!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
                                       
                   B O S T O N   U N I V E R S I T Y
                                       
                      Computer Science Department
                                       
                          C O L L O Q U I U M

         Forward-Secure Signatures with Optimal Signing and Verifying

                           Leonid Reyzin 
                   Laboratory for Computer Science
                 Massachusetts Institute of Technology

   			Wednesday, February 21
			       11:00 am
                       (Coffee served at 10:45PM)

                                       
                         Seminar Room / MCS 135
                         
Ordinary digital signatures have an inherent weakness: if the secret key
is leaked, then all signatures, even the ones generated before the leak,
are no longer trusworthy.  Forward-secure digital signatures were proposed
recently by Anderson and formalized Bellare and Miner to address this
weakness: they ensure that past signatures remain secure even if the
current secret key is leaked.

A few forward-secure signature schemes have been recently put forward.
All are significantly less efficient than ordinary signature schemes.

We propose the first forward-secure signature scheme for which both
signing and verifying are as efficient as for some of the most efficient
ordinary signature schemes, each requiring just two modular exponentiations
with a short exponent.  Moreover, this is achieved with only minimal
increases to the sizes of keys and signatures, and without any additional
public storage.

Joint work with Gene Itkis.

-------------------------------------------------------------------------------
For colloquium info, including directions, see http://cs-www.bu.edu/colloquium
-------------------------------------------------------------------------------