Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Published byTyrone Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013"— Presentation transcript:

1 Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013 4/18/13pbudhath@fau.edu

2 Motivation: Confidentiality : Integrity : Authentication : Nonrepudiation : Keeping information secret from all other than those who are authorized to see it. Ensuring that the information has not been altered by unauthorized entities. The assurance that the communicating party is the one that it claims to be. Preventing the denial of previous commitments or actions. 4/18/13pbudhath@fau.edu

3 Motivation: Confidential and Authenticate Traditional Method “Signature- Then- Seal” 4/18/13pbudhath@fau.edu

4 Motivation: Confidentiality : How do we get these things in modern cryptography ? Signature Scheme Encryption Scheme Nonrepudiation : Integrity : Authentication : 4/18/13pbudhath@fau.edu

5 Signature Scheme RSA Schnorr DSS Others … Motivation: How do we get these things in modern cryptography ? 4/18/13pbudhath@fau.edu

6 Encryption Scheme RSA ElGamal Others … Motivation: How do we get these things in modern cryptography ? 4/18/13pbudhath@fau.edu

7 In 1997 Yulian Zheng proposed a separate primitive called Signcryption. Is it possible to deliver messages of varying length in a secure and authenticated way with an expense less than that required by “Signature-Then-Encryption ” ? Motivation: 4/18/13pbudhath@fau.edu

8 Outline : Why Signcryption ? Signcryption Shortening ElGamal-Based Signatures. Secure Signcryption Scheme. Signcryption Scheme by Y. Zheng. 4/18/13pbudhath@fau.edu

9 Why Signcryption ? Cost of Signcryption < Cost of Signature + Cost of Encryption 1.Computational cost 2.Communication overhead 4/18/13pbudhath@fau.edu

10 1.Computational cost We estimate computational cost by counting the number of operations involved : Private key encryption and decryption Hashing addition Multiplication Division Exponentiation Why Signcryption ? 4/18/13pbudhath@fau.edu

11 2. Communication overhead In addition to computational cost, digital signature and encryption based on public key cryptography also require extra bits to be appended to a message. We call these extra redundant bits the communication overhead involved. Why Signcryption ? 4/18/13pbudhath@fau.edu

12 Signcryption Gen Security Parameter key-pair Public Private SC Private key sender, Message, R ID C= SC Private Key ( Message, R ID ) DSCDSC Private Key ( C, S ID ) Private key receiver, C, S ID 4/18/13pbudhath@fau.edu

13 Shortening ElGamal-Based Signatures: Key Generation: Choose x randomly from {1, …, p-1} Public key = g x Private key = x Let p is a large prime, q is a large prime factor of p-1 and g is an integer from {1, …, p-1}. Let h: {1,..., p-1} x {0,1} * {1,..., p-1} be a hash function. 4/18/13pbudhath@fau.edu

14 Sign : Choose y randomly from {1, …, p-1} r = h( g y mod p, M) s = y / ( r + x ) mod p, where M = message Signature = Let p is a large prime, q is a large prime factor of p-1 and g is an integer from {1, …, p-1}. Let h: {1,..., p-1} x {0,1} * {1,..., p-1} be a hash function. Shortening ElGamal-Based Signatures: 4/18/13pbudhath@fau.edu

15 Let p is a large prime, q is a large prime factor of p-1 and g is an integer from {1, …, p-1}. Let h: {1,..., p-1} x {0,1} * {1,..., p-1} be a hash function. Verify : Compute k = ( g x ∙ g r ) s mod p Accept if r = h( k, m) Shortening ElGamal-Based Signatures: 4/18/13pbudhath@fau.edu

16 Secure Scheme: Secure Signature Scheme : Unforgeable under adaptively chosen message attack. Secure Encryption Scheme : Indistinguishable against adaptively chosen cipher attack. 4/18/13pbudhath@fau.edu

17 Unforgeable : It is computationally infeasible for an adaptive attacker to create a signcrypted text. Non-repudiation : It is computationally feasible for a third party to settle a dispute between signer and receiver where signer denies the fact that he/she is the originator of a signcrypted text. Confidential: It is computationally infeasible for an adaptive attacker to gain any partial information on the contents of a signcrypted text. Secure Signcryption Scheme: 4/18/13pbudhath@fau.edu

18 YZ- Signcryption Scheme: Gen : Using this algorithm sender and receiver choose their key-pair. Let x, y from [1,..., q-1] are sender’s and receiver’s private keys and S= g x and R= g y are their respective public keys. p : a large prime ( public ) q : a large prime factor of p-1 ( public ) g : a ( random ) integer in [1,..., p-1] with order q mod p ( public ) h : a one-way hash function ( public ) 4/18/13pbudhath@fau.edu

19 YZ- Signcryption Scheme: p : a large prime ( public ) q : a large prime factor of p-1 ( public ) g : a ( random ) integer in [1,..., p-1] with order q mod p ( public ) h : a one-way hash function ( public ) S : Sender’s public key R : Receiver’s public key SC : Pick r randomly from [1,..., q-1] 1. compute k = R r mod p. Split k into k 1 and k 2 of appropriate length. 2. n= h(M, k 2 ), where M=message 3. s= r/( n + x ) mod q 4. c = E_k 1 ( M ), where E := Encryption in AES Signcrypted text = 4/18/13pbudhath@fau.edu

20 YZ- Signcryption Scheme: DSC : Recover k from n, s, g, p, S and R: 1. k = ( S ∙ g h ) s ・ y mod p 2. Split k into k 1 and k 2 3. M = D_k 1 ( c ), Where D := Decryption in AES 4. Accept M as a valid message if h(M, k 2 ) = n p : a large prime ( public ) q : a large prime factor of p-1 ( public ) g : a ( random ) integer in [1,..., p-1] with order q mod p ( public ) h : a one-way hash function ( public ) S : Sender’s public key R : Receiver’s public key NOTE : D_k 1 ( E_k 1 (M)) = M 4/18/13pbudhath@fau.edu

21 Security parameters |p|, |q|, |h(. )| Saving in comp. cost Saving in comm. overhead 768, 152, 8050%76.8% 1024, 160, 8050%81.01% 2048, 192, 9650%87.7% 4096, 256, 12850%91.0% 8192, 320, 16050%94.0% 10240, 320, 16050%96.0% Cost of Signcryption vs. Cost of Sign-Then- Encryption 4/18/13pbudhath@fau.edu

22 Question ? Thank You !!! 4/18/13pbudhath@fau.edu

Download ppt "Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security

Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

Similar presentations

Ads by Google