1 一個新的代理簽章法 A New Proxy Signature Scheme 作者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡報告者 : 郭淑娟.

Slides:

Advertisements

Similar presentations

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

Advertisements

Efficient Group Signatures from Bilinear Pairing Author: Xiangguo Cheng, Huafei Zhu, Ying Qiu, and Xinmei Wang Presenter: 紀汶承.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

1 ID-Based Proxy Signature Using Bilinear Pairings Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Self proxy signature scheme IJCSNS International Journal of Computer Science and Network Security,VOL.7 No.2,Februry 2007 Author:Young-seol Kim,Jik Hyun.

Computer and Information Security 期末報告學號姓名莊玉麟.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

A New Multi-Proxy Multi- Signature Scheme Source: National Computer Symposium, vol. F, Taiwan, pp , 2001 Author: Shin-Jia Hwang and Chiu-Chin Chen.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科教授 (Prof. Jinn-Ke Jan) 陳育毅.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.

1. Outline 1. Background 1. Attacks on distance-bounding 2. Symmetric vs asymmetric protocol 3. Motivation: DBPK-Log 2. VSSDB 1. Building blocks 2. Protocol.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Cryptography and Network Security Chapter 13

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Digital Signatures Applied Handbook of Cryptography: Chapt 11

11 Digital Signature.  Efficiency  Unforgeability : only signer can generate  Not reusable : not to use for other message  Unalterable : No modification.

Bob can sign a message using a digital signature generation algorithm

1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.

CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)

Basel Alomair, Krishna Sampigethaya, and Radha Poovendran University of Washington TexPoint fonts used in EMF.

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

1 Authentication and Digital Signature Schemes and Their Applications to E-commerce ( 身份認證與數位簽章技術及其在電子商務上的應用 ) Advisor: Chin-Chen Chang 1, 2 Student: Ya-Fen.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Topic 22: Digital Schemes (2)

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

Linkability of Some Blind Signature Schemes Swee-Huay Heng 1, Wun-She Yap 1 Khoongming Khoo 2 1 Multimedia University, 2 DSO National Laboratories.

多媒體網路安全實驗室 Certificateless multi-proxy signature Date:2011/04/08 報告人：向峻霈出處 : Zhengping Jin, Qiaoyan Wen: Computer Communications, pp ,2011.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

Cryptanalysis of Some Proxy Signature Schemes without Certificates Wun-She Yap, Swee-Huay Heng Bok-Min Goi Multimedia University.

Electronic signature Validity Model 1. Shell model Certificate 1 Certificate 2 Certificate 3 Signed document Generate valid signature validCheck invalidCheck.

Prepared by Dr. Lamiaa Elshenawy

Key Replacement Attack on a Certificateless Signature Scheme Zhenfeng Zhang and Dengguo Feng Presenter: Yu-Chi Chen.

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

 Requirement  Security  Classification  RSA Signature  ElGamal Signature  DSS  Other Signature Schemes  Applied Digital Signatures 11.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

COM 5336 Lecture 8 Digital Signatures

1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.

Cryptography and Network Security Chapter 13

Source: The Journal of Systems and Software, Vol. 73, 2004, pp.507–514

Reporter :Chien-Wen Huang

Proxy Blind Signature Scheme

Author : Guilin Wang Source : Information Processing Letters

第四章數位簽章.

第四章數位簽章.

Digital signatures.

Presentation transcript:

1 一個新的代理簽章法 A New Proxy Signature Scheme 作者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡報告者 : 郭淑娟

2 Outline Definition Our proxy signature scheme Security analysis Conclusions

3 Definition Proxy Signature [Mambo et al. 1996] A designed proxy signer signed message on behalf of the original signer.  Original Signer A  Proxy Signer B Delegation Proxy Signer B Message

4 Our scheme--system parameters Two public large primes p and q that q|p-1. One public generator g  Z * p with order q. A public one way hash function h. Each user i has a secret key x i  Z * q and corresponding public key y i =g x i mod p. Message m Public delegation warrant w.

5 Delegation warrant w Proxy period. The name of proxy and original signers. The responsibility of proxy signer. The key of certification including y A and y B.

6 Our scheme — participants A: Original signer B: Proxy signer V: Verifier

7 Our scheme—three phases Delegation phase Signature phase Verification phase

8 Our scheme diagram Proxy certification + Proxy signature Origin signer  Delegation phase Signature phase Proxy signer  Verification phase Verifiers 

9 Delegation phase Step 1: Original signer A chooses a secret random number k  Z * q, computes r =g k mod p. Step 2: A computes e =h(r, w). Step 3: A computes s = k- x A  e mod q. Step 4: A sends (e, s, w) to proxy signer B.

10 Signature phase Step 1: Proxy signer B computes r’=g s  y A e mod p Step 2: B checks h(r’, w)=e  e, s, w is valid. Step 3: B chooses a secret random number t  Z * q, computes  = g t mod p. Step 4: B signs m by U= h( , m). Step 5: B computes V= t-x B  U-s mod q. Step 6: B sends ((e, s, w), (U,V,m)) to verifier V.

11 Verification phase Step 1: Verifier V checks authentication for m. Step 2: Getting y A and y B from w, V computes r’= g s  y A e mod p and  ’= g v+s  y B U mod p. Step 3: If h(r’, w)=e  B is an authenticated proxy signer. Step 4: If U=h(  ’, m)  (U, V, m) is valid.

12 Security analysis Attack1: Get the secret key x A of original signer A. Attack2: Get the secret key x B of proxy signer B. Attack3: Find the k choosing by A. Attack4: Find the t choosing by B.

13 Security analysis Attack 5: Forge a valid proxy certification （ e , s ,w  ). Attack 6: Forge a valid proxy signature （ U , V , m  ).

14 Conclusions Original signer couldn’t forge proxy signer to generate proxy signature. Only proxy signer can generate valid proxy signature. Proxy signers could be identified efficiently. The scheme is based on schnorr scheme. Without secure channel.

15 Ending

16 Computation analysis ComputationHwang-ShiOur scheme Multiplication Computation 63 Exponential Computation 34