In a roaming system, users who access the network system from different client machines would do digital signatures for some security goals. One of the major concerns in this system is how to protect the user?s private data (such as long-term key) from disclosure. In this study, we present a server-aided RSA signature scheme based on password. In this scheme, the user?s private key is split into two parts which are stored in two servers respectively and a roaming user who wants to make the RSA signature on a message only need to provide a password. If not all of the servers are compromised, the password and the private key would not be disclosed. Compared with He et al.?s protocol, our scheme has four advantages. First of all, the involved servers do not need public keys; second, our scheme has less communication rounds; third, the servers have symmetrical position which provides convenience for implementation; last, our scheme could run more efficiently.
展开▼
