A Forward-Backward Secure Signature Scheme

The key exposures carry very serious problems, it is regarded a total break down of the system. In order to avoid this undesirable situation, the goal of forward security is to protect against this kind of threat. A protocol is said to provide forward secrecy if compromising long-term secret keys does not compromise past secret keys that were previously established. Bellare and Miner first proposed signatures with forward-security properties [4]. In 2001, Abdalla and Reyzin improved Bellare-Miner’s forward-secure GQ signature schemes with a shorter public key [2]. In 2002, Malkin, Micciancio and Miner construct an efficient forward-secure digital signature scheme. The number of time periods can be used is bounded only by an exponential function of the security parameter [10]. In the same year, Kozlov and Reyzin proposed an efficient Key Update of all known schemes, requiring just a single modular squaring. They claimed that more frequent key update will enhance the signature security [6]. Since then, many works related to forward-secure schemes have been proposed [1, 5-9, 12, 14]. The main concept of the forward-secure signature scheme is that the public key remains fixed, while the secret signing key is updated at regular intervals. Each secret signing key is used for signing messages only during a particular time period. At the end of each time period, a new secret key is produced and the old one is erased. This can be useful to mitigate the damage caused by key exposure without requiring distributions of keys.