Cryptography
public-key signature pki
Updated Sun, 18 Sep 2022 19:42:54 GMT

Is there any way to (irrevocably) *transfer* a private key to another person?

Let's say that Alice is the administrator of a group. For each message generated by a group member, Alice uses an administrator's private key ($$sk$$) to sign it, indicating that this message has been checked by her. One day, Bob takes over from Alice. Therefore, Alice sends Bob the $$sk$$ in a secure channel. But the security concern is that since $$sk$$ is not changed, Alice still has the ability to sign messages using the $$sk$$. So I wonder if there is any cryptography technology that can prevent Alice from using this $$sk$$ after it is sent to Bob.

More generally, this question can be described as follows: Is there a way to transfer the ability to sign from A to B while keeping the same public key and preventing A from signing after the transfer is complete? (If needed, it is okay to change $$sk$$ as long as other requirements are satisfied.)

Solution

Sign a message revoking Alice's old public key and certifying Bob's newly generated key. Include a timestamp from some timestamping athority and related metadata in the message.

There's no way for the public key to stay the same, unless some CA issues certificates for Alice and Bob and people trust CA's public key and certificates issued by this CA.

There are some problem with participants rejecting future Bob's messages when the revocation message and the new public key are somehow concealed by Alice. There's also the problem that Alice can fake back-dated messages to make them think it's a valid old message.

For the second part, a timestamping authority need to be established. For the first part, I can't think of any solution. Maybe we should require all messages be signed by at least some minimum number of required people (e.g. 5 out of 7 sign messages and revocation notifications).