Summary: Rekeyed Digital Signature Schemes:
Damage-containment in the face of key exposure
Motivated by the problem of delegating signing keys to vulnerable mobile devices, we de-
fine rekeyed digital signature schemes. We provide an adversary model and a strong notion of
security for such schemes, and show that the classic self-certification paradigm, properly imple-
mented, provably meets this notion of security. We then suggest altnerative solutions, based on
identification schemes, and having certain performance benefits compared to self-certification.
Keywords: Digital signatures, key exposure, delegation, forward security, identification schemes,
proofs of security.
Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La
Jolla, California 92093, USA. E-Mail: email@example.com. URL: http://www.michelabdalla.net. Supported
by CAPES under Grant BEX3019/95-2.
Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla,
CA 92093, USA. E-mail: firstname.lastname@example.org. URL: http://www-cse.ucsd.edu/users/mihir. Supported in part by