Enhancing the Security Promise of a Digital Time-Stamp

Abstract

In this paper we present a trusted time-stamping service which issues time-stamps with enhanced security by a practical forward-secure proxy signature mechanism. This signature scheme provides a way to verify the validity of the delegation from the trusted time source through the common PKI certification hierarchy. The forward-security of this signature scheme provides better protection against key-exposure attack when time-stamping server gets inruded. The design of this signature scheme is tied closely to the time-stamping service based on hierarchical distributed time sources. The signature scheme is implemented with standard RSA signature and verification algorithms. The computation of signing and verification in providing the forward-security feature is absorbed into the proxy scheme. Only delegation and key-updating require minor extra computation. In addition, one safety assumption made implicitly in Krawczyk's forward-secure signature scheme is identified and eliminated such that the security of our scheme outperforms its predecessor.