Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Signature Generation by Smart Cards 20103112 Suk Ki Kim 20103114 Sunyeong Kim.

Similar presentations


Presentation on theme: "Efficient Signature Generation by Smart Cards 20103112 Suk Ki Kim 20103114 Sunyeong Kim."— Presentation transcript:

1 Efficient Signature Generation by Smart Cards Suk Ki Kim Sunyeong Kim

2  1. Introduction  2. What is the problem in RSA  3. ESG Feature  4. Key Authentication Center  5. Introduce existing Chaum  6. Minimizing the Number of Communication Bits  7. Comparison Chaum and ESG  8. Signature Generation / Verification  9. Efficiency  10. Hash Function h  11. Performance Analyze  12. Preprocessing Contents

3  Writer : C.P.Schnorr (Universitat Frankfurt)  This paper presents an efficient algorithm for generating public-key signatures which is particularly suited for interactions between smart cards and terminals.  This paper presents a new public-key signature scheme and a corresponding authentication scheme that are based on discrete logarithms. 1. Introduction

4 2. What is the problem in RSA 1.Computation amount is message dependent! 2.Require many modular multiplications

5  1. minimizes the message-dependent amount of computation.  2. signature generation can be done during the idle time of the processor.  3. The length of signatures is about 212 bits, it is less than half of the length of RSA signatures. 3. ESG Feature

6  Key Authentication Center(KAC) Chooses Primes p and q such that, with order q, A one-way hash function h: Its own private and public key The KAC publishes p,q,, h and its public key. 4. Key Authentication Center

7 KAC User Name, Address, ID number, Etc Register request KAC verifies its identity Generates an identification number I and generates a Signatures S for the pair (I,v) consisting of I and the user’s public key v. A user generates by himself a private key s which is a random number in {1,2,…,q}. The corresponding public key v is the number

8 5. Introduce existing chaum A picks a random number and computes I,v,S,x Verifies the signatures S and sends a random number e y := r + se(mod q) y Prover AVerifier B The Authentication protocol

9  A fraudulent A’ can cheat by guessing the correct e  The probability of success for this attack is 5. Introduce existing chaum

10 6. Minimizing the Number of Communication Bits A picks a random number and computes I,v,S Verifies the signatures S and sends a random number e y := r + se(mod q) y Prover AVerifier B The Authentication protocol h(x) Check that h(x) =

11 7. Comparison Chaum and ESG I,v,S,x e y I,v,S e y h(x), A one-way hash function h:

12 8. Signature Generation / Verification I, v, (S) e : t bits, y : 140 bits I, s, v, (S) Pick random r Check I, v, (S) Check that α, q, p, h Message m Signature GenerationSignature Verification

13 9. Efficiency  Signature Generation Preprocessing Compute se (mod q) (from e = r + se (moe q))  Signature Verification

14 10. Hash Function h  Possible Attack I Given a Message m find a signature for m collision-free for x Uniform with respect to x Uniformly distributed : 2 t step for attacking

15 10. Hash Function h (cont’d)  Possible Attack II Chosen message attack. Sign an unsigned message m of your choice. One-way in the argument m If not, the probability of attack success = 1 depend on 140 bits of x

16 10. Hash Function h (cont’d)  About Message m Not necessary collision-free H(x,m) = h(x, m’) Signature for m’ = x’ Can’t use to sign m

17 11. Performance Analyze New Scheme t=27 Fiat- Shamir k=9, t=8 RSAGQ Signature generation (without preprocessing) Preprocessing Signature verification 22844>2180 Number of multiplications

18 12. Preprocessing  During idle time  An exponentiation of a random number  (x i,r i ) Initialize by KAC Use random combination pair

19 12. Preprocessing Algorithm  Each smart cards have own algorithm  Example algorithm Initiation. Load r i,x i for i = 1, …,k, ν := 1 1. pick a random permutation a of {1,…,k} 2. r := r ν +2r ν -1 (mod q), x := x ν x ν -1 2 (mod p), u := r, z := x 3. for i = k,…,1 do {u := r a(i) + 2u (mod q), z := x a(i) z 2 (mod p) 4. r ν := u, x ν := z, ν := ν +1 (mod k), go to 1 for the nest round Finally,, (Quasi-independent form the old pairs.)

20  Chaum, D.,Evertse, J.H. and van de Graaf, J, “An Improved Protocol For Demonstrating Possession of Discrete Logarithms and Some Generalizations”, Advanced in Cryptology, EUROCRYPT’ 87. Lecture Notes in Computer Science 304 (1988). Pp  Kevin S.M., “The Discrete Logarithm Problem”, Proceedings of Symposia in Applied Mathematics Volume 42, 1990  H. Cohen, “A Course in Computational Algebraic Number Theory”, Springer, Reference

21 Q & A


Download ppt "Efficient Signature Generation by Smart Cards 20103112 Suk Ki Kim 20103114 Sunyeong Kim."

Similar presentations


Ads by Google