1 / 18

Identity based s ignature s chemes by using p airings

Identity based s ignature s chemes by using p airings. Parshuram Budhathoki Department of M athematical S cience FAU 02/21/2013. Goal:. Alice wants to send a message to Bob. S he wants to make sure that Bob could verify it, and no one can change the message during the process.

alaric
Download Presentation

Identity based s ignature s chemes by using p airings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity based signature schemes by using pairings ParshuramBudhathokiDepartment of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU

  2. Goal: Alice wants to send a message to Bob. She wants to make sure that Bob could verify it, and no one can change the message during the process. So, she signs her message by using her identity. • Possible Identity : • email id : alice@fau.edu • phone : 561297alice • Address : 777 Glades Road Bob Now after getting message, Bob uses Alice’s identity to verify either its from Alice or someone else. And he could verify that it is written by Alice. ID based signature scheme Alice Cyber Security Seminar, FAU

  3. Outline: • Signature Scheme in ID Based Cryptography • Pairings • Hash Functions • Attack Model • Secure Scheme • Diffie-Hellman Problem • Hess’s Scheme Cyber Security Seminar, FAU

  4. Signature Scheme in ID Based Cryptography: • Setup • Extract • Sign • Verify Cyber Security Seminar, FAU

  5. Signature Scheme in ID Based Cryptography: 2.Extract Trust Authority (TA) 1. Setup Secret Key 3. Sign Public Parameter 4. Verify Private Key for Alice Verify ( Signature, ID ) ID:= alice@fau.edu Verifier Signature:=Sign( Message, Private Key ) Alice Cyber Security Seminar, FAU

  6. Pairing e(P,Q) Range Domain Domain Domain P e V G1 G G Domain Q G2 Cyber Security Seminar, FAU

  7. Pairing Let (G,+) and (V, ∙ ) denote cyclic groups of prime order q , P ∈ G, a generator of G and a pairing e: G x G V isa map which satisfies the followingproperties: Bilinearity : ∀ P, Q , R ∈ G we have e(P+R, Q)= e(P,Q) e(R,Q) and e(P, R+Q)= e(P,R) e(P,Q) 2) Non-degeneracy : There exists P, Q ∈ G such that e(P,Q) ≠1. e is efficiently computable. Cyber Security Seminar, FAU

  8. Hash Functions: Range H H(x) Fixed size Domain No Inverse x Any size Cyber Security Seminar, FAU

  9. Hash Function: • One way transformation • Input := Random size, Output:= Fixed size • H(x1 ) = H(x2) for x1 ≠ x2 , Not possible Cyber Security Seminar, FAU

  10. Private key for ID1 AttackModel: Signature for ID2 and message M GAME Here is the hash value of this & that … Challenger Setup Give me a private key for ID1 Give me a hash value for this and that … Public Parameters Give me a signature for ID2 and message M Adversary Cyber Security Seminar, FAU

  11. AttackModel: GAME Adversary outputs ( ID, M, Signature ) , such that ID and (ID, M) are not equal to the inputs of any query. And, Adversary wins the game if Signature is a valid signature for ID and M. Adversary Cyber Security Seminar, FAU

  12. Secure Scheme We say ID based signature scheme is secure against existential forgery on adaptively chosen message and ID attacks if no polynomial time adversary has a non-negligible probability of success against a challenger in previous Game. Cyber Security Seminar, FAU

  13. Diffie-Hellman Problem: Let G be a cyclic group of order q with generator P. The Diffie-Hellman Problem (DHP) in G is to find, on input (aP, bP, P), with uniformly and independently chosen a,b from {1,…, q}, the value abP. Cyber Security Seminar, FAU

  14. Hess Scheme Let (G, +) and (V,.) denote cyclic groups of prime order q such that G = <P>, and let e: G × G V be a pairing. • The hash functions : • h: {0,1}* × V Zq* • H: {0,1}*  G* Where G* := G\{0} Assumption : DHP in G is hard. Cyber Security Seminar, FAU

  15. Hess Scheme: TA • Setup Algorithm: • Chooses s from Zq* • Master Key := s • Public key Q:= sP 2.Extract Master Key=s 1. Setup 3. Sign Public Key Q= sP 4. Verify Extract Algorithm: SID := s H(ID) SID Verify Algorithm: Compute r = e(U, P) e(H(ID), -Q)V Accept the signature if V = h(M, r) ID:= alice@fau.edu Verifier Sign Algorithm: Alice picks random k from Zq* r = e(SID , P )k V = h(M, r) U = (V + k) SID Alice Signature := (U, V) Cyber Security Seminar, FAU

  16. Correctness of Verification : e ( U, P) . e(H(ID), -Q)V = e ( (V + k) sH(ID), P ) . e( H(ID), -sP)V= e( H(ID), P)s(V+k) e(H(ID), P)-sV = e(H(ID), P)sk = e(sH(ID), P)k = r 2. Accepts if V= h(M, r) Cyber Security Seminar, FAU

  17. Summary • Did we achieve our goal ? • Do we know any Id based signature scheme ? • We have proposed an Id based signature scheme  !!! Cyber Security Seminar, FAU

  18. Questions ? Thank You  Cyber Security Seminar, FAU

More Related