1 / 13

Study on The Secure Key-Evolving Protocols

This study explores the concept and implementation of key-evolving protocols, addressing the critical issue of key exposure in cryptographic systems. The introduction highlights the vulnerabilities associated with static secret keys, emphasizing the necessity for dynamic key management. Key-evolving encryption and signature schemes are examined, showcasing their ability to mitigate damage from compromised keys. Additionally, the paper discusses previous work and outlines future directions for research in secure cryptographic protocols. Insights into forward and backward security, key generation, and signing algorithms are also provided.

imogene-dixon
Download Presentation

Study on The Secure Key-Evolving Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Study on The Secure Key-Evolving Protocols Kim Joong Man 20022036 seopo@icu.ac.kr

  2. Contents • Introduction • What is the Key-evolving? • Preliminaries • Key-evolving encryption scheme • Key-evolving signature scheme • Previous Work • FutureWork • References

  3. Introduction • The Key Exposure Problem • The exposure of the secret (signing) key is the total break of the system • In practice, a more serious threat to security than the possibility of cryptanalysis of the signature scheme itself • How to protect Bob’s private key • Replace Bob’s public key when his private key is exposed - Not practical since Bob may not be aware of losing his private key • Protect Bob’s private key on a secure device - Quite costly • Use a threshold scheme to distribute SK - TA’s bear heavy load of computation

  4. Our Goal • To mitigate damage caused by key exposure • Single-machine technique : no distribution of keys • No special hardware

  5. ……… Period 1 Period 2 Period T h h h h …… SK SK1 SK2 SKT What is the Key-evolving? (Anderson’s Key-Evolving Paradigm) • Break lifetime of scheme into T time periods • e.g., 1 period = 1 day; T = 365 • PK fixed – important for key management! • SK evolves via public one-way function h • SKj is deleted after time period j is over • Signature is pair ( j,tag ) , where j is the time period in which the signature occurred

  6. Preliminaries • Forward-secure • The compromise of the current secret keywill not compromise previous secret keys • Backward-secure • The compromise of the current secret key will not compromise future secret keys • Key-independent • The protocol is both Forward-secure and Backward-secure

  7. Key generation algorithm Gen (1k, N ) = ( PK, SK0 ) Private key update algorithm Upd ( PK, SKj-1, j ) = SKj Encryption algorithm Enc ( PK, m, j ) = < j,c > Decryption algorithm Dec ( SKj, < j,c > ) = m Key-evolving encryption scheme N is the total number of time periods, 1k is a security parameter j is the current time period

  8. Key generation algorithm Gen (1k, N ) = ( PK, SK1 ) Signing algorithm Sign ( SKj , M ) = < j,sign > Secret key update algorithm Upd ( SKj ) = SKj+1 Verification algorithm If Ver ( PK, M, < j,sign > ) = 1 then accept else reject Key-evolving signature scheme N is the total number of time periods, 1k is a security parameter sign is the signature of M at the current time period j j+1 is the next time period

  9. P = 2q + 1 Select f(x) ≡ Set up : Previous Work – TT01 Gen (1k, N ) = ( PK, SK0 )

  10. Previous Work – TT01 Upd ( PK, SKj-1) = SKj The decryptor Bob and TA together compute SKj = f(j) from their shares in a secure distributed way Enc ( PK, m, j ) = < j, α, s > Dec ( SKj, < j, α, s > ) = m Compute and return

  11. TA1 TA2 TA3 …… TAz Secure channel Bob Compute SKj Previous Work – TT01 • Key evolving with TA • TA’s together compute SKj at the current time period j • Only Bob (decryptor) knows SKj • Use the Lagrange interpolation method • Communicate via private channel between TA’s and Bob

  12. Future Work • Survey the secure key-evolving schemes • Analysis of previous schemes • Bringing up the problems in key-evolving protocols • Modifying in more efficient scheme

  13. References [1]R.J.Anderson, “Two remarks on public key cryptology”, In rump Session Euro-crypt’97 [2] C.F.Lu, S.W.Shieh, “ Secure Key-Evolving Protocols”, RSA 2002 [3] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, “Handbook of Applied Cryptography”, BocaRaton, 1997 [4] W.Tzeng and Z.Tzeng, “Robust Key-evolving public key encryption schemes”, Record 2001/009, Cryptology ePrint Archive 2001 [5] J.Katz, “A forward-secure public-key encryption scheme”, Cryptology ePrint Archive Report 2002 [6] M.Bellare , S.K.Miner,” A Forward-Secure Digital Signature Scheme”, Cryptology - CRYPTO '99 Proceedings, LNCS 1666 [7] R.Anderson, Invited lecture, Fourth Annual Conference on Computer and Communications Security, ACM, 1997

More Related