Intrusion-Resilient Signatures: Generic Constructions, or Defeating Strong Adversary with Minimal Assumptions

Signer-Base Intrusion-Resilient (SiBIR) signature schemes were defined in [IR02]. In this model, as in the case of forward security, time is divided into predefined time periods (e.g., days); each signature includes the number of the time period in which it was generated; while the public key remains the same, the secret keys evolve with time. In addition, in SiBIR model, the user has two modules, signer and home base: the former generates all signatures on its own, and the latter is needed only to help update the signer's key from one time period to the next. The main strength of the intrusion-resilient schemes, is that they remain secure even after arbitrarily many compromises of both modules, as long as the compromises are not simultaneous. Moreover, even if the intruder does compromise both modules simultaneously, she will still be unable to generate any signatures for the previous time periods (i.e., the forward security is guaranteed even in the case of simultaneous exposures). This paper provides the first generic implementation, called gSiBIR, of the intrusion-resilient signature schemes: it can be based on any ordinary signature scheme used as a black-box. gSiBIR is also the first SiBIR scheme secure against fully-adaptive adversary and does not require random oracle. Our construction does require one-way (and cryptographic hash) functions. Another contribution of this paper is a new mechanism extending tree-based constructions such as gSiBIR and that of [BM99] to avoid the limit on the total number of periods (required by [IR02] and many forward-secure ones). This mechanism is based on explicit use of prefixless (or self-delimiting) encodings. Applied to the generic forward-secure singature constructions of [BM99, MMM02], it extends the first and yields modest but noticable improvements to the second. With this mechanism, gSiBIR becomes the first generic intrusion-resilient signature scheme with no limit on the number of periods.

[1]  William I. Gasarch,et al.  Book Review: An introduction to Kolmogorov Complexity and its Applications Second Edition, 1997 by Ming Li and Paul Vitanyi (Springer (Graduate Text Series)) , 1997, SIGACT News.

[2]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[3]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[4]  Leonid Reyzin,et al.  Intrusion-Resilient Signatures, or Towards Obsoletion of Certificate Revocation , 2002, CRYPTO 2002.

[5]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[6]  Leonid Reyzin,et al.  A New Forward-Secure Digital Signature Scheme , 2000, ASIACRYPT.

[7]  Leonid A. Levin,et al.  Power of fast VLSI models is insensitive to wires' thinness , 1989, 30th Annual Symposium on Foundations of Computer Science.

[8]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[9]  R. Nicoll,et al.  Invited lecture , 1997, Neuroscience Research.

[10]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[11]  Gene Itkis,et al.  SiBIR: Signer-Base Intrusion-Resilient Signatures , 2002, CRYPTO.

[12]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[13]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[14]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[15]  Hugo Krawczyk,et al.  Simple forward-secure signatures from any signature scheme , 2000, IACR Cryptol. ePrint Arch..

[16]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.

[17]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[18]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[19]  Tal Malkin,et al.  Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods , 2002, EUROCRYPT.

[20]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 2019, Texts in Computer Science.

[21]  A. Church On the concept of a random sequence , 1940 .

[22]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.