We present a protection mechanism against forgery of electronic signatures with the original signing keys. It works for standard signatures based on discrete logarithm problem such as DSA. It requires only a slight modification of the signing device – an implementation of an additional hidden evidence functionality. We assume that neither verification mechanism can be altered nor extra fields can be added to the signature (both as signed and unsigned fields). Therefore, the old software for signature verification can be used without any change. On the other hand, if a forged signature emerges, the signatory may prove its inconsistency with a probability close to 1. Unlike fail-stop signatures, our method works not only against cryptanalytic attacks, but it is primarily designed for the case when the adversary gets the original signing key stored by the signing device of the user. Unlike cliptographic constructions designed to defend against malicious implementations, we consider catastrophic situation when the key has been already compromised. The technical idea we propose is an application of kleptography for good purposes. It is simple enough, efficient and almost self-evident to be ready for implementation of cryptographic smart cards of moderate storage and computational capabilities. Unfortunately, we have also to bring into attention that our scheme has a dark side and it can be used for leaking the keys via the recent subversion-resistant signatures by A. Russell, Q. Tang, M. Yung and H.-Sh.Zhou.
CITATION STYLE
Kutyłowski, M., Cichoń, J., Hanzlik, L., Kluczniak, K., Che, X., & Wang, J. (2017). Protecting electronic signatures in case of key leakage. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10311 LNCS, pp. 252–274). Springer Verlag. https://doi.org/10.1007/978-3-319-61273-7_13
Mendeley helps you to discover research relevant for your work.