Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation

Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation

In non-repudiation services where digital signatures usually serve as irrefutable cryptographic evidence for dispute resolution, trusted time-stamping and certificate revocation services, although very costly in practice, must be available, to prevent big loss due to compromising of the signing key....

Full description

Saved in:
Bibliographic Details
Main Authors: ZHOU, Jianying, BAO, Feng, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2003
Subjects:
Implementation
Public key
Validation
Loss
Service time
Social psychology
Confidence
Time resolution
Synchronization
Cryptography
Digital signature
Safety
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/1079
https://ink.library.smu.edu.sg/context/sis_research/article/2078/viewcontent/Zhou2003_ValidatingDigitalSignatures_pv.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-2078
record_format dspace
spelling sg-smu-ink.sis_research-20782022-02-18T05:18:28Z Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation ZHOU, Jianying BAO, Feng DENG, Robert H. In non-repudiation services where digital signatures usually serve as irrefutable cryptographic evidence for dispute resolution, trusted time-stamping and certificate revocation services, although very costly in practice, must be available, to prevent big loss due to compromising of the signing key. In [12], a new concept called intrusion-resilient signature was proposed to get rid of trusted time-stamping and certificate revocation services and a concrete scheme was presented. In this paper, we put forward a new scheme that can achieve the same effect in a much more efficient way. In our scheme, forward-secure signature serves as a building block that enables signature validation without trusted time-stamping, and a one-way hash chain is employed to control the validity of public-key certificates without the CA's involvement for certificate revocation. We adopt a model similar to the intrusion-resilient signature in [12], where time is divided into predefined short periods and a user has two modules, signer and home base. The signer generates forward-secure signatures on his own while the home base manages the validity of the signer's public-key certificate with a one-way hash chain. The signature verifier can check the validity of signatures without retrieving the certificate revocation information from the CA. Our scheme is more robust in the sense that loss of synchronization between the signer and the home base could be recovered in the next time period while it is unrecoverable in [12]. Our scheme is also more flexible in the real implementation as it allows an individual user to control the validity of his own certificate without using the home base. 2003-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1079 info:doi/10.1007/10958513_8 https://ink.library.smu.edu.sg/context/sis_research/article/2078/viewcontent/Zhou2003_ValidatingDigitalSignatures_pv.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Implementation Public key Validation Loss Service time Social psychology Confidence Time resolution Synchronization Cryptography Digital signature Safety Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Implementation
Public key
Validation
Loss
Service time
Social psychology
Confidence
Time resolution
Synchronization
Cryptography
Digital signature
Safety
Information Security
spellingShingle Implementation
Public key
Validation
Loss
Service time
Social psychology
Confidence
Time resolution
Synchronization
Cryptography
Digital signature
Safety
Information Security
ZHOU, Jianying
BAO, Feng
DENG, Robert H.
Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation
description In non-repudiation services where digital signatures usually serve as irrefutable cryptographic evidence for dispute resolution, trusted time-stamping and certificate revocation services, although very costly in practice, must be available, to prevent big loss due to compromising of the signing key. In [12], a new concept called intrusion-resilient signature was proposed to get rid of trusted time-stamping and certificate revocation services and a concrete scheme was presented. In this paper, we put forward a new scheme that can achieve the same effect in a much more efficient way. In our scheme, forward-secure signature serves as a building block that enables signature validation without trusted time-stamping, and a one-way hash chain is employed to control the validity of public-key certificates without the CA's involvement for certificate revocation. We adopt a model similar to the intrusion-resilient signature in [12], where time is divided into predefined short periods and a user has two modules, signer and home base. The signer generates forward-secure signatures on his own while the home base manages the validity of the signer's public-key certificate with a one-way hash chain. The signature verifier can check the validity of signatures without retrieving the certificate revocation information from the CA. Our scheme is more robust in the sense that loss of synchronization between the signer and the home base could be recovered in the next time period while it is unrecoverable in [12]. Our scheme is also more flexible in the real implementation as it allows an individual user to control the validity of his own certificate without using the home base.
format text
author ZHOU, Jianying
BAO, Feng
DENG, Robert H.
author_facet ZHOU, Jianying
BAO, Feng
DENG, Robert H.
author_sort ZHOU, Jianying
title Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation
title_short Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation
title_full Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation
title_fullStr Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation
title_full_unstemmed Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation
title_sort validating digital signatures without ttp’s time-stamping and certificate revocation
publisher Institutional Knowledge at Singapore Management University
publishDate 2003
url https://ink.library.smu.edu.sg/sis_research/1079
https://ink.library.smu.edu.sg/context/sis_research/article/2078/viewcontent/Zhou2003_ValidatingDigitalSignatures_pv.pdf
_version_ 1770570848759971840

Similar Items