Certificateless signature revisited - PowerPoint PPT Presentation

austin-morris
certificateless signature revisited n.
Skip this Video
Loading SlideShow in 5 Seconds..
Certificateless signature revisited PowerPoint Presentation
Download Presentation
Certificateless signature revisited

play fullscreen
1 / 12
Download Presentation
Certificateless signature revisited
186 Views
Download Presentation

Certificateless signature revisited

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Certificateless signature revisited X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07 Presenter: Yu-Chi Chen

  2. Outline. • Introduction • Huang et al.’s scheme • Conclusion

  3. Introduction. • Traditional PKC • ID-based PKC: 1984 • CertificatelessPKC: 2003

  4. ID-PKC User (signer) ID1 Private Key Generation master-key = s mpk=sP Secure channel Require priv-key Sign: σ=sH(ID1)+H(M,…) Return priv-key=sH(ID1) User (verifier) Use ID1 and PKG’s mpk=sP to check e(σ,P)=? e(mpk, H(ID1))e(H(M,…),P)

  5. CL-PKC Decide his secret value r And public key pk=rP User (signer) ID1 Key Generation Center master-key = s mpk=sP Secure channel Require part-priv-key Sign: σ=sH(ID1)+rH(M,…) Return part-priv-key=sH(ID1) bulletin board User (verifier) Use ID1 and PKG’s mpk=sP to check e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)

  6. Outline. Introduction Huang et al.’s scheme Conclusion 6

  7. Huang et al.’s scheme • In this paper, Huang et al. proposed a short certificateless signature scheme • Short: 160 bit (elliptic curve) • Conventional security model

  8. Conventional security model • Game I (An adversary can replace any user’s public key, but it cannot access master-key) • Setup. • Attack: public-key queries, partial-private-key queries, sign queries, public-key-replacement. • Forgery. • A wins the game iff it can forge a valid signature which has never been queried.

  9. Short CLS • Setup. (omitted.) • Secret-Value: The user sets a value • Partial-private-key: KGC sets the partial-private-key to the user

  10. Short CLS • Public-key: the user sets his public key • Private-key: the user sets his private key • Sign: • Ver:

  11. Outline. Introduction Huang et al.’s scheme Conclusion 11

  12. Conclusion • Hu et al.’s CLS scheme is short, but Du and Wen’s scheme is more efficient. • Shim in 2009 present a cryptanalysis for short CLS schemes. (next page.)