Forward-Secure Identity-Based Signature Scheme in Untrusted Update Environments

Abstract

Forward-secure signatures are proposed to diminish the damage of key exposure, in which the security of signatures prior to the period of key exposure can be kept. Identity-based signatures can reduce the complexity and the cost for managing the public key because the public key is replaced by any known information of a user's identity. In this paper, we discuss a new issue related to integrating forward-secure and identity-based primitives into standard applications of personal network communication security such as pretty good privacy suite and secure/multipurpose internet mail extensions in which the secret key is additionally protected by an extra secret that is possibly derived from a password. One major contribution of this paper is to construct the first forward-secure identity-based signature scheme in untrusted update environments. In this scheme, the public key can be derived from some arbitrary identification value such as an email address or a phone number, and the signing key is additionally shielded by a second factor derived from a user's password. Key update can be completed by the encrypted version of signing keys. The second factor is only needed when the signatures are produced. In addition, we give the definitions of forward security and update security in this kind of signature. At last, formal proofs of forward security and update security in the random oracle model are provided under the CDH assumption.