Long-Term Secure Time-Stamping using Preimage-Aware Hash Functions

Commonly used digital signature schemes have a limited lifetime because their security is based on computational assumptions that will potentially break in the future when more powerful computers are available. In 1993, Bayer et al. proposed a method for prolonging the lifetime of a digital signature by time-stamping the signature together with the signed document. Based on their idea long-term timestamp schemes have been developed that generate renewable timestamps. To minimize the risk of a design failure that affects the security of these schemes, it is important to formally analyze their security. However, many of the proposed schemes have not been subject to a formal security analysis yet. In this paper, we address this issue by formally analyzing the security of a hash-based long-term timestamp scheme that is based on the ideas of Bayer et al. Our analysis shows that the security level of this scheme degrades cubic over time, a security loss that needs to be taken into account when the scheme is used in practice.