Double-authentication-preventing signatures

Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of information security Vol. 16; no. 1; pp. 1 - 22
Main Authors Poettering, Bertram, Stebila, Douglas
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.02.2017
Springer Nature B.V
Subjects
Analysis
Archives & records
Authentication protocols
Binding
Certification testing
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Digital signatures
Forensic sciences
Fraud
Legal
Management of Computing and Information Systems
Mathematical analysis
Mathematical models
Messages
Networks
Operating Systems
Public Key Infrastructure
Regular Contribution
Security management
Signatures
Signs
Studies
Compelled certificate creation attack
94A60 Cryptography
Dishonest signer
Self-enforcement
Digital signatures
Coercion
Two-to-one trapdoor functions
Double signatures
Online AccessGet full text

Cover

More Information
Summary:Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a trusted authority could make multiple certifications for the same subject but different objects, be it intentionally, by accident, or following a (legal or illegal) coercion. We propose the notion of a double-authentication-preventing signature , in which a value to be signed is split into two parts: a subject and a message . If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property discourages signers from misbehaving—a form of self-enforcement —and would give binding authorities like CAs some cryptographic arguments to resist legal coercion. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using the group of sign-agnostic quadratic residues modulo a Blum integer; we show an additional application of these new extractable trapdoor functions to standard digital signatures.
Bibliography:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-1
ObjectType-Feature-2
content type line 23
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-015-0307-8