Test of Significance Presenter: Shib Sekhar Datta Moderator: M S Bharambe.
Certificateless signature revisited X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07...
-
Upload
mervyn-patrick-fitzgerald -
Category
Documents
-
view
237 -
download
0
Transcript of Certificateless signature revisited X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07...
Certificateless signature revisited
X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu
ACISP’07
Presenter: Yu-Chi Chen
Outline.
• Introduction
• Huang et al.’s scheme
• Conclusion
2
Introduction.
• Traditional PKC
• ID-based PKC: 1984
• Certificateless PKC: 2003
3
ID-PKC
Private Key Generationmaster-key = smpk=sP Require priv-key
Return priv-key= sH(ID1)
User (signer) ID1
Sign:σ=sH(ID1)+H(M,…)
Secure channel
User (verifier)
Use ID1 and PKG’s mpk=sP to check e(σ,P) =? e(mpk, H(ID1))e(H(M,…),P)
4
CL-PKC
Key Generation Centermaster-key = smpk=sP Require part-priv-key
Return part-priv-key= sH(ID1)
User (signer) ID1
Sign:σ=sH(ID1)+rH(M,…)
Secure channel
User (verifier)
Use ID1 and PKG’s mpk=sP to check e(σ,P) =? e(mpk, H(ID1))e(H(M,…),pk)
Decide his secret value rAnd public key pk=rP
bulletin board
ID pk
5
Outline.
• Introduction
• Huang et al.’s scheme
• Conclusion
6
Huang et al.’s scheme
• In this paper, Huang et al. proposed a short certificateless signature scheme– Short: 160 bit (elliptic curve)
– Conventional security model
7
Conventional security model
• Game I (An adversary can replace any user’s public key, but it cannot access master-key)– Setup.
– Attack: public-key queries, partial-private-key queries, sign queries, public-key-replacement.
– Forgery.• A wins the game iff it can forge a valid signature which
has never been queried.
Short CLS
• Setup. (omitted.)
• Secret-Value: The user sets a value
• Partial-private-key: KGC sets the partial-private-key to the user
Short CLS
• Public-key: the user sets his public key
• Private-key: the user sets his private key
• Sign:
• Ver:
Outline.
• Introduction
• Huang et al.’s scheme
• Conclusion
11
Conclusion
• Hu et al.’s CLS scheme is short, but Du and Wen’s scheme is more efficient.
• Shim in 2009 present a cryptanalysis for short CLS schemes. (next page.)
12