21 October 2018

Slide 1

Signature Validity States

Danny De CockDanny.DeCock@esat.kuleuven.be

Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT)

Computer Security and Industrial Cryptography (COSIC)

Kasteelpark Arenberg 10, bus 2452

B-3001 Heverlee

Belgium

21 October 2018

© KULeuven/ESAT/COSIC, https://www.godot.be/slides Slide 3

Signature Validity

Time

[C,∞[: Signatures can be legally binding

if verified in [CJ[

[CJ]: New valid signatures may be generated

[AC], [K,∞[: All signature verifications fail

Public key expires

Private key expires

Key pair generation

Publish public key

Start using key pair

Signature generation

Signature verification

[J,∞[: Illegal to generate new signatures

A B C D E F G H I J K

21 October 2018

Slide 4

Signature Validity with Revocation

Time

Key pair

generation

Signature

generation

Signature

verification

[CF]: Signatures validated before F may be valid forever

[CG[: New valid signatures may be generated

[AC], [H,∞[: Signature verification returns invalid

A B C D E F G H I J K

Public key expires

Private key expiresIncident

Revoked certificate

Suspended certificate

Last valid signature before the incident

[I,∞[: Illegal to generate new signatures

[GH]: Signatures created in [GI] should be invalid, H may be equal to I

© KULeuven/ESAT/COSIC, https://www.godot.be/slides

21 October 2018

Slide 5

Long Term Signatures

◼ Alice produces a digital signature on data D that will resist time:⚫ Alice collects a time stamp ts1 from a trusted third party (TTP)

⚫ Alice produces a digital signature DigSigAlice(D,ts1) on the time stamp ts1and the data D

⚫ TTP validates a digital signature DigSigAlice(D,ts1) at time ts2

⚫ TTP computes a digital signature DigSigTTP(DigSigAlice(D,ts1),ts2) if and only if the TTP◼ Has validated Alice’s digital signature, and

◼ Confirms that the signature and Alice’s full certificate chain was valid at time ts2

⚫ Alice can now indefinitely rely on DigSigTTP(DigSigAlice(D,ts1),ts2), even if her public key must be revoked, e.g., at time ts3 (after ts2), or if her public key expires

◼ Note: This procedure assumes that no cryptographic weaknesses are discovered in the signature generation and validation algorithms and procedures

Timets1 DigSigAlice(D,ts1) ts2 DigSigTTP(DigSigAlice(D,ts1),ts2) ts3

© KULeuven/ESAT/COSIC, https://www.godot.be/slides

21 October 2018

Slide 6

Archiving Signed Data

◼ Digital signatures remain valid forever if one

stores:

⚫ The digitally signed data

⚫ The digital signature on the data

⚫ The signer’s certificate

⚫ A proof of validity of the signer’s certificate

⚫ The verification timestamp of the signature

◼ Bottom line:

⚫ The integrity of this data should be protected!

⚫ There is no need to retrieve the status of a

certificate in the past!

⚫ Protect your proofs in a digital vault

© KULeuven/ESAT/COSIC, https://www.godot.be/slides

21 October 2018

Belgian eID Card, Technical Aspects

© KULeuven/ESAT/COSIC, https://www.godot.be/slides

Slide 7

Signature Generation/Verification

Hash

1

5

86

Signature

Verification

Engine

Bob

9

12

11

11

1. Compute hash of message

2. Prepare signature

3. Present user PIN

4. SCD generates digital signature

5. Collect digital signature

6. Retrieve signer certificate 10. Compute hash on received message

7. Verify the certificate’s revocation status 11. Verify digital signature

8. Retrieve public key from signer certificate 12. SVD outputs ‘valid signature’

9. Retrieve digital signature on the message or ‘invalid signature’

Beware – Bob should validate Alice’s certificate – Beware

P

4

Signature

Creation

Engine

PIN

32

10

11

7Alice

OCSP

CRL

Hash

21 October 2018

Belgian eID Card, Technical Aspects

© KULeuven/ESAT/COSIC, https://www.godot.be/slides

Slide 8

Signature Generation Steps

Alice’s application

1. Calculates the cryptographic hash on the data to be signed

2. Prepares her eID card to generate an authentication signature or to generate a non-repudiation signature

3. Alice presents her PIN to her eID card

4. Her card generates the digital signature on the cryptographic hash

5. The application collects the digital signature from her eID card

Bob receives an envelope with a digitally signed message and a certificate

hash

1

5

AliceP

4

Signature

Creation

Engine

PIN

32

21 October 2018

Belgian eID Card, Technical Aspects

© KULeuven/ESAT/COSIC, https://www.godot.be/slides

Slide 9

Signature Verification Steps

Bob

6. Retrieves the potential sender’s certificate

7. Verifies the certificate’s revocation status

8. Extracts Alice’s public key from her certificate

9. Retrieves the signature from the message

10. Calculates the hash on the received message

11. Verifies the digital signature with the public key and the hash

12. If the verification succeeds, Bob knows that the eID card of Alice was used to produce the digital signature

“The message comes from Alice” is a business decision

86

Signature

Verification

Engine

Bob

9

12

11

11

hash10

11

7

OCSP

CRL