Signer-Base Intrusion-Resilient (SiBIR) signature schemes were defined in [
IR02]. In this model, as in the case of forward security, time is divided into predefined time periods (e.g., days); each signature
includes the number of the time period in which it was generated; while the public key remains the same, the secret keys evolve
with time. In addition, in SiBIR model, the user has two modules,
signer and
home base: the former generates all signatures on its own, and the latter is needed only to help update the signer’s key from one time
period to the next.
The main strength of the intrusion-resilient schemes, is that they remain secure even after arbitrarily many compromises of both modules, as long as the compromises are not simultaneous. Moreover, even if the intruder does compromise both modules simultaneously,
she will still be unable to generate any signatures for the previous time periods (i.e., the forward security is guaranteed
even in the case of simultaneous exposures). This paper provides the first generic implementation, called gSiBIR, of the intrusion-resilient signature schemes: it can be based on any ordinary signature scheme used as a black-box. gSiBIR is also the first SiBIR scheme secure against fully-adaptive adversary and does not require random oracle. Our construction does require one-way (and cryptographic hash) functions.
Another contribution of this paper is a new mechanism extending treebased constructions such as gSiBIR and that of [BM99] to avoid the limit on the total number of periods (required by [IR02] and many forwardsecure ones). This mechanism is based on explicit use of prefixless (or selfdelimiting) encodings. Applied to the generic forward-secure singature constructions of [BM99],[MMM02], it extends the first and yields modest but noticable improvements to the second. With this mechanism, gSiBIR becomes the first generic intrusion-resilient signature scheme with no limit on the number of periods.