Presentation is loading. Please wait.

Presentation is loading. Please wait.

An efficient threshold RSA digital signature scheme

Published byPaula McDaniel Modified over 6 years ago

Similar presentations

Presentation on theme: "An efficient threshold RSA digital signature scheme"— Presentation transcript:

1 An efficient threshold RSA digital signature scheme
Source:Applied Mathematics and Computation, Volume 166, Issue 1, 6 July 2005, Pages Author:Qiu-Liang Xu, Tzer-Shyong Chen Speaker:李士勳 Date:2005,12,14

2 Outline Introduction Descriptions of the scheme
Analysis of security and efficiency Conclusions

3 Introduction Resisting conspiracy attack
(t,n) threshold signature scheme

4 Introduction 1991:Desmedt and Frankel fist proposed
the threshold signature scheme 1994:Li et al. presented two (t,n) threshold signature schemes 1997:Michels and Horster proved them insecure 1998:Wang et al. presented two (t,n)

5 Descriptions of the scheme
p and q are large primes

6 Descriptions of the scheme
represent the set of all members in the system

7 Initialization phase Key Dealing Center(KDC) must establish four parameters RSA parameters Lagrange interpolation parameters Parameters used in modulus convention Parameters used in partial signature verification

8 RSA parameters p,q,n,e and d to generatethe group signature, where n=p*q, p and p are two safe primes, (n,e) is the public key, and d is the private key P,Q,N,E and D which is used by the signature generator(SG), where N=P*Q>n, P and Q are also two safe primes, (N,E) is the public key, and D is the private key

9 Lagrange interpolation parameters
Select a large public prime r>n Select a random polynomial f(x), d=f(0)

10 Parameters used in modulus convention
Consider a sample message , so that the order of in group is Compute Make public

11 Parameters used in partial signature verification
Select randomly an element of order compute i=1,2,…,n and send publicly v and to the signature generator SG

12 Signature phase Chaum-Pedersen zero-knowledge protocol

13 Chaum-Pedersen zero-knowledge protocol
One-way hash function H(), and a random number u, compute z=xc+u (z,c) proves , the verifier acepts the proof if and only if Clearly, when ,the proof holds

14 Signature phase denotes the t shareholders who participate in signing

15 Signature phase Select a random number Compute , Send to SG , ,
, , (m,s(m),S(m)) is the signature on message m

16 Signature phase If then (m,s(m),S(m)) is appetped as a valid signature

17 Analysis of security and efficiency
The fist step of the initialization phase builds only the RSA cryptosystem, without providing any extra information The second step is to establish a (t,n) threshold system based on Lagrange interpolation The third and forth step is hard to slove the discrete logarithm problem

18 Conclusions Resisting conspiracy attack

Download ppt "An efficient threshold RSA digital signature scheme"

Similar presentations

1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.

1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
Bob can sign a message using a digital signature generation algorithm

Bob can sign a message using a digital signature generation algorithm
The RSA Algorithm Rocky K. C. Chang, March 2014 1.

The RSA Algorithm Rocky K. C. Chang, March
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Topic 22: Digital Schemes (2)

Topic 22: Digital Schemes (2)
Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences.

Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences.
1 一個新的代理簽章法 A New Proxy Signature Scheme 作 者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡 報 告者 : 郭淑娟.

1 一個新的代理簽章法 A New Proxy Signature Scheme 作 者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡 報 告者 : 郭淑娟.

Similar presentations

Ads by Google