Monotone Signatures: A Brief Survey
In many real-life situations, massive quantities of signatures have to be issued on cheap passive supports (e.g. paper-based) such as bank-notes, badges, ID cards, driving licenses or passports (hereafter IDs); while large-scale ID replacements are costly and prohibitive, one may reasonably assume that the updating of verification equipment (e.g. off-line border checkpoints or mobile patrol units) is exceptionally acceptable. In such a context, an attacker using coercive means (e.g. kidnapping) can force the system authorities to reveal the infrastructure's secret signature keys and start issuing signatures that are indistinguishable from those issued by the authority.