Key Evolution Systems in Untrusted Update Environments

Forward-Secure Signatures (FSS) prevent forgeries for past time periods when an attacker obtains full access to the signer’s storage by evolving the private key in a one-way fashion. To simplify the integration of these primitives into standard security architectures, Boyen et al. [2006] recently introduced the concept of forward-secure signatures with untrusted updates where private keys are additionally protected by a second factor (derived from a password). Key updates can be made on encrypted version of signing keys so that passwords only come into play for signing messages and not at update time (since update is not user-driven). The scheme put forth by Boyen et al. relies on bilinear maps and does not require the random oracle. They also suggest the integration of untrusted updates in the Bellare-Miner forward-secure signature. Their work left open the problem of endowing other existing FSS systems with the same second factor protection, and a natural second question is whether the method can apply to other key-evolving paradigms. This article solves the first problem by showing an efficient generic construction that does not require to set a bound on the number of time periods at key generation. The article then extends the unprotected update model to other key-evolving primitives such as forward-secure public key encryption and key-insulated cryptosystems.</jats:p

Key evolution systems in untrusted update environments

Key-evolving protocols aim at limiting damages when an attacker obtains full access to the signer's storage. To simplify the integration of such mechanisms into standard security architectures, Boyen, Shacham, Shen and Waters suggested the construction of forward-secure signatures (FSS) that protect past periods after a break-in, with untrusted updates where private keys are additionally protected by a second factor (derived from a password). Key updates can be made on encrypted version of private keys so that passwords only come into play for signing messages. Boyen et al. described a pairing-based scheme in the standard model and also suggested the integration of untrusted updates in the Bellare-Miner forward-secure signature. They left open the problem of endowing other efficient FSS systems with the same second factor protection. We first address this problem and suggest generic ways to construct FSS schemes in untrusted update environments. In a second step, we extend the unprotected update model to other key-evolving systems such as forward-secure public key encryption and key-insulated cryptosystems. We then explain how some of the constructions that we proposed for forward-secure signatures can be adapted to these models.Anglai