Proactive Two-Party Signatures for User Authentication

Antonio Nicolosi, Maxwell Krohn, Yevgeniy Dodis, David Mazières

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We study proactive two-party signature schemes in the context of user authentication. A proactive two-party signature scheme (P2SS) allows two parties—the client and the server—jointly to produce signatures and periodically to refresh their sharing of the secret key. The signature generation remains secure as long as both parties are not compromised between successive refreshes. We construct the first such proactive scheme based on the discrete log assumption by efficiently transforming Schnorr’s popular signature scheme into a P2SS. We also extend our technique to the signature scheme of Guillou and Quisquater (GQ), providing two practical and efficient P2SSs that can be proven secure in the random oracle model under standard discrete log or RSA assumptions. We demonstrate the usefulness of P2SSs (as well as our specific constructions) with a new user authentication mechanism for the Self-certifying File System (SFS) [28]. Based on a new P2SS we call 2Schnorr, the new SFS authentication mechanism lets users register the same public key in many different administrative realms, yet still recover easily if their passwords are compromised. Moreover, an audit trail kept by a secure authentication server tells users exactly what file servers an attacker may have accessed—including even accounts the user may have forgotten about.

Original languageEnglish (US)
Title of host publicationProceedings of the Symposium on Network and Distributed System Security, NDSS 2003
PublisherThe Internet Society
ISBN (Electronic)1891562169, 9781891562167
StatePublished - 2003
Event10th Symposium on Network and Distributed System Security, NDSS 2003 - San Diego, United States
Duration: Feb 6 2003 → …

Publication series

NameProceedings of the Symposium on Network and Distributed System Security, NDSS 2003

Conference

Conference10th Symposium on Network and Distributed System Security, NDSS 2003
Country/TerritoryUnited States
CitySan Diego
Period2/6/03 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Proactive Two-Party Signatures for User Authentication'. Together they form a unique fingerprint.

Cite this