Table of contents

  • This session has been presented April 18, 2008.

Description

  • Speaker

    Benoit Libert - UCL

Forward-secure signatures (FSS) prevent forgeries for past time periods when an attacker obtains full access to the signer's storage. To simplify the integration of these primitives into standard security architectures, Boyen, Shacham, Shen and Waters recently introduced the concept of forward-secure signatures with untrusted updates where private keys are additionally protected by a second factor (derived from a password). Key updates can be made on encrypted version of signing keys so that passwords only come into play for signing messages.<br/> The scheme put forth by Boyen et al. relies on bilinear maps and does not require the random oracle. The latter work also suggested the integration of untrusted updates in the Bellare-Miner forward-secure signature and left open the problem of endowing other existing FSS systems with the same second factor protection. We solve this problem by showing how to adapt the very efficient generic construction of Malkin, Micciancio and Miner (MMM) to untrusted update environments. More precisely, our modified construction - which does not use random oracles either - obtains a forward-secure signature with untrusted updates from any 2-party multi-signature in the plain public key model. In combination with Bellare and Neven's multi-signatures, our generic method yields implementations based on standard assumptions such as RSA, factoring or the hardness of computing discrete logarithms. Like the original MMM scheme, it does not require to set a bound on the number of time periods at key generation.

Next sessions

  • Polytopes in the Fiat-Shamir with Aborts Paradigm

    • November 29, 2024 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Hugo Beguinet - ENS Paris / Thales

    The Fiat-Shamir with Aborts paradigm (FSwA) uses rejection sampling to remove a secret’s dependency on a given source distribution.&nbsp; Recent results revealed that unlike the uniform distribution in the hypercube, both the continuous Gaussian and the uniform distribution within the hypersphere minimise the rejection rate and the size of the proof of knowledge. However, in practice both these[…]

    • Cryptography

    • Asymmetric primitive

    • Mode and protocol

  • Post-quantum Group-based Cryptography

    • December 20, 2024 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Delaram Kahrobaei - The City University of New York

Show previous sessions
Page top