Paper 2022/1753

DSKE: Digital Signature with Key Extraction

Zhipeng Wang, Imperial College London
Orestis Alpos, University of Bern
Alireza Kavousi, University College London
Harry W. H. Wong, The Chinese University of Hong Kong
Sze Yiu Chau, The Chinese University of Hong Kong
Duc V. Le, VISA Research
Christian Cachin, University of Bern
Abstract

This work introduces DSKE, digital signatures with key extraction. In a DSKE scheme, the private key can be extracted if more than a threshold of signatures on different messages are ever created while, within the threshold, each signature continues to authenticate the signed message. We give a formal definition of DSKE, as well as two provably secure constructions, one from hash-based digital signatures and one from polynomial commitments. We demonstrate that DSKE is useful for various applications, such as spam prevention and deniability. First, we introduce the GroupForge signature scheme, leveraging DSKE constructions to achieve deniability in digital communication. GroupForge integrates DSKE with a Merkle tree and timestamps to produce a ``short-lived'' signature equipped with extractable sets, ensuring deniability under a fixed public key. We illustrate that GroupForge can serve as a viable alternative to Keyforge in the non-attributable email protocol of Specter, Park, and Green (USENIX Sec '21), thereby eliminating the need for continuous disclosure of outdated private keys. Second, we leverage the inherent extraction property of DSKE to develop a Rate-Limiting Nullifier (RLN) scheme. RLN efficiently identifies and expels spammers once they exceed a predetermined action threshold, thereby jeopardizing their private keys. Moreover, we implement both variants of the DSKE scheme to demonstrate their performance and show it is comparable to existing signature schemes. We also implement GroupForge from the polynomial commitment-based DSKE and illustrate the practicality of our proposed method.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. CT-RSA 2025
Keywords
Digital SignaturesPolynomial CommitmentsDeniabilityNon-attributabilityHash-based Signatures
Contact author(s)
zhipeng wang20 @ imperial ac uk
oralpos @ gmail com
alireza kavousi 21 @ ucl ac uk
whwong @ ie cuhk edu hk
sychau @ ie cuhk edu hk
levduc112 @ gmail com
christian cachin @ unibe ch
History
2025-01-14: last of 6 revisions
2022-12-21: received
See all versions
Short URL
https://ia.cr/2022/1753
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1753,
      author = {Zhipeng Wang and Orestis Alpos and Alireza Kavousi and Harry W. H. Wong and Sze Yiu Chau and Duc V. Le and Christian Cachin},
      title = {{DSKE}: Digital Signature with Key Extraction},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1753},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1753}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.