Forward-Secure Identity-Based Signature: New Generic Constructions and Their Applications
As modern cryptographic schemes rely their security on the secrecy of the private keys used in them, exposing such keys results in a total loss of security. In fact, attackers have been developing various techniques to seize the secret keys rather than to cryptanalyze the underlying cryptographic primitives. Digital signature schemes, which are widely employed in many applications, are not an exception to the key exposure problem. A number of solutions for protecting signature schemes from key exposure have been proposed, and one of them is a forward-secure signature. Informally, forward-secure signature schemes can guarantee the unforgeability of the past signatures, even if the current secret signing key is exposed. In this paper, we propose an efficient generic construction of forward-secure identity-based signature (FSIBS) that retains unforgeability of past signatures in spite of the exposure of the current signing key. Our construction, supported by formal security analysis, brings about concrete FSIBS schemes which are more efficient than existing schemes in the literature. Especially, one of our instantiations of FSIBS based on discrete-log primitive turns out to be the most efficient among existing ones. We extend our generic construction employing the technique used in Merkle’s tree signature to reduce the size of public parameters. Additional contribution of this paper is to refine the definition of security of FSIBS in such a way that users in the system can freely specify time periods over which their signing keys evolve.