過去の署名を用いて鍵更新を行うForward-Secure署名方式

摘要

物理的攻撃に対して耐性のある署名方式として，Forward-Secure署名方式やKey-InsulatIed署名方式などが提案されている．Forward-Secure署名方式は，署名対象期間を複数の期間に分割し，署名生成鍵を期間毎に使い分けることにより，署名生成鍵を盗まれた期間以前の鍵で作られた署名の安全性を守る署名方式である．またKey-Insulated 署名方式は，安全なICカード等のデバイスの中に"マスターキー"と呼ばれる鍵更新のための鍵を格納し，署名生成鍵を更新していく署名方式であり，署名生成鍵が盗まれた期間だけで被害が収まるといった利点がある．本稿において提案する署名方式は，Forward-Secure署名方式を基にして構成されており，必ずしも安全なデバイスを仮定すること、がなくとも"過去の期間に作成した署名"を用いて鍵更新を行うことでKeey-Insulated署名方式と同等の性質を実現している．また，過去に作成した署名は偽造署名発見時の証拠としても利用できるといった利点も挙げられる．Several digital signature schemes such as Forward-Secure Digital Signaturesand Key-Insulated Signature Schemes have been proposed in order to realize the resistance to thephysical attacks. The Forward-Secure Digital Signature provides a solution for the problem of thedamage of signing-key exposure by evolving the signing-key for each divided period. If thekey-evolution is one-way, it is shown that the adversary cannot forge any signature which wasgenerated in previous periods even if he could steal a signing-key in the current period by physicalattacks. Also, the Key-Insulated Signature Scheme is a signature scheme with the aim of solving theproblem of damage of key exposure. In this scheme, a signing-key is updating by the use of a secureexternal device, such as smart cards, storing “master-key." Therefore, under the assumption thatthe master-key is kept secure, it is shown that even the adversary who can successfully steal acurrent signing-key cannot forge any signature which is generated in other periods. In this paper,we propose a new digital singnature scheme based on Forward-Secure Digital Signatures. Our schememeets the same security requirement which the Key-Insulated Signature Scheme achieves without asecure external device, since our scheme uses the record of previously issued signatures instead ofthe master-key in order to renew the signing-key. Another advantage of our scheme includes the useof the record of previously issued signatures for the evidence to prove an illegal signature.