Certificateless signature revisited
This presentation is the property of its rightful owner.
Sponsored Links
1 / 12

Certificateless signature revisited PowerPoint PPT Presentation


  • 132 Views
  • Uploaded on
  • Presentation posted in: General

Certificateless signature revisited. X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07 Presenter: Yu-Chi Chen. Outline. Introduction Huang et al.’s scheme Conclusion. Introduction. Traditional PKC ID-based PKC: 1984 Certificateless PKC: 2003. ID-PKC. User (signer) ID 1.

Download Presentation

Certificateless signature revisited

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Certificateless signature revisited

Certificateless signature revisited

X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu

ACISP’07

Presenter: Yu-Chi Chen


Outline

Outline.

  • Introduction

  • Huang et al.’s scheme

  • Conclusion


Introduction

Introduction.

  • Traditional PKC

  • ID-based PKC: 1984

  • CertificatelessPKC: 2003


Id pkc

ID-PKC

User (signer) ID1

Private Key Generation

master-key = s

mpk=sP

Secure channel

Require priv-key

Sign:

σ=sH(ID1)+H(M,…)

Return priv-key=sH(ID1)

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),P)


Cl pkc

CL-PKC

Decide his secret value r

And public key pk=rP

User (signer) ID1

Key Generation Center

master-key = s

mpk=sP

Secure channel

Require part-priv-key

Sign:

σ=sH(ID1)+rH(M,…)

Return part-priv-key=sH(ID1)

bulletin board

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)


Outline1

Outline.

Introduction

Huang et al.’s scheme

Conclusion

6


Huang et al s scheme

Huang et al.’s scheme

  • In this paper, Huang et al. proposed a short certificateless signature scheme

    • Short: 160 bit (elliptic curve)

    • Conventional security model


Conventional security model

Conventional security model

  • Game I (An adversary can replace any user’s public key, but it cannot access master-key)

    • Setup.

    • Attack: public-key queries, partial-private-key queries, sign queries, public-key-replacement.

    • Forgery.

      • A wins the game iff it can forge a valid signature which has never been queried.


Short cls

Short CLS

  • Setup. (omitted.)

  • Secret-Value: The user sets a value

  • Partial-private-key: KGC sets the partial-private-key to the user


Short cls1

Short CLS

  • Public-key: the user sets his public key

  • Private-key: the user sets his private key

  • Sign:

  • Ver:


Outline2

Outline.

Introduction

Huang et al.’s scheme

Conclusion

11


Conclusion

Conclusion

  • Hu et al.’s CLS scheme is short, but Du and Wen’s scheme is more efficient.

  • Shim in 2009 present a cryptanalysis for short CLS schemes. (next page.)


  • Login