| Cryptosystem scheme is comprised of algorithm and key. According to Kerckhoff principle, the algorithm is published to public. So the security of cryptosystem scheme fully depends on the security of the key. Key exposure is fatal to a cryptosystem scheme and the damge is unable to estimated. Key exposure is one of the biggest threats to security in digital signature sytstems. Once the private signature keys are exposed, the adversary can arbitrarily generate keys to cancel the past signatures, making all of them incredible. The valid signer may take the consequences caused by the adversaries' forgery at any time, and the loss will be inevaluable. So how to minimize the damage caused by key exposure has always been one of the problems that cryptographists work over.To solve this problem, forward-secure scheme has been suggested. To reduce the damage caused by key-exposure is the goal of forward-secure scheme. The scheme make enemy disable to forge signature before, then the damage was reduced. Forward-secure signature scheme modified primary model in common signature scheme. The notion "life cycle" was introduced into new scheme and it is divided into several periods. The public key is kept unchanged in "life cycle", while the secret key was changed in every period, The scheme compute next secret key by an one-way function , which means that it is difficult to get previous secret key of any period. So the enemy can not forge the signature before and the damage was reduced.After that, the forward security digital signarure scheme become a research point, and many schemes with stronger security appeared, such as Strong Forward Security Scheme, Key-Insulated Signatures and Intrusion Resilient Signatures. No matter it is Forward Security Scheme, Key-Insulated Signatures or Intrusion Resilient Signatures, it is very important to detect the key exposure in time. In ACM conference CCS'2003, Gene Itkis proposed the definition of cryptographic tamper evidence, constructed an algorithm to detect key exposure, and furthermore gave a tamper-evident signature schemes. In most forward-secure signature constructions, a program that updates a user's private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with several security architectures including Gnu Privacy Guard (GPG) and S/MIME, where the private key is encrypted under a user password as a "second factor" of security, in case the private key storage is corrupted, but the password is not. In ACM conference CCS'2006, Boyen introduce the concept of forward-secure signatures with untrusted update, where the key update can be performed on an encrypted version of the key. Forward secure signatures with untrusted update allow us to add forward security to signatures, while still keeping passwords as a second factor of security.This paper analyses several forward-secure signature schemes, their merits and defects, summarize the achievement and development of forward-secure signature schemes, also gives the search directions of forward-secure signature scheme.This thesis improves the original by introducing the thought of certificate-chain, giving a new forward-security scheme, and furthermore, gives the forward security proving in the standard model. Since both the chain's composing and verifying are performed once in every period, the new scheme is more efficient than the original.After studying several homomorphic encryption schemes, we find that, for given key-updating method, we can encrypt the private keys with specifically homomorphic encryption algorithm. In this way, we can carry out key-updating in ciphertext. And furthermore, we give homomorphic key-updating schemes based on BM99 both in symmetry and asymmetry cryptograph systems. |
PDF Full Text Request