Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation

Author

Jianying ZHOU, Institute for Infocomm Research, Singapore
Feng BAO, Institute for Infocomm Research, Singapore
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

10-2003

Abstract

In non-repudiation services where digital signatures usually serve as irrefutable cryptographic evidence for dispute resolution, trusted time-stamping and certificate revocation services, although very costly in practice, must be available, to prevent big loss due to compromising of the signing key. In [12], a new concept called intrusion-resilient signature was proposed to get rid of trusted time-stamping and certificate revocation services and a concrete scheme was presented. In this paper, we put forward a new scheme that can achieve the same effect in a much more efficient way. In our scheme, forward-secure signature serves as a building block that enables signature validation without trusted time-stamping, and a one-way hash chain is employed to control the validity of public-key certificates without the CA's involvement for certificate revocation. We adopt a model similar to the intrusion-resilient signature in [12], where time is divided into predefined short periods and a user has two modules, signer and home base. The signer generates forward-secure signatures on his own while the home base manages the validity of the signer's public-key certificate with a one-way hash chain. The signature verifier can check the validity of signatures without retrieving the certificate revocation information from the CA. Our scheme is more robust in the sense that loss of synchronization between the signer and the home base could be recovered in the next time period while it is unrecoverable in [12]. Our scheme is also more flexible in the real implementation as it allows an individual user to control the validity of his own certificate without using the home base.

Keywords

Implementation, Public key, Validation, Loss, Service time, Social psychology, Confidence, Time resolution, Synchronization, Cryptography, Digital signature, Safety

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Information Security: 6th International Conference, ISC 2003, Bristol, UK, October 1-3: Proceedings

Volume

2851

First Page

96

Last Page

110

ISBN

9783540399810

Identifier

10.1007/10958513_8

Publisher

Springer

City or Country

Berlin

Citation

ZHOU, Jianying; BAO, Feng; and DENG, Robert H.. Validating Digital Signatures without TTP’s Time-Stamping and Certificate Revocation. (2003). Information Security: 6th International Conference, ISC 2003, Bristol, UK, October 1-3: Proceedings. 2851, 96-110.
Available at: https://ink.library.smu.edu.sg/sis_research/1079

Copyright Owner and License

Publisher

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1007/10958513_8