Intrusion-resilient identity-based signature: Security definition and construction

Traditional identity-based signatures depend on the assumption that secret keys are absolutely secure. Once a secret key is exposed, all signatures associated with this secret key have to be reissued. Therefore, limiting the impact of key exposure in identity-based signature is an important task. In this paper, we propose to integrate the intrusion-resilient security into identity-based signatures to deal with their key exposure problem. Compared with forward-secure identity-based signatures and key-insulated identity-based signatures, our proposal can achieve higher security. The proposed scheme satisfies that signatures in any other time periods are secure even after arbitrarily many compromises of base and signer, as long as the compromises do not happen simultaneously. Furthermore, the intruder cannot generate signatures pertaining to previous time periods, even if she compromises base and signer simultaneously to get all their secret information. The scheme enjoys nice average performance. There are no cost parameters including key setup time, key extract time, base (signer) key update time, base (signer) key refresh time, signing time, verifying time, and signature size, public parameter size, base (signer) storage size having complexity more than O(logT) in terms of the total number of time periods T in this scheme. We also give the security definition of intrusion-resilient identity-based signature scheme and prove that our scheme is secure based on this security definition in the random oracle model assuming CDH problem is hard.

[1]  Shouhuai Xu,et al.  Strong Key-Insulated Signature Schemes , 2003, Public Key Cryptography.

[2]  Gene Itkis,et al.  Intrusion-Resilient Signatures: Generic Constructions, or Defeating Strong Adversary with Minimal Assumptions , 2002, SCN.

[3]  Yu Jia Intrusion-Resilient Signature Scheme with Provable Security , 2010 .

[4]  Yali Liu,et al.  ID-Based Forward-Secure Signature Scheme from the Bilinear Pairings , 2008, 2008 International Symposium on Electronic Commerce and Security.

[5]  Rong Hao,et al.  Construction of Yet Another Forward Secure Signature Scheme Using Bilinear Maps , 2008, ProvSec.

[6]  Jian Weng,et al.  Identity-Based Parallel Key-Insulated Signature: Framework and Construction , 2008, J. Res. Pract. Inf. Technol..

[7]  Kefei Chen,et al.  A Generic Construction for Instrusion-Resilient Signatures from Linear Feedback Shift Register , 2008, J. Inf. Sci. Eng..

[8]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[9]  Je Hong Park,et al.  A New Forward Secure Signature Scheme , 2004, IACR Cryptol. ePrint Arch..

[10]  Matthew K. Franklin,et al.  Intrusion-Resilient Public-Key Encryption , 2003, CT-RSA.

[11]  Ross J. Anderson,et al.  Two remarks on public key cryptology , 2002 .

[12]  Matthew K. Franklin,et al.  A Generic Construction for Intrusion-Resilient Public-Key Encryption , 2004, CT-RSA.

[13]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.

[14]  Jian Weng,et al.  Identity-Based Key-Insulated Signature Without Random Oracles , 2006, 2006 International Conference on Computational Intelligence and Security.

[15]  Jian Weng,et al.  Identity-Based Parallel Key-Insulated Signature Without Random Oracles , 2008, J. Inf. Sci. Eng..

[16]  Moti Yung,et al.  Efficient Intrusion-Resilient Signatures Without Random Oracles , 2006, Inscrypt.

[17]  Gene Itkis,et al.  SiBIR: Signer-Base Intrusion-Resilient Signatures , 2002, CRYPTO.

[18]  Rong Hao,et al.  Forward-secure identity-based signature: Security notions and construction , 2011, Inf. Sci..

[19]  Fei Hu,et al.  A New Forward Secure Signature Scheme using Bilinear Maps , 2003, IACR Cryptol. ePrint Arch..

[20]  Fillia Makedon,et al.  A Hierarchical Key-Insulated Signature Scheme in the CA Trust Model , 2004, ISC.

[21]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[22]  Javier Herranz,et al.  On the Generic Construction of Identity-Based Signatures with Additional Properties , 2006, ASIACRYPT.

[23]  Jian Weng,et al.  Identity-Based Key-Insulated Signature with Secure Key-Updates , 2006, Inscrypt.

[24]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[25]  Yuan Zhou,et al.  Identity Based Key Insulated Signature , 2006, ISPEC.

[26]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[27]  Leonid Reyzin,et al.  A New Forward-Secure Digital Signature Scheme , 2000, ASIACRYPT.