Current location - Quotes Website - Personality signature - How to understand forward security
How to understand forward security
"Forward security" should be called "forward security". This definition was first put forward by Mihir Bellare and Sara K. Miner in CRYPTO'99 on the properties of digital signatures [1].

"Perfect forward secrecy" was proposed by Christoph G. Günther in EUROCRYPT'89, which was originally used to define the security of session key exchange protocol [2].

The general meaning of (perfect) forward secrecy is that if the long-term key used to generate the session key is leaked, the session key used in the previous communication will not be leaked, and the previous communication content will not be exposed. Simply put, when you lose this long-term key, the security of your future behavior cannot be guaranteed, but your previous behavior is guaranteed.

The reason why perfection is enclosed in parentheses is because the word contains the nature of unconditional security, and most forward secrecy schemes cannot achieve perfection.

The guarantee of forward security is that the opponent has obtained your current key, but it cannot successfully forge a past signature.

Simply put, these two concepts are used in different environments, but their intention is the same: to ensure the security of the message or the unforgeability of the signature before the key is lost.

Generally speaking, the public key of the scheme (signature, key exchange or encryption) that satisfies the public key environment of forward secrecy or forward security is fixed, and the key is updated with time. This updating process is one-way, so it is guaranteed that the current key can be obtained, but the previous key cannot be recovered, thus ensuring "forward security".

Correspondingly, there is the concept of "backward secrecy or security", but this concept has been studied less, and the subject can check it himself if he is interested.

References:

Bellare, mihir and Sarah K. Miner. "Forward secure digital signature scheme." Advances in Cryptography-—Crypto'99. Heidelberg, Berlin, springer, 1999.

[2]Christoph g. g. g. g. gunther, Cryptography Progress of Identity-based Key Exchange Protocol-—Eurocrypt'89. Heidelberg, Berlin, springer, 1989.