Non-repudiation of user messages is a desirable feature in a number of online applications, but it requires digital signatures and certified cryptographic keys. Unfortunately, the adoption of cryptographic keys often results in poor usability, as users must either carry around their private keys (e.g., in a smart-card) or store them in all of their devices. A user-friendly alternative, adopted by several companies and national administrations, is based on so-called “cloud-based PKI certificates”. In a nutshell, each user has a certified key-pair stored at a server in the cloud; users authenticate to the server—via passwords or one-time codes—and ask it to sign messages on their behalf. However, moving the key-pair from user-private storage to the cloud impairs non-repudiation. In fact, users can always deny having signed a message, by claiming that the signature was produced by the allegedly malicious server without their consent. In this paper we present Auditable Asymmetric Password Authenticated Public Key Establishment (
Auditable asymmetric password authenticated public key establishment
CANS 2022, 21st International Conference on Cryptology and Network Security, 13-16 November 2022, Dubai, United Arab Emirates / Also published in Lecture Notes in Computer Science, Vol. 13641
Type:
Conference
City:
Dubai
Date:
2022-11-13
Department:
Digital Security
Eurecom Ref:
7120
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in CANS 2022, 21st International Conference on Cryptology and Network Security, 13-16 November 2022, Dubai, United Arab Emirates / Also published in Lecture Notes in Computer Science, Vol. 13641 and is available at : https://doi.org/10.1007/978-3-031-20974-1_6
See also:
PERMALINK : https://www.eurecom.fr/publication/7120