(A) new intrusion-resilient signature scheme based on GDH groups

Abstract

Exposure of secret keys seems to be unavoidable. Thus, limiting their impact is extremely important. To resolve this problem, the notion of forward security was proposed [4], and the forward security was synthesized into the most powerful notion intrusion-resilience [10, 11]. In intrusion-resilient scheme, time is divided into predefined time periods; each signature includes the number of the time period in which it was generated; the public key remains fixed throughout the lifetime of the protocol but the secret key is periodically updated. Also, secret information is stored by both a user and a base; the user generates signatures on his own, and the base is needed only to help update the user``s key from one period to the next. Intrusion-resilient schemes remain secure even after multiple compromises of both the user and the base, as long as they are not both compromised simultaneously. Furthermore, in case the user and base are compromised simultaneously, prior time periods remain secure as in forward-secure scheme. Intrusion-resilient signature schemes have been previously constructed [8, 10, 11]. Here, we construct a forward-security signature scheme based on the GDH groups, and give the first construction of an intrusion-resilient signature scheme based on the GDH groups.