Proactive Two-Party Signatures for User Authentication

Antonio Nicolosi, Maxwell Krohn, Yevgeniy Dodis, David Mazières

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

45 Scopus citations

Abstract

We study proactive two-party signature schemes in the context of user authentication. A proactive two-party signature scheme (P2SS) allows two parties—the client and the server—jointly to produce signatures and periodically to refresh their sharing of the secret key. The signature generation remains secure as long as both parties are not compromised between successive refreshes. We construct the first such proactive scheme based on the discrete log assumption by efficiently transforming Schnorr’s popular signature scheme into a P2SS. We also extend our technique to the signature scheme of Guillou and Quisquater (GQ), providing two practical and efficient P2SSs that can be proven secure in the random oracle model under standard discrete log or RSA assumptions. We demonstrate the usefulness of P2SSs (as well as our specific constructions) with a new user authentication mechanism for the Self-certifying File System (SFS) [28]. Based on a new P2SS we call 2Schnorr, the new SFS authentication mechanism lets users register the same public key in many different administrative realms, yet still recover easily if their passwords are compromised. Moreover, an audit trail kept by a secure authentication server tells users exactly what file servers an attacker may have accessed—including even accounts the user may have forgotten about.

Original languageEnglish
Title of host publicationProceedings of the Symposium on Network and Distributed System Security, NDSS 2003
ISBN (Electronic)1891562169, 9781891562167
StatePublished - 2003
Event10th Symposium on Network and Distributed System Security, NDSS 2003 - San Diego, United States
Duration: 6 Feb 2003 → …

Publication series

NameProceedings of the Symposium on Network and Distributed System Security, NDSS 2003

Conference

Conference10th Symposium on Network and Distributed System Security, NDSS 2003
Country/TerritoryUnited States
CitySan Diego
Period6/02/03 → …

Fingerprint

Dive into the research topics of 'Proactive Two-Party Signatures for User Authentication'. Together they form a unique fingerprint.

Cite this