Server-based signatures

Last updated

In cryptography, server-based signatures are digital signatures in which a publicly available server participates in the signature creation process. This is in contrast to conventional digital signatures that are based on public-key cryptography and public-key infrastructure. With that, they assume that signers use their personal trusted computing bases for generating signatures without any communication with servers.

Four different classes of server based signatures have been proposed:

1. Lamport One-Time Signatures. Proposed in 1979 by Leslie Lamport. [1] Lamport one-time signatures are based on cryptographic hash functions. For signing a message, the signer just sends a list of hash values (outputs of a hash function) to a publishing server and therefore the signature process is very fast, though the size of the signature is many times larger, compared to ordinary public-key signature schemes.

2. On-line/off-line Digital Signatures. First proposed in 1989 by Even, Goldreich and Micali [2] [3] [4] in order to speed up the signature creation procedure, which is usually much more time-consuming than verification. In case of RSA, it may be one thousand times slower than verification. On-line/off-line digital signatures are created in two phases. The first phase is performed off-line, possibly even before the message to be signed is known. The second (message-dependent) phase is performed on-line and involves communication with a server. In the first (off-line) phase, the signer uses a conventional public-key digital signature scheme to sign a public key of the Lamport one-time signature scheme. In the second phase, a message is signed by using the Lamport signature scheme. Some later works [5] [6] [7] [8] [9] [10] [11] have improved the efficiency of the original solution by Even et al.

3. Server-Supported Signatures (SSS). Proposed in 1996 by Asokan, Tsudik and Waidner [12] [13] in order to delegate the use of time-consuming operations of asymmetric cryptography from clients (ordinary users) to a server. For ordinary users, the use of asymmetric cryptography is limited to signature verification, i.e. there is no pre-computation phase like in the case of on-line/off-line signatures. The main motivation was the use of low-performance mobile devices for creating digital signatures, considering that such devices could be too slow for creating ordinary public-key digital signatures, such as RSA. Clients use hash chain based authentication [14] to send their messages to a signature server in an authenticated way and the server then creates a digital signature by using an ordinary public-key digital signature scheme. In SSS, signature servers are not assumed to be Trusted Third Parties (TTPs) because the transcript of the hash chain authentication phase can be used for non repudiation purposes. In SSS, servers cannot create signatures in the name of their clients.

4. Delegate Servers (DS). Proposed in 2002 by Perrin, Bruns, Moreh and Olkin [15] in order to reduce the problems and costs related to individual private keys. In their solution, clients (ordinary users) delegate their private cryptographic operations to a Delegation Server (DS). Users authenticate to DS and request to sign messages on their behalf by using the server's own private key. The main motivation behind DS was that private keys are difficult for ordinary users to use and easy for attackers to abuse. Private keys are not memorable like passwords or derivable from persons like biometrics, and cannot be entered from keyboards like passwords. Private keys are mostly stored as files in computers or on smart-cards, that may be stolen by attackers and abuse off-line. In 2003, Buldas and Saarepera [16] proposed a two-level architecture of delegation servers that addresses the trust issue by replacing trust with threshold trust via the use of threshold cryptosystems.

Related Research Articles

<span class="mw-page-title-main">Ralph Merkle</span> American cryptographer

Ralph C. Merkle is a computer scientist and mathematician. He is one of the inventors of public-key cryptography, the inventor of cryptographic hashing, and more recently a researcher and speaker on cryonics.

<span class="mw-page-title-main">Digital signature</span> Mathematical scheme for verifying the authenticity of digital documents

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created by a known sender (authenticity), and that the message was not altered in transit (integrity).

Articles related to cryptography include:

<span class="mw-page-title-main">David Chaum</span> American computer scientist and cryptographer

David Lee Chaum is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertation "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups" is the first known proposal for a blockchain protocol. Complete with the code to implement the protocol, Chaum's dissertation proposed all but one element of the blockchain later detailed in the Bitcoin whitepaper. He has been referred to as "the father of online anonymity", and "the godfather of cryptocurrency".

Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields.

In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.

A group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could be used by an employee of a large company where it is sufficient for a verifier to know a message was signed by an employee, but not which particular employee signed it. Another application is for keycard access to restricted areas where it is inappropriate to track individual employee's movements, but necessary to secure areas to only employees in the group.

In cryptography, a pseudorandom function family, abbreviated PRF, is a collection of efficiently-computable functions which emulate a random oracle in the following way: no efficient algorithm can distinguish between a function chosen randomly from the PRF family and a random oracle. Pseudorandom functions are vital tools in the construction of cryptographic primitives, especially secure encryption schemes.

In the mathematical and computer science field of cryptography, a group of three numbers (x,y,z) is said to be a claw of two permutations f0 and f1 if

Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person. Also, digital credentials prove something about their owner. Both types of credentials may contain personal information such as the person's name, birthplace, birthdate, and/or biometric information such as a picture or a finger print.

Distributed key generation (DKG) is a cryptographic process in which multiple parties contribute to the calculation of a shared public and private key set. Unlike most public key encryption models, distributed key generation does not rely on Trusted Third Parties. Instead, the participation of a threshold of honest parties determines whether a key pair can be computed successfully. Distributed key generation prevents single parties from having access to a private key. The involvement of many parties requires Distributed key generation to ensure secrecy in the presence of malicious contributions to the key calculation.

A hash chain is the successive application of a cryptographic hash function to a piece of data. In computer security, a hash chain is a method to produce many one-time keys from a single key or password. For non-repudiation a hash function can be applied successively to additional pieces of data in order to record the chronology of data's existence.

Lattice-based cryptography is the generic term for constructions of cryptographic primitives that involve lattices, either in the construction itself or in the security proof. Lattice-based constructions are currently important candidates for post-quantum cryptography. Unlike more widely used and known public-key schemes such as the RSA, Diffie-Hellman or elliptic-curve cryptosystems—which could, theoretically, be defeated using Shor's algorithm on a quantum computer—some lattice-based constructions appear to be resistant to attack by both classical and quantum computers. Furthermore, many lattice-based constructions are considered to be secure under the assumption that certain well-studied computational lattice problems cannot be solved efficiently.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

In hash-based cryptography, the Merkle signature scheme is a digital signature scheme based on Merkle trees and one-time signatures such as the Lamport signature scheme. It was developed by Ralph Merkle in the late 1970s and is an alternative to traditional digital signatures such as the Digital Signature Algorithm or RSA. NIST has approved specific variants of the Merkle signature scheme in 2020.

Identity-based cryptography is a type of public-key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an email address, domain name, or a physical IP address.

Linked timestamping is a type of trusted timestamping where issued time-stamps are related to each other.

In cryptography, post-quantum cryptography refers to cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm.

Hash-based cryptography is the generic term for constructions of cryptographic primitives based on the security of hash functions. It is of interest as a type of post-quantum cryptography.

References

  1. Lamport, L.: Constructing digital signatures from a one way function. Comp. Sci. Laboratory. SRI International (1979) http://research.microsoft.com/en-us/um/people/lamport/pubs/dig-sig.pdf
  2. Even, S.; Goldreich, O.; Micali, S. (1996). "On-line/off-line digital signatures". Journal of Cryptology. 9: 35–67. doi:10.1007/BF02254791. S2CID   9503598.
  3. Even, S.; Goldreich, O.; Micali, S. (1990). "On-Line/Off-Line Digital Signatures". Advances in Cryptology — CRYPTO' 89 Proceedings. Lecture Notes in Computer Science. Vol. 435. p. 263. doi:10.1007/0-387-34805-0_24. ISBN   978-0-387-97317-3.
  4. US Patent #5,016,274. Micali et al. On-line/off-line digital signing. May, 1991.
  5. Shamir, A.; Tauman, Y. (2001). "Improved Online/Offline Signature Schemes". Advances in Cryptology — CRYPTO 2001. Lecture Notes in Computer Science. Vol. 2139. p. 355. doi:10.1007/3-540-44647-8_21. ISBN   978-3-540-42456-7.
  6. Yu, P.; Tate, S. R. (2007). "An Online/Offline Signature Scheme Based on the Strong RSA Assumption". 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07). p. 601. doi:10.1109/AINAW.2007.89. ISBN   978-0-7695-2847-2. S2CID   12773954.
  7. Yu, P.; Tate, S. R. (2008). "Online/Offline Signature Schemes for Devices with Limited Computing Capabilities". Topics in Cryptology – CT-RSA 2008. Lecture Notes in Computer Science. Vol. 4964. p. 301. doi:10.1007/978-3-540-79263-5_19. ISBN   978-3-540-79262-8.
  8. Catalano, D.; Raimondo, M.; Fiore, D.; Gennaro, R. (2008). "Off-Line/On-Line Signatures: Theoretical Aspects and Experimental Results". Public Key Cryptography – PKC 2008. Lecture Notes in Computer Science. Vol. 4939. p. 101. doi:10.1007/978-3-540-78440-1_7. ISBN   978-3-540-78439-5.
  9. Girault, M.; Poupard, G.; Stern, J. (2006). "On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order". Journal of Cryptology. 19 (4): 463. doi: 10.1007/s00145-006-0224-0 . S2CID   7157130.
  10. Girault, M. (1991). "Self-certified public keys". Advances in Cryptology — EUROCRYPT '91. Lecture Notes in Computer Science. Vol. 547. pp. 490–497. doi:10.1007/3-540-46416-6_42. ISBN   978-3-540-54620-7.
  11. Joye, M. (2008). "An Efficient On-Line/Off-Line Signature Scheme without Random Oracles". Cryptology and Network Security. Lecture Notes in Computer Science. Vol. 5339. pp. 98–10. doi:10.1007/978-3-540-89641-8_7. ISBN   978-3-540-89640-1.
  12. Asokan, N.; Tsudik, G.; Waidner, M. (1996). "Server-Supported Signatures". Computer Security — ESORICS 96. Lecture Notes in Computer Science. Vol. 1146. p. 131. CiteSeerX   10.1.1.44.8412 . doi:10.1007/3-540-61770-1_32. ISBN   978-3-540-61770-9.
  13. Asokan, N., Tsudik, G., Waidner, M.: Server-supported signatures. J. Computer Security (1996) 5: 131--143.
  14. Lamport, L. (1981). "Password authentication with insecure communication". Communications of the ACM. 24 (11): 770–772. CiteSeerX   10.1.1.64.3756 . doi:10.1145/358790.358797. S2CID   12399441.
  15. Perrin, T., Bruns, L., Moreh, J., Olkin, T.: Delegated cryptography, online trusted parties, and PKI. In 1st Annual PKI Research Workshop---Proceedings, pp. 97--116 (2002) http://www.cs.dartmouth.edu/~pki02/Perrin/paper.pdf
  16. Buldas, A., Saarepera, M.: Electronic signature system with small number of private keys. In 2nd Annual PKI Research Workshop---Proceedings, pp. 96--108 (2003) "Archived copy" (PDF). Archived from the original (PDF) on 2010-06-10. Retrieved 2013-01-30.{{cite web}}: CS1 maint: archived copy as title (link)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.