital signature is very critical and useful for achieving security features such as authentication, certification, integrity and non-repudiation etc. In digital signature schemes, private keys play the most fundamental role of security and trust. Once a private key is compromised, the key owner loses all of the protection to himself so that he can be impersonated. Hence it is crucial for a private key owner to know whether his key has been stolen. The first study toward detecting private key disclosure is, where the schemes based on the time-division and private key updating are presented. The approach is similar to the forward-secure signature in the key-update style. In this paper we propose a completely different approach for a user to detect whether his private key for signing digital signatures is compromised. The solution satisfies the four attractive properties: 1) the user need not possess another cryptographic key and what he has are his private key and a memorable password; 2) the signature schemes are not in the update of the private key in time-divided manner and our method can be applied to the existing signature schemes; 3) although a trusted party (TP) is required in our method, the user and the TP need not share any secret; and 4) the user is stateless, i.e., he does not need to record all the messages and the signatures he has signed before.