Forward-secure signatures in untrusted update environments
Proceedings of the 14th ACM conference on Computer and communications security - CCS '07
Forward-secure signatures (FSS) prevent forgeries for past time periods when an attacker obtains full access to the signer's storage. To simplify the integration of these primitives into standard security architectures, Boyen, Shacham, Shen and Waters recently introduced the concept of forwardsecure signatures with untrusted updates where private keys are additionally protected by a second factor (derived from a password). Key updates can be made on encrypted version of signing keys so that
... words only come into play for signing messages. The scheme put forth by Boyen et al. relies on bilinear maps and does not require the random oracle. The latter work also suggested the integration of untrusted updates in the Bellare-Miner forward-secure signature and left open the problem of endowing other existing FSS systems with the same second factor protection. This paper solves this problem by showing how to adapt the very efficient generic construction of Malkin, Micciancio and Miner (MMM) to untrusted update environments. More precisely, our modified construction -which does not use random oracles either -obtains a forward-secure signature with untrusted updates from any 2-party multi-signature in the plain public key model. In combination with Bellare and Neven's multi-signatures, our generic method yields implementations based on standard assumptions such as RSA, factoring or the hardness of computing discrete logarithms. Like the original MMM scheme, it does not require to set a bound on the number of time periods at key generation.