Cryptography Reference
In-Depth Information
Non-repudiation is, by definition, rather an 'asymmetric' requirement in that it
demands a capability that is linked to a specific entity, not one that is shared
with any other entity (unlike confidentiality, for example). It should thus not be
a surprise that digital signature schemes are normally provided using techniques
associated with public-key cryptography. That said, there are several special
circumstances where symmetric techniques based on MACs can be used to
provide non-repudiation.
7.2.1
Arbitrated digital signature schemes
The first case arises when there exists a trusted third party, the
arbitrator
, who
participates in the transfer of data and generates evidence that can be used to
settle any disputes. Both the signer and verifier trust the arbitrator. Disputes are
settled based on the premise that a statement is true if the arbitrator says that it
is true.
An example of an
arbitrated digital signature scheme
is illustrated in Figure 7.1.
Prior to using the scheme in Figure 7.1, it is assumed that all the parties involved
have agreed upon a method for computing MACs. Further, the signer and the
arbitrator share a symmetric MAC key
KS
, and the verifier and the arbitrator
share a symmetric MAC key
KV
. To generate a digital signature on some data:
1. The signer computes a MAC on the message using key
KS
. The sender then
sends the message and the MAC to the arbitrator. (This message includes an
indication of the identities of the signer and the intended verifier.)
2
3
KS
KV
Arbitrator
1
4
KS
KV
Signer
Verifier
Figure 7.1.
An arbitrated digital signature scheme
