“…There are numerous instantiations of this idea including threshold signatures [7] and proactive signatures [14]. Distribution however is quite costly.…”
Abstract. We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.
“…There are numerous instantiations of this idea including threshold signatures [7] and proactive signatures [14]. Distribution however is quite costly.…”
Abstract. We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.
“…Early work in the field is due to Boyd [7], Desmedt [19], Croft and Harris [17], Frankel [24], and Desmedt and Frankel [20]. Work in threshold cryptography for discrete-log based cryptosystems includes, for example, Desmedt and Frankel [20], Hwang [32], Pedersen [40], Cerecedo et al [12], Harn [30], Langford [34], Gennaro et al [29], Park and Kurosawa [39], Herzberg et al [31], and Frankel et al [26].…”
Abstract.We propose an efficient two-party public key cryptosystem that is secure against adaptive chosen ciphertext attack, based on the hardness of Decision Diffie-Hellman (DDH). Specifically, we show that the two parties together can decrypt ciphertexts, but neither can alone. Our system is based on the Cramer-Shoup cryptosystem. Previous results on efficient threshold cryptosystems secure against adaptive chosen ciphertext attack required either (1) a strict majority of uncorrupted decryption servers, and thus do not apply to the two-party scenario, or (2) the random oracle assumption, and thus were not proven secure in the "standard" model.
“…For [21] allow multiple trusted third parties to sign a message using a single signature key while the secret shares held by each signer for constructing the signature key can be refreshed periodically in a way that the signature key (and its corresponding verification key) is kept unchanged.…”
Section: Securing Trusted Third Party's Signaturesmentioning
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.