DESIGN REQUIREMENTS FOR A SECURE TIME-STAMPING SCHEME

摘要

The need to link human actions or paper documents to a moment in time is not new, but the solutions available for the real world do not fit the digital world. Most of the security mechanisms based on key cryptography are short-term solutions and stop working after private keys or algorithms are compromised. The legal requirement of introducing an electronic equivalent for classic paper documents encounters problems, one of them being the difficulty of having secure and trustworthy digital time-stamps. Time-stamping is a relatively new research field which is trying to address the problems related to time and cryptography. But are the currently available time-stamping schemes and standards enough to build secure solutions? Can users rely on the time parameter provided by the time-stamping authority, or can they control its behavior? If not, what design requirements should a new time-stamping scheme consider, in order to fulfill all these goals? Our paper discusses the relationship and interaction between time and cryptography by analyzing all currently available state-of-the-art time-stamping schemes. The article lists a set of design requirements and properties that software developers should consider when implementing secure time-stamping services.