Supervised Usage of Signature Creation Devices

                          Przemyslaw Kubiak and  Miroslaw Kutylowski

                          Faculty of Fundamental Problems of Technology
                               Wroclaw University of Technology

We propose an effective scheme for  controlling usage of secure signature creation devices (SSCD).
With cryptographic means we assure that an inspector can check whether an (ordered) list of signatures
at hand is a complete list of signatures created by the device. It is devoted to  some applications 
like automatic creation of invoices and other financial documents. It may be also very useful in case 
of issuing documents of high importance (e.g., by a notary).

The inspection procedure is probabilistic with no false-negatives  and low probability of false-positives. 
The inspection procedure has to be executed with extra  private keys known only by the inspector. 
The inspection procedure cannot be executed by  the holder of SSCD -- this has to prevent testing integrity 
of the list after list manipulations searching for false-positive result. 

The solution proposed aims to achieve the above-mentioned goal without any changes of signature format,  
verification procedure or introduction of extra fields in a signature. So it can be  implemented in a way 
that does not change the signature scheme from the point of view of the   signers and verifiers --  apart 
from providing the list of signatures to the inspector. 

We present a solution based on signatures built on top of hardness of DL Problem. We provide formal security proofs 
as well as discuss implementation issues. 

Keywords: applied cryptography, secure signature creation device, qualified signature, controlled usage, 
Discrete Logarithm Problem, Diffie-Hellman Problem, Schnorr signature 

accepted for INSCRYPT 2013