

2002. 10.08

Prof. Kwang jo Kim

Topic :Forward Secrecy and It’s Application

Subject : Forward Secrecy in Proxy Signature



2002. 10.08

Prof. Kwang jo Kim

Table of Contents

1. Introduction

2. Main subject of this project

- What is Proxy Signature? - What is Forward Secrecy

3. Conclusion



2002. 10.08

Prof. Kwang jo Kim

What is Proxy Signature

Proxy Signature scheme

- Delegation of signing capability : An original signer delegates her signing capability to a

proxy signer

- Proxy signing : The proxy signer creates a proxy signature on behalf

of the original signer

Referenced by Byong cheon Lee Lecture note



2002. 10.08

Prof. Kwang jo Kim

What is Proxy Signature (cont..)

Security Requirements

1. Verifiability

2. Strong unforgeability

3. Strong Indentifiability

4. Strong Undeniability

5. Prevention of Misuse



2002. 10.08

Prof. Kwang jo Kim

• [BC93] B.C Neuman, “Proxy-based authorization and accounting for distributed systems.” Proc 13th International Conference on Distributed Computing Systems (1993) 283-291

• [MUO96] M. Mambo, K. Usuda, E.Okamoto, “Proxy Signature: Delegation of the Power to Sign Messages”, IEICE Trans. Fundamentals, E79-A:9 (1996) 1338-1353

• [KPW97] S.Kim , S.Park, and D.Won , “Proxy Signature, revisited”, Proc of International Conference on Information and Communication Security (1997) 223-232.

• [LKK01A] B. Lee, H.Kim, K.Kim, “Strong Proxy signature and its Applications.” Proc of SCIS (2001) 603-608.

• [LKK01B] B. Lee, H.Kim, K.Kim, “Secure Mobile Agent using Strong Non-designated Proxy Signature.” Australasian Conference on Information Security and Privacy (2001) 474-486

Related Work



2002. 10.08

Prof. Kwang jo Kim

Schnorr-based Proxy Signature

Original Signer’s Parameter

Verification

Proxy Signer

kxrreqhs

gr

Zk

AAAA

kA

qR

),(

*

AAA srreq ,,

Arreqh

As ryg AAA ),(

?

BArreqh

Ax

P

BAP

yrygy

xsxAAP ),(

KeyGeneration




2002. 10.08

Prof. Kwang jo Kim

Schnorr-based Proxy Signature

),(),,,,(

mxSrbidIDreqIDm

PP

ABBAA

),,,( pyqpPublicKey

),,,,,( PABBAA rbidIDreqID

}{

),,(

),,,,(

?

?

),(

AB

PP

ABBAA

BArreqh

AP

reqbid

truemyV

rbidIDreqIDmyryy AA

Proxy Signer

Verifier

)( pxSigningKey




2002. 10.08

Prof. Kwang jo Kim

What is Forward Secrecy

Definition of Forward Secrecy

- Forward Secrecy : Compromise of the current secret key does not enable an

adversary to forge signatures pertaining to the past[Bellare et. al.]



2002. 10.08

Prof. Kwang jo Kim

• Ross Anderson, “Two Remarks on Public Key Cryptology.” Invited lecture, CCCS ’97.

• M. Bellare and S. Miner, “A Forward-Secure Digital Signature Scheme.” Crypto ’99.

• J. Katz, “A Forward-Secure Public-Key Encryption Scheme.” Crypto 02’ rump session.

• U. M .Maurer, Y. Yacobi, “A Non-interactive Public-Key Distribution.” Designs, Codes and Cryptography v9, no 3 pp 305-316.

Related Work



2002. 10.08

Prof. Kwang jo Kim

Relationship b/w Proxy Signature and

Forward secrecy

People are not concerned about key destroying in Proxy signature.

The key revocation and escrow problem is also important issue in proxy signature.

Some researchers worried about forgery of original signer but it is also possible that proxy signer can recreate forged proxy signature after the key was revoked.



2002. 10.08

Prof. Kwang jo Kim

Conclusion and Future Work

- Survey the Proxy Signature and Forward Secrecy

- Bring up the Problem in Proxy Signature - Key revocation problem & proxy signer’s forgery

- How to merge between Proxy Signature and Forward Secrecy

network security term project (2002 fall)

Documents