Question

Suppose that a certain authority is running a (publicly accessible) database of users’ public keys. Let us define the following procedure for revoking a public key from the database. When a user Alice claims that the secret key skA corresponding to his public key pkA was stolen, she sends to the authority the statement “Revoke Alice’s public key pkA” which is signed using skA . Upon receiving such the statement, the authority revokes pkA from the database. Explain why it is not necessary for the authority to check Alice’s identity in this case. In particular, explain why it is not a problem that an adversary who has stolen Alice’s secret key skA can forge signatures for this key. Hint: Consider the following two cases: 1) Alice’s secret key skA was not stolen; 2) Aice’s secret key skA was stolen.

Answer 1

Here is what we know,

pkA,skA =Alice's public and private keys respectively.

Note that skA is a secret key that Alice possesses and shouldn't be shared with anyone.

The private key is to be shared between two parties.

The public key can be used by anyone but the private key is to be shared between two parties only.

Also, Private Key is used to both encrypt and decrypt the data and is shared between the sender and receiver of encrypted data.The Public Key is only used to encrypt data and to decrypt the data, the private key is used and is shared.

The authority will encrypt a certain message using Alice's public key and then send the encrypted message to Alice. Alice can then use his private key to decrypt the message, upon receiving it.

Case 1: (Alice's secret key skA was not stolen)

In case the private key is not stolen, Alice would not complain to the authorities and can succesfully decrypt any encypted message sent by the authority. Even if she does complain of her skA being stolen , the authority can revoke Alice's pkA. A new pkA will be alloted to him and the sKA for the corresponding new pkA will be shared with Alice.

Case 2: (Aice’s secret key skA was stolen)

In this case Alice will complain to the authority and they will immediately revoke Alice's pkA. So now alice will write to the authority, this message will be encrypted using Alice's skA (possessed only by her). Thus, it is not necessary for the authority to check Alice’s identity in this case.

it is not a problem that an adversary who has stolen Alice’s secret key skA can forge signatures for this key as since Alice's pkA has been revoked , possessing and forging  of Alice's skA will practically be of no use.