Experimenting with Server-Aided Signatures

This paper explores practical and conceptual implications of using Server-Aided Signatures (SAS). SAS is a signature method that relies on partiallytrusted servers for generating public key signatures for regular users. Besides its two primary goals of 1) aiding small, resource-limited devices in computing heavy-weight (normally expensive) digital signatures and 2) fast certificate revocation, SAS also offers signature causality and has some interesting features such as built-in attack detection for users and DoS resistance for servers.

[1]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[2]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[3]  Gene Tsudik,et al.  Server-Supported Signatures , 1996, ESORICS.

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[6]  Rafail Ostrovsky,et al.  Fast digital identity revocation , 1998 .

[7]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[8]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[9]  Michael K. Reiter,et al.  Two-party generation of DSA signatures , 2001, International Journal of Information Security.

[10]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[11]  Tim Howes,et al.  Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 , 1999, RFC.

[12]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[13]  S. Micali Enhanced Certificate Revocation System , 1995 .

[14]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[15]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[16]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[17]  Michael K. Reiter,et al.  Networked cryptographic devices resilient to capture , 2003, International Journal of Information Security.

[18]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[19]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) , 2001, RFC.