Suppose that messages have been signed using a user's signature private key during the period of time after a key compromise but before the compromise is detected. This is a period of undetected key compromise. Various techniques for detecting a compromise and preventing forged signature acceptance are presented. Attack protection is achieved by requiring a second level of authentication for the acceptance of signatures, based on information shared with a trusted authority, independent of the signature private key and signing algorithm. Alternatively, attack detection is achieved with an independent sychronization with the authority, using a second factor adaptive non-secret parameter. Preventing forged signature acceptance subsequent to the detection is achieved by the use of a cooling-o or latency period, combined with periodic resynchronization.
Mike Just, Paul C. van Oorschot