DSKE: Digital Signature with Key Extraction

Zhipeng Wang; Orestis Alpos; Alireza Kavousi; Sze Yiu Chau; Duc V. Le; Christian Cachin

Paper 2022/1753

DSKE: Digital Signature with Key Extraction

Zhipeng Wang, Imperial College London

Orestis Alpos

, University of Bern

Alireza Kavousi, University College London

Sze Yiu Chau, The Chinese University of Hong Kong

Duc V. Le, VISA Research

Christian Cachin

, University of Bern

Abstract

This work introduces DSKE, digital signatures with key extraction. In a DSKE scheme, the private key can be extracted if more than a threshold of signatures on different messages are ever created while, within the threshold, each signature continues to authenticate the signed message. We give a formal definition of DSKE, as well as two provably secure constructions, one from hash-based digital signatures and one from polynomial commitments. We demonstrate that DSKE is useful for various applications, such as spam prevention and deniability. First, we introduce the GroupForge signature scheme, leveraging DSKE constructions to achieve deniability in digital communication. GroupForge integrates DSKE with a Merkle tree and timestamps to produce a ``short-lived'' signature equipped with extractable sets, ensuring deniability under a fixed public key. We illustrate that GroupForge can serve as a viable alternative to Keyforge in the non-attributable email protocol of Specter, Park, and Green (USENIX Sec '21), thereby eliminating the need for continuous disclosure of outdated private keys. Second, we leverage the inherent extraction property of DSKE to develop a Rate-Limiting Nullifier (RLN) scheme. RLN efficiently identifies and expels spammers once they exceed a predetermined action threshold, thereby jeopardizing their private keys. Moreover, we implement both variants of the DSKE scheme to demonstrate their performance and show it is comparable to existing signature schemes. We also implement GroupForge from the polynomial commitment-based DSKE and illustrate the practicality of our proposed method.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: Digital Signatures Polynomial Commitments Deniability Non-attributability Hash-based Signatures
Contact author(s): zhipeng wang20 @ imperial ac uk
orestis alpos @ unibe ch
alireza kavousi 21 @ ucl ac uk
sychau @ ie cuhk edu hk
levduc112 @ gmail com
History: 2024-02-04: last of 3 revisions; 2022-12-21: received; See all versions
Short URL: https://ia.cr/2022/1753
License: CC BY

BibTeX

@misc{cryptoeprint:2022/1753,
      author = {Zhipeng Wang and Orestis Alpos and Alireza Kavousi and Sze Yiu Chau and Duc V. Le and Christian Cachin},
      title = {DSKE: Digital Signature with Key Extraction},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1753},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1753}},
      url = {https://eprint.iacr.org/2022/1753}
}