Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

Similar presentations


Presentation on theme: "1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and."— Presentation transcript:

1 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and Engineering EWHA Womans University, Seoul, Korea

2 EWHA WOMANS UNIVERSITY 2 Contents Introduction Notations Brief Description of Park-Lees Scheme Proposed Nominative Proxy Signature Scheme Security Analysis Conclusions

3 EWHA WOMANS UNIVERSITY 3 It is a useful method for secure mobile communication Introduction(1/3) Definition of Nominative Proxy Signatures – The nominative proxy signature scheme : the designated proxy signer generates the nominative signature and transmits it to a verifier – It provides mobile users anonymity and decreases the mobile users computational cost.

4 EWHA WOMANS UNIVERSITY 4 Introduction(2/3) To construct a nominative proxy signature scheme: 1. The original signer can delegate his signing operation to the proxy signer. 2. Only the delegated proxy signer can nominate the verifier, and create the nominative proxy signature. 3. Only the nominee(verifier) can verify the nominator(proxy signer)s signature. 4. If necessary, only the nominee can prove to the third party that the signature was issued to him by the nominator and it is valid.

5 EWHA WOMANS UNIVERSITY 5 Introduction(3/3) Our objectives – Point out the weaknesses of Park-Lees scheme ICICS 2001, Park and Lees scheme doesnt provide the non-repudiation – Design the new nominative proxy signature scheme To satisfy the four requirements for the nominative proxy signature To solve the weaknesses of Park-Lees scheme

6 EWHA WOMANS UNIVERSITY 6 Notations A : an original signer, mobile user G : a proxy agent (a nominator) B : a verifier ( a nominee) : a large prime : a prime factor of : a generator for : a strong one-way hash function : a message : a warrant which contains the original signers ID, the proxy agents ID, and the delegation period : a private key / a public key of A : a private key / a public key of G : a private key / a public key of B

7 EWHA WOMANS UNIVERSITY 7 Brief Description of Park-Lee s Scheme(1/2) 2001, Park & Lee A G B chooses computes verifies ? chooses computes ? checks [secure channel]

8 EWHA WOMANS UNIVERSITY 8 Cryptanalysis of Park-Lees Scheme – It doesnt provide non-repudiation – [ The Attack Scenario(in case of dishonest original signer) ] Brief Description of Park-Lee s Scheme(2/2) chooses AB computes chooses computes ? verifies (dishonest original signer) (Verifier )

9 EWHA WOMANS UNIVERSITY 9 Proposed Nominative Proxy Signature Scheme(1/2) A (original signer) G (proxy agent) chooses computes ? checks computes [ Proxy signature key generation phase ]

10 EWHA WOMANS UNIVERSITY 10 Proposed Nominative Proxy Signature Scheme(2/2) B (verifier) G (proxy agent) chooses computes [ Nominative proxy signature generation phase ] [ Nominative proxy signature verification phase ] ? < Verification of the nominative proxy signature > computes checks

11 EWHA WOMANS UNIVERSITY 11 Security Analysis(1/3) Our scheme satisfies the four conditions for the nominative proxy signature scheme. 1.The original signer can delegate his signing operation to the proxy signer. Because the original signer generates the proxy with his private key and transmits it to the proxy agent. 2.Only the delegated proxy signer can nominate the verifier, and create the nominative proxy signature. Because the proxy signature key includes the proxy agents private key. 3.Only the nominee(verifier) can verify the nominator(proxy signer)s signature. Because the verifiers private key is required to verify the nominative proxy signature.

12 EWHA WOMANS UNIVERSITY 12 Security Analysis(2/3) 4.If necessary, only the nominee can prove to the third party that the signature was issued to him by the nominator and it is valid. By confirmation protocol, only nominee(verifier B) can prove to the third party without revealing Nominee B The third party chooses computes chooses computes ? verifies ? ?

13 EWHA WOMANS UNIVERSITY 13 Security Analysis(3/3) Unlike Park-Lees scheme, our scheme has two additional properties 1.It provides the non-repudiation. : Because only the proxy agent can compute a proxy signature key, only he can create the nominative proxy signature. And, because his public key are used in the nominative proxy signature verification phase, the verifier can check the proxy agents private key was included or not. 2. It doesnt need the secure channel between the original signer and the proxy agent.

14 EWHA WOMANS UNIVERSITY 14 Conclusions In this paper, – We show that Park-Lees scheme doesnt provide the non- repudiation. – We propose the new nominative proxy signature scheme Solves the weakness of Park-Lees scheme(i.e., Our scheme provides the non-repudiation property.) Satisfies four conditions for the nominative proxy signature scheme Decreases the users computational cost by using the proxy agent Doesnt need the secure channel


Download ppt "1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and."

Similar presentations


Ads by Google