Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02
Outline Introduction The scheme of Zhang Security flaw in the scheme of Zhang Improvement of the Zhang scheme Security analysis Conclusions
Introduction Zhang scheme can simultaneously deal with error detection and data correction. But Zhang scheme can suffer from an attack by a malicious receiver. This paper proposes improvement to the Zhang scheme to repair the security flaw.
The scheme of Zhang User A: User B: User B wants to send a message M to a user A. Step1: translate the message M into an n*m plaintext matrix X:
The scheme of Zhang Step2: Construct another (n+1)*(m+1) matrix Step3: compute an (n+1)*(m+1) ciphered matrix C h :
The scheme of Zhang A received the C h and decrypts C h. So A will get Data can be corrected by
Security flaw in the scheme of Zhang Transform the into Compute New plaintext matrix is: Compute the new matrix is constructed
Improvement of the Zhang scheme Step1: translate the message into matrix X. Step2: construct another matrix X h Step3: generate the signature
Improvement of the Zhang scheme Step4: Construct an ciphered matrix C h *. B first computes Step5: transmit C h * to A.
Improvement of the Zhang scheme A receive C h *, and decrypts by use own private key: Then, A obtains the plaintext matrix X h :
Improvement of the Zhang scheme A verifies the validity of B’s signature by computing: and checking If rure, A compute And checks If true, the signature is valid.
Security analysis A attacker will generate a different message for the existing signature. He will first choose x 11,…,x 1,m-1 and then find a x 1m, which must satisfy
Security analysis If an attacker wants to view the content of the plaintext matrix, he has to first get Z C. If an attacker wants to generate a valid signature for any message, he must compute Z c from Z.
Conclusion This paper proposed an improved scheme to withstand the attack.