Certificateless signature a new security model and an improved generic construction
Download
1 / 14

Certificateless signature: a new security model and an improved generic construction - PowerPoint PPT Presentation


  • 98 Views
  • Uploaded on

Certificateless signature: a new security model and an improved generic construction. B.C. Hu, D.S. Wang, X.Deng, Z. Zhang Des Codes Crypt (2007) 42 (IF:0.745 58/86) Presenter: Yu-Chi Chen. Outline. Introduction Hu et al.’s construction Girault level-3 security Conclusion. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Certificateless signature: a new security model and an improved generic construction' - nascha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Certificateless signature a new security model and an improved generic construction

Certificateless signature: a new security model and an improved generic construction

B.C. Hu, D.S. Wang, X.Deng, Z. Zhang

Des Codes Crypt (2007) 42 (IF:0.745 58/86)

Presenter: Yu-Chi Chen


Outline
Outline.

  • Introduction

  • Hu et al.’s construction

  • Girault level-3 security

  • Conclusion


Introduction
Introduction.

  • Traditional PKC

  • ID-based PKC: 1984

  • CertificatelessPKC: 2003


Id pkc
ID-PKC

User (signer) ID1

Private Key Generation

master-key = s

mpk=sP

Secure channel

Require priv-key

Sign:

σ=sH(ID1)+H(M,…)

Return priv-key=sH(ID1)

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),P)


Cl pkc
CL-PKC

Decide his secret value r

And public key pk=rP

User (signer) ID1

Key Generation Center

master-key = s

mpk=sP

Secure channel

Require part-priv-key

Sign:

σ=sH(ID1)+rH(M,…)

Return part-priv-key=sH(ID1)

bulletin board

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)


Outline1
Outline.

  • Introduction

  • Hu et al.’s construction

  • Girault level-3 security

  • Conclusion


Hu et al s construction
Hu et al.’s construction

  • In this paper, Hu et al. proposed

    • The public key replacement for some schemes.

    • A new security model (a little modification for the previous model)

    • An improved generic construction (with IDB, more algorithms)

      • good or not good?

    • An extended construction


Cl pkc1
CL-PKC

Decide his secret value r

And public key pk=rP

User (signer) ID1

Key Generation Center

master-key = s

mpk=sP

Secure channel

Require part-priv-key

Sign:

σ=sH(ID1)+rH(M,…)

Return part-priv-key=sH(ID1)

bulletin board

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)


A malicious KGC impersonates a user as a signer to generate a valid signature which can be accepted by the verifier.

Decide his secret value r’

And public key pk’=r’P

KGC (signer) ID1

User (signer) ID1

Key Generation Center

master-key = s

mpk=sP

Secure channel

Require part-priv-key

Sign:

σ=sH(ID1)+r’H(M,…)

Return part-priv-key=sH(ID1)

This signature is not mine. I want to deny.

bulletin board

User (verifier)

Sorry, there is no way to prove the claim of this user is right.

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk’)


Hu et al s construction1
Hu et al.’s construction a valid signature which can be accepted by the verifier.

  • Hu et al.’s remedy:

    • The public key is inserted into the partial-private-key.


  • Hu et al.’s remedy: a valid signature which can be accepted by the verifier.

    • The user’s public key is replaced by the KGC with another key.

    • He can take his partial-private-key to argue that the public key is not his, since the partial-private-key contains his actual public key.


Outline2
Outline. a valid signature which can be accepted by the verifier.

  • Introduction

  • Hu et al.’s construction

  • Girault level-3 security

  • Conclusion


Girault level 3 security
Girault level-3 security a valid signature which can be accepted by the verifier.

  • Level 3. KGC does not know any user's secret value and cannot act as any user by generating a false partial private key without being detected.


Outline3
Outline. a valid signature which can be accepted by the verifier.

  • Introduction

  • Hu et al.’s construction

  • Girault level-3 security

  • Conclusion


ad