certificateless signature revisited
Download
Skip this Video
Download Presentation
Certificateless signature revisited

Loading in 2 Seconds...

play fullscreen
1 / 12

Certificateless signature revisited - PowerPoint PPT Presentation


  • 177 Views
  • Uploaded on

Certificateless signature revisited. X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07 Presenter: Yu-Chi Chen. Outline. Introduction Huang et al.’s scheme Conclusion. Introduction. Traditional PKC ID-based PKC: 1984 Certificateless PKC: 2003. ID-PKC. User (signer) ID 1.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Certificateless signature revisited' - austin-morris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
certificateless signature revisited

Certificateless signature revisited

X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu

ACISP’07

Presenter: Yu-Chi Chen

outline
Outline.
  • Introduction
  • Huang et al.’s scheme
  • Conclusion
introduction
Introduction.
  • Traditional PKC
  • ID-based PKC: 1984
  • CertificatelessPKC: 2003
id pkc
ID-PKC

User (signer) ID1

Private Key Generation

master-key = s

mpk=sP

Secure channel

Require priv-key

Sign:

σ=sH(ID1)+H(M,…)

Return priv-key=sH(ID1)

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),P)

cl pkc
CL-PKC

Decide his secret value r

And public key pk=rP

User (signer) ID1

Key Generation Center

master-key = s

mpk=sP

Secure channel

Require part-priv-key

Sign:

σ=sH(ID1)+rH(M,…)

Return part-priv-key=sH(ID1)

bulletin board

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)

outline1
Outline.

Introduction

Huang et al.’s scheme

Conclusion

6

huang et al s scheme
Huang et al.’s scheme
  • In this paper, Huang et al. proposed a short certificateless signature scheme
    • Short: 160 bit (elliptic curve)
    • Conventional security model
conventional security model
Conventional security model
  • Game I (An adversary can replace any user’s public key, but it cannot access master-key)
    • Setup.
    • Attack: public-key queries, partial-private-key queries, sign queries, public-key-replacement.
    • Forgery.
      • A wins the game iff it can forge a valid signature which has never been queried.
short cls
Short CLS
  • Setup. (omitted.)
  • Secret-Value: The user sets a value
  • Partial-private-key: KGC sets the partial-private-key to the user
short cls1
Short CLS
  • Public-key: the user sets his public key
  • Private-key: the user sets his private key
  • Sign:
  • Ver:
outline2
Outline.

Introduction

Huang et al.’s scheme

Conclusion

11

conclusion
Conclusion
  • Hu et al.’s CLS scheme is short, but Du and Wen’s scheme is more efficient.
  • Shim in 2009 present a cryptanalysis for short CLS schemes. (next page.)
ad