ID-Based Proxy Signature Using Bilinear Pairings
-
Upload
tiger-wiley -
Category
Documents
-
view
66 -
download
0
description
Transcript of ID-Based Proxy Signature Using Bilinear Pairings
1
ID-Based Proxy Signature Using Bilinear Pairings
Author: Jing Xu, Zhenfeng Zhang, and Dengguo FengPresenter: 林志鴻
2
Outline
Introduction Preliminaries The Proposed Scheme Conclusion
3
Introduction
An entity to delegate signing capabilities to other participants so that they can sign on behalf of the entity within a given context
Alice Bob
context
4
Outline
Introduction Preliminaries The Proposed Scheme Conclusion
5
Preliminaries
Bilinear Pairing Gap Diffie-Hellman (GDH) Group ID-Based
6
Bilinear Pairing
e : G × G → V Bilinearity Non-degeneracy Computability
7
Gap Diffie-Hellman (GDH) Group
(t, ε)-gap Diffie-Hellman group CDH problem ︰
given P, aP, bP G∈ compute abP
8
ID-Based
The user’s public key can be calculated directly from his/her identity rather than being extracted from a certificate issued by a certificate authority (CA)
9
Outline
Introduction Preliminaries The Proposed Scheme Conclusion
10
Proposed Scheme
PS=(G,K, S, V, (D,P),PS,PV,ID) – G: 設定 k 為安全參數 . G 是由 P 產生 pri
me order q > 2k 的 GDH group, 而 e : G × G → V 是一個 bilinear map. 隨機選取 master key s Z∈ ∗
q 並設定 Ppub = sP 使用 hash functions H1,H2,H3 : {0, 1}∗ → G, H4 : {0, 1}∗ → Z∗
q
11
Proposed Scheme (cont.)
– K: 給一使用者 ID, 計算 QID = H1(ID) G ∈及對應的私鑰 dID = sQID G∈
– S: 為了對訊息 mω簽章給指定者 IDi的私鑰 di
1. 隨機選取 rω Z∈ ∗q 計算 Uω = rωP G ∈
並令 Hω = H2(IDi,mω, Uω) G∈ 2. 計算 Vω = di + rωHω G∈ mω上的簽章是 warrant ω = Uω, Vω
12
Proposed Scheme (cont.)
– V: 驗證 IDi 對 mω做的簽章 ω = Uω, Vω
驗證者取 Qi = H1(IDi) G ∈和 Hω = H2(IDi,mω, Uω) G∈e(P, Vω) = e(Ppub,Qi)e(Uω,Hω)
– (D,P): 為了指定 IDj為代理者
proxy signing key skp = H4(IDi, IDj,mω, Uω)dj + Vω
IDi IDjmω +Warrant ω
13
Proposed Scheme (cont.)
– PS: IDj為代表 IDi 對 m 做簽章時給予一個 skp1. 隨機選取 rp Z∈ ∗
q 計算 Up = rpP G ∈令 Hp = H3(IDj ,m,Up) G∈2. 計算 Vp = skp + rpHp G∈此時 psig =(mω,IDj,Uω,Up,Vp)
14
Proposed Scheme (cont.)
– PV: 使用指定者 IDi 驗證對 m 做出的代理簽章 psig, 取出 Qi = H1(IDi) G, Q∈ j = H1(IDj ) G , ∈Hω = H2(IDi,mω,Uω) G ∈ 和 Hp = H3(IDj ,m,Up) G∈
– ID: 給一用於 m 得代理簽章 psig 則 ID(psig)= IDj
表示代理認證演算法
4 , , ,
, , , , ,i j
H
pub pub pp pj i
m UID IDe e e e eQ QV U UP P P H H
15
Proposed Scheme (cont.)
正確性
16
Outline
Introduction Preliminaries The Proposed Scheme Conclusion
17
Conclusion
本篇所提出的方法之安全性與在 Random Oracle model 中解 CDH 問題有緊密的關聯並達到 ID-based代理簽章中安全縮減最佳化