1 / 17

A new provably secure certificateless short signature scheme

A new provably secure certificateless short signature scheme. Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput . Math. Appl . ( IF:1.472) Vol. 61, 2011, pp. 1760-1768 Presenter: Yu-Chi Chen. Outline. Introduction Certificateless signatures Shim’s attack The improved scheme

jirair
Download Presentation

A new provably secure certificateless short signature scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source:Comput. Math. Appl.(IF:1.472)Vol. 61, 2011, pp. 1760-1768 Presenter: Yu-Chi Chen

  2. Outline • Introduction • Certificateless signatures • Shim’s attack • The improved scheme • Conclusions

  3. Introduction • Identity-based cryptography • Without CA to manage certificates of public keys. • Private key generator (PKG) knows everyone’s full private key as known as the key escrow problem. • Certificatelesscryptography • Solving the key escrow problem • Key generation center (KGC) cannot has everyone’s full private key

  4. Certificatelesssignatures • A CLS scheme usually constitutes the following algorithms. • Setup • Partial private key extract • Set public key • Set secret value • Sign • Verify

  5. Security model • Two types adversaries - Existential Unforgeability • Type 1 adversary: An outsider • Can replace public key • Cannot access the system master key • Type 2adversary: The KGC • Cannot replace public key • Can access the system master key

  6. Type 1 adversary • Setup. • Attack. • Partial-private-key queries • Public key queries • Secret value queries • Public key replacement • Sign queries • Forgery.A forged signature of • Win the game if the conditions hold. • The forged signature is valid. • The partial-private-key and the forged signature have never been queried. • The public key has never been replaced.

  7. Type 2 adversary • Setup. • Attack. • Partial-private-key queries • Public key queries • Secret value queries • Public key replacement • Sign queries • Forgery.A forged signature of • Win the game if the conditions hold. • The forged signature is valid. • The secret value and the forged signature have never been queried.

  8. Remark on security models • Several different security models have been presented. • In particular, Huang et al. classify different levels of adversaries according to their abilities. • Normal Type 1 adversary • Strong Type 1 adversary • Super Type 1 adversary • …

  9. Outline • Introduction • Certificateless signatures • Shim’s attack • The improved scheme • Conclusions

  10. Shim’s attack • An adversary (Type 1), A, first sets a secret value of ID, r*, and then he computes the corresponding public key pk*. • He replaces the public key of ID with pk*. • He queries a signature of (M, ID, pk*). • Finally, he can recover the partial-private-key by the signature of (M, ID, pk*) and the secret value r*.

  11. Outline • Introduction • Certificateless signatures • Shim’s attack • The improved scheme • Conclusions

  12. The proposed scheme • Setup • Bilinear map:with order q, and P is the generator of G1. • Master key: • Master public key: • Hash functions:

  13. The proposed scheme • Partial-private-key-extract. • User A with IDA can obtain the partial-private-key • Set secret value. • User A with IDAchooses as his secret value. • Set public key. • His public key

  14. Sign. input: • Set • Compute • Return σ as the signature of m. • Verify. • Compute • Check

  15. Security analysis • Our short certificateless signature scheme is existentially unforgeable against a super Type I adversary in random oracle model under the CDH assumption. • Our short certificateless signature scheme is existentially unforgeable against a super Type II adversary in random oracle model under the CDH assumption.

  16. Outline • Introduction • Certificateless signatures • Shim’s attack • The improved scheme • Conclusions

  17. Conclusions • Choi et al. introduces an improved scheme withstand Shim’s attack. • The major inspiration is the two components of partial-private-key. • This scheme is existentially unforgeableunder the CDH assumption respectively against super Type I and II adversaries.

More Related