Abstract
In key-insulated cryptography, there are many private keys with different indexes and a single, fixed public key. When the trust model includes multiple Certification Authorities (CAs), it can be used to shorten the verification path and mitigate the damage caused by the compromise of a CA’s private key. Existing work requires that the total number of CAs be fixed and that a trusted keystore store all private keys. This paper presents a hierarchical key-insulated signature scheme, called HKI, which converts existing key-insulated methods to a hierarchical scheme. Our scheme allows the system to repeatedly generate a new private key for a new CA and also provides two important features, namely a shortened verification path and mitigated damage. By basing our approach on a general key-insulated scheme, we have made it possible to take advantage of any future improvements in computation complexity, key length, or robustness in current key-insulated methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Internet X.509 Public Key Infrastructure Certificate and CRL profile. RFC3280 (April 2002)
Abdalla, M., Reyzin, L.: A New Forward-Secure Digital Signature Scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 116–129. Springer, Heidelberg (2000)
Bellare, M., Miner, S.K.: A Forward-Secure Digital Signature Scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 431. Springer, Heidelberg (1999)
Bellare, M., Yee, B.: Forward-Security in Private-Key Cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003)
Canetti, R., Halevi, S., Katz, J.: A Forward-Secure Public-Key Encryption Scheme. In: Advances in Cryptology - Eurocrypt (2002)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong Key- Insulated Public-Key Schemes. In:Workshop on Public Key Cryptography (PKC) (January 2003)
Dusart, P.: The kth prime is greater than k(ln k + lnlnk − 1) for k ≥ 2. mc, vol. 68(225), pp. 411–415 (1999)
Gentry, C., Silverberg, A.: Hierarchical ID-Based Cryptography. In: Proceedings of Asiacrypt (2002)
Gödel, K.: On Formally Undecidable Propositions of Principia Mathematica and Related Systems. Dover Publications, Inc, New York (1992)
Itkis, G., Reyzin, L.: Forward-Secure Signatures with Optimal Signing and Verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 332. Springer, Heidelberg (2001)
Itkis, G., Reyzin, L.: SiBIR: Signer-Base Intrusion-Resilient Signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 499. Springer, Heidelberg (2002)
Katz, J.: A Forward-Secure Public-Key Encryption Scheme. Cryptology eprint archive Report 2002/060 (May 2002), http://eprint.iacr.org/2002/060/
Koga, S., Sakurai, K.: Decentralization Methods of Certification Authority Using the Digital Signature Schemes. In: Proceedings of 2nd Annual PKI Research Workshop (2003)
Kozlov, A., Reyzin, L.: Forward-Secure Signatures with Fast Key Update. In: 3rd Conference on Security in Communication Networks (2002)
Krawczyk, H.: Simple Forward-Secure Signatures From Any Signature Scheme. In:7th ACM Conference on Computer and Communication Security (2000)
Riesel, H.: The Remainder Term in the Prime Number Theorem. Prime Numbers and Computer Methods for Factorization (Progress in Mathematics) 126 (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Le, Z., Ouyang, Y., Ford, J., Makedon, F. (2004). A Hierarchical Key-Insulated Signature Scheme in the CA Trust Model. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-30144-8_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23208-7
Online ISBN: 978-3-540-30144-8
eBook Packages: Springer Book Archive