Forward-Secure Signatures with Untrusted Update

By Xavier Boyen, Hovav Shacham, Emily Shen, and Brent Waters.

In 13th ACM Conference on Computer and Communications Security (CCS 2006), pages 191-200. ACM Press, 2006.


In most forward-secure signature constructions, a program that updates a user's private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with several security architectures including Gnu Privacy Guard (GPG) and S/MIME, where the private key is encrypted under a user password as a ``second factor'' of security, in case the private key storage is corrupted, but the password is not.

We introduce the concept of forward-secure signatures with untrusted update, where the key update can be performed on an encrypted version of the key. Forward secure signatures with untrusted update allow us to add forward security to signatures, while still keeping passwords as a second factor of security. We provide a construction that has performance characteristics comparable with the best existing forward-secure signatures. In addition, we describe how to modify the Bellare-Miner forward secure signature scheme to achieve untrusted update.


- published paper (PS) (PDF) © ACM
- full version (PS) (PDF) (also accessible on the cryptology eprint archive)
- presentation slides (HTML)


  author = {Xavier Boyen and Hovav Shacham and Emily Shen and Brent Waters},
  title = {Forward-Secure Signatures with Untrusted Update},
  booktitle = {ACM Conference on Computer and Communications Security---CCS 2006},
  pages = {191--200},
  publisher = {New-York: ACM Press},
  year = {2006},
  note = {Available at \url{}}

Unless indicated otherwise, these documents are Copyright © Xavier Boyen; all rights reserved in all countries.
Back to Xavier's homepage