certificateless signature a new security model and an improved generic construction
Download
Skip this Video
Download Presentation
Certificateless signature: a new security model and an improved generic construction

Loading in 2 Seconds...

play fullscreen
1 / 14

Certificateless signature: a new security model and an improved generic construction - PowerPoint PPT Presentation


  • 98 Views
  • Uploaded on

Certificateless signature: a new security model and an improved generic construction. B.C. Hu, D.S. Wang, X.Deng, Z. Zhang Des Codes Crypt (2007) 42 (IF:0.745 58/86) Presenter: Yu-Chi Chen. Outline. Introduction Hu et al.’s construction Girault level-3 security Conclusion. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Certificateless signature: a new security model and an improved generic construction' - nascha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
certificateless signature a new security model and an improved generic construction

Certificateless signature: a new security model and an improved generic construction

B.C. Hu, D.S. Wang, X.Deng, Z. Zhang

Des Codes Crypt (2007) 42 (IF:0.745 58/86)

Presenter: Yu-Chi Chen

outline
Outline.
  • Introduction
  • Hu et al.’s construction
  • Girault level-3 security
  • Conclusion
introduction
Introduction.
  • Traditional PKC
  • ID-based PKC: 1984
  • CertificatelessPKC: 2003
id pkc
ID-PKC

User (signer) ID1

Private Key Generation

master-key = s

mpk=sP

Secure channel

Require priv-key

Sign:

σ=sH(ID1)+H(M,…)

Return priv-key=sH(ID1)

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),P)

cl pkc
CL-PKC

Decide his secret value r

And public key pk=rP

User (signer) ID1

Key Generation Center

master-key = s

mpk=sP

Secure channel

Require part-priv-key

Sign:

σ=sH(ID1)+rH(M,…)

Return part-priv-key=sH(ID1)

bulletin board

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)

outline1
Outline.
  • Introduction
  • Hu et al.’s construction
  • Girault level-3 security
  • Conclusion
hu et al s construction
Hu et al.’s construction
  • In this paper, Hu et al. proposed
    • The public key replacement for some schemes.
    • A new security model (a little modification for the previous model)
    • An improved generic construction (with IDB, more algorithms)
      • good or not good?
    • An extended construction
cl pkc1
CL-PKC

Decide his secret value r

And public key pk=rP

User (signer) ID1

Key Generation Center

master-key = s

mpk=sP

Secure channel

Require part-priv-key

Sign:

σ=sH(ID1)+rH(M,…)

Return part-priv-key=sH(ID1)

bulletin board

User (verifier)

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)

slide9
A malicious KGC impersonates a user as a signer to generate a valid signature which can be accepted by the verifier.

Decide his secret value r’

And public key pk’=r’P

KGC (signer) ID1

User (signer) ID1

Key Generation Center

master-key = s

mpk=sP

Secure channel

Require part-priv-key

Sign:

σ=sH(ID1)+r’H(M,…)

Return part-priv-key=sH(ID1)

This signature is not mine. I want to deny.

bulletin board

User (verifier)

Sorry, there is no way to prove the claim of this user is right.

Use ID1 and PKG’s mpk=sP to check

e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk’)

hu et al s construction1
Hu et al.’s construction
  • Hu et al.’s remedy:
    • The public key is inserted into the partial-private-key.
slide11
Hu et al.’s remedy:
    • The user’s public key is replaced by the KGC with another key.
    • He can take his partial-private-key to argue that the public key is not his, since the partial-private-key contains his actual public key.
outline2
Outline.
  • Introduction
  • Hu et al.’s construction
  • Girault level-3 security
  • Conclusion
girault level 3 security
Girault level-3 security
  • Level 3. KGC does not know any user's secret value and cannot act as any user by generating a false partial private key without being detected.
outline3
Outline.
  • Introduction
  • Hu et al.’s construction
  • Girault level-3 security
  • Conclusion
ad