A generic method of detecting private key disclosure in digital signature schemes

Abstract

Digital signature is very critical and useful for achieving security features such as authentication, certification, integrity and non-repudiation etc. In digital signature schemes, private keys play the most fundamental role of security and trust. Once a private key is compromised, the key owner loses all of the protection to himself so that he can be impersonated. Hence it is crucial for a private key owner to know whether his key has been stolen. The first study toward detecting private key disclosure is [4], where the schemes based on the time-division and private key updating are presented. The approach is similar to the forward-secure signature in the key-update style. In this paper we propose a completely different approach for a user to detect whether his private key for signing digital signatures is compromised. The solution satisfies the four attractive properties: 1) the user need not possess another cryptographic key and what he has are his private key and a memorable password; 2) the signature schemes are not in the update of the private key in time-divided manner and our method can be applied to the existing signature schemes; 3) although a trusted party (TP) is required in our method, the user and the TP need not share any secret; and 4) the user is stateless, i.e., he does not need to record all the messages and the signatures he has signed before.