Download presentation

Presentation is loading. Please wait.

Published bySade Beachem Modified about 1 year ago

1
Efficient Signature Generation by Smart Cards Suk Ki Kim Sunyeong Kim

2
1. Introduction 2. What is the problem in RSA 3. ESG Feature 4. Key Authentication Center 5. Introduce existing Chaum 6. Minimizing the Number of Communication Bits 7. Comparison Chaum and ESG 8. Signature Generation / Verification 9. Efficiency 10. Hash Function h 11. Performance Analyze 12. Preprocessing Contents

3
Writer : C.P.Schnorr (Universitat Frankfurt) This paper presents an efficient algorithm for generating public-key signatures which is particularly suited for interactions between smart cards and terminals. This paper presents a new public-key signature scheme and a corresponding authentication scheme that are based on discrete logarithms. 1. Introduction

4
2. What is the problem in RSA 1.Computation amount is message dependent! 2.Require many modular multiplications

5
1. minimizes the message-dependent amount of computation. 2. signature generation can be done during the idle time of the processor. 3. The length of signatures is about 212 bits, it is less than half of the length of RSA signatures. 3. ESG Feature

6
Key Authentication Center(KAC) Chooses Primes p and q such that, with order q, A one-way hash function h: Its own private and public key The KAC publishes p,q,, h and its public key. 4. Key Authentication Center

7
KAC User Name, Address, ID number, Etc Register request KAC verifies its identity Generates an identification number I and generates a Signatures S for the pair (I,v) consisting of I and the user’s public key v. A user generates by himself a private key s which is a random number in {1,2,…,q}. The corresponding public key v is the number

8
5. Introduce existing chaum A picks a random number and computes I,v,S,x Verifies the signatures S and sends a random number e y := r + se(mod q) y Prover AVerifier B The Authentication protocol

9
A fraudulent A’ can cheat by guessing the correct e The probability of success for this attack is 5. Introduce existing chaum

10
6. Minimizing the Number of Communication Bits A picks a random number and computes I,v,S Verifies the signatures S and sends a random number e y := r + se(mod q) y Prover AVerifier B The Authentication protocol h(x) Check that h(x) =

11
7. Comparison Chaum and ESG I,v,S,x e y I,v,S e y h(x), A one-way hash function h:

12
8. Signature Generation / Verification I, v, (S) e : t bits, y : 140 bits I, s, v, (S) Pick random r Check I, v, (S) Check that α, q, p, h Message m Signature GenerationSignature Verification

13
9. Efficiency Signature Generation Preprocessing Compute se (mod q) (from e = r + se (moe q)) Signature Verification

14
10. Hash Function h Possible Attack I Given a Message m find a signature for m collision-free for x Uniform with respect to x Uniformly distributed : 2 t step for attacking

15
10. Hash Function h (cont’d) Possible Attack II Chosen message attack. Sign an unsigned message m of your choice. One-way in the argument m If not, the probability of attack success = 1 depend on 140 bits of x

16
10. Hash Function h (cont’d) About Message m Not necessary collision-free H(x,m) = h(x, m’) Signature for m’ = x’ Can’t use to sign m

17
11. Performance Analyze New Scheme t=27 Fiat- Shamir k=9, t=8 RSAGQ Signature generation (without preprocessing) Preprocessing Signature verification 22844>2180 Number of multiplications

18
12. Preprocessing During idle time An exponentiation of a random number (x i,r i ) Initialize by KAC Use random combination pair

19
12. Preprocessing Algorithm Each smart cards have own algorithm Example algorithm Initiation. Load r i,x i for i = 1, …,k, ν := 1 1. pick a random permutation a of {1,…,k} 2. r := r ν +2r ν -1 (mod q), x := x ν x ν -1 2 (mod p), u := r, z := x 3. for i = k,…,1 do {u := r a(i) + 2u (mod q), z := x a(i) z 2 (mod p) 4. r ν := u, x ν := z, ν := ν +1 (mod k), go to 1 for the nest round Finally,, (Quasi-independent form the old pairs.)

20
Chaum, D.,Evertse, J.H. and van de Graaf, J, “An Improved Protocol For Demonstrating Possession of Discrete Logarithms and Some Generalizations”, Advanced in Cryptology, EUROCRYPT’ 87. Lecture Notes in Computer Science 304 (1988). Pp Kevin S.M., “The Discrete Logarithm Problem”, Proceedings of Symposia in Applied Mathematics Volume 42, 1990 H. Cohen, “A Course in Computational Algebraic Number Theory”, Springer, Reference

21
Q & A

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google