CISPA
Browse

Delegating FIDO Credentials Using Single-use ECDSA Signatures

Download (736.14 kB)
conference contribution
posted on 2024-07-17, 11:26 authored by Yeoh Wei ZhuYeoh Wei Zhu, Lucjan Hanzlik, Oliver Valta
Single-use delegatable signatures allow a delegatee to give the signing right in a restrictive way to a third party. This cryptographic primitive finds applications in the design of blank checks and can even delegate access rights in web authentication. Unfortunately, known constructions work only with non-standard signature schemes and require non-existing secure hardware, making them impractical.In this paper, we construct single-use delegatable ECDSA signatures based on commodity smartphones with hardware-backed keystores. We show how to apply our construction to the web authentication use case. In particular, we show how to delegate FIDO credentials to third parties while not introducing new assumptions to the setting besides the delegate’s trust in the security of the keystore. As an independent application, we discuss the use of our construction as a way to implement blind checks in ECDSA-based cryptocurrencies.

History

Primary Research Area

  • Algorithmic Foundations and Cryptography

Name of Conference

ACM ASIA Conference on Computer and Communications Security (AsiaCCS)

Journal

Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Page Range

1801–1813-1801–1813

Publisher

Association for Computing Machinery

BibTeX

@conference{Zhu:Hanzlik:Valta:2024, title = "Delegating FIDO Credentials Using Single-use ECDSA Signatures", author = "Zhu, Yeoh Wei" AND "Hanzlik, Lucjan" AND "Valta, Oliver", year = 2024, month = 7, journal = "Proceedings of the 19th ACM Asia Conference on Computer and Communications Security", pages = "1801–1813--1801–1813", publisher = "Association for Computing Machinery", doi = "10.1145/3634737.3657004" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC