@InProceedings{ACHR06, author = { Ben Adida and David Chau and Susan Hohenberger and Ronald L. Rivest }, title = { Lightweight Email Signatures (Extended Abstract) }, pages = { 288--302 }, OPTurl = { http://dx.doi.org/10.1007/11832072_20 }, doi = { 10.1007/11832072_20 }, booktitle = { Proceedings 5th Conference on Security and Cryptography for Networks }, date = { 2006 }, editor = { Roberto De Prisco and Moti Yung }, publisher = { Springer }, isbn = { 978-3-540-38080-1 }, series = { Lecture Notes in Computer Science }, volume = { 4116 }, OPTyear = { 2006 }, OPTmonth = { September 6--8, }, eventdate = { 2006-09-06/2006-09-08 }, eventtitle = { SCN '06 }, venue = { Maiori, Italy }, abstract = { We present \emph{Lightweight Email Signatures} (LES), a simple cryptographic architecture for authenticating email. LES is an extension of DKIM, the recent IETF effort to standardize domain-based email signatures. LES shares DKIM's ease of deployment: they both use the DNS to distribute a single public key for each domain. Importantly, LES supports common uses of email that DKIM jeopardizes: multiple email personalities, firewalled ISP's, incoming-only email forwarding services, and other common uses that often require sending email via a third-party SMTP server. In addition, LES does not require DKIM's implied intra-domain mechanism for authenticating users when they send email. \par LES provides these features using identity-based signatures. Each domain authority generates a master keypair, publishes the public component in the DNS, and stores the private component securely. Using this private component, the authority delivers to each of its users, via email, an individual secret key whose identity string corresponds to the user's email address. A sender then signs messages using this individual secret key. A recipient verifies such a signature by querying the appropriate master public key from the DNS, computing the sender's public key, and verifying the signature accordingly. As an added bonus, the wide-spread availability of user-level public-keys enables deniable authentication, such as ring signatures. Thus LES provides email authentication with optional deniability. \par We build a LES prototype to determine its practicality. Basic user tests show that the system is relatively easy to use, and that the cryptographic performance, even when using deniable authentication, is well within acceptable range. }, }