Intrusion-resilient identity-based signature: Security definition and construction

Traditional identity-based signatures depend on the assumption that secret keys are absolutely secure. Once a secret key is exposed, all signatures associated with this secret key have to be reissued. Therefore, limiting the impact of key exposure in identity-based signature is an important task. In this paper, we propose to integrate the intrusion-resilient security into identity-based signatures to deal with their key exposure problem. Compared with forward-secure identity-based signatures and key-insulated identity-based signatures, our proposal can achieve higher security. The proposed scheme satisfies that signatures in any other time periods are secure even after arbitrarily many compromises of base and signer, as long as the compromises do not happen simultaneously. Furthermore, the intruder cannot generate signatures pertaining to previous time periods, even if she compromises base and signer simultaneously to get all their secret information. The scheme enjoys nice average performance. There are no cost parameters including key setup time, key extract time, base (signer) key update time, base (signer) key refresh time, signing time, verifying time, and signature size, public parameter size, base (signer) storage size having complexity more than O(log T) in terms of the total number of time periods T in this scheme. We also give the security definition of intrusion-resilient identity-based signature scheme and prove that our scheme is secure based on this security definition in the random oracle model assuming CDH problem is hard.