Presentation is loading. Please wait.

Presentation is loading. Please wait.

A New Provably Secure Certificateless Signature Scheme

Published byChristopher Sanders Modified over 5 years ago

Similar presentations

Presentation on theme: "A New Provably Secure Certificateless Signature Scheme"— Presentation transcript:

1 A New Provably Secure Certificateless Signature Scheme
Date: Reporter:Chien-Wen Huang 出處:2008 IEEE International Conference on Communications (ICC 2008),vol.4

2 Outline INTRODUCTION PERLIMINARIES
OUR CERTIFICATELESS SIGNATURE SCHEME SECURITY PROOF CONCLUSIONS

3 INTRODUCTION Identity-based public key cryptography(ID- PKC)
was first introduced by Shamir in 1984. Have the key escrow problem. Certificateless public key cryptography(CL- PKC) Al-Riyami et al.“Certificateless public key cryptography. ”Asiacrypt2003,LNCS. Huang et al.[9]“Certificateless signature revisited. ”ACISP 2007, LNCS. Zhang et al.[17]“Certificateless public-key signature: security model and efficient construction.”ACNS 2006, LNCS.

4 INTRODUCTION Related Works Type I/II Adversary-
Normal: under the original public key from the target signer. Strong: under the replaced public key.(supply the secret value corresponding to the replaced public key)

5 INTRODUCTION Super:under the public key chosen by himself without supplying the secret value corresponding to the public key. there are only a few CLS schemes secure[9],[17] against a super type I/II adversary.

6 INTRODUCTION Our Contribution:
the CLS(certificateless signature) scheme requires only two pairing operations. The signature length of new scheme is 2/3 of Huang et al’s scheme. super Type I/II adversary- proved secure in the strongest security model of CLS.

7 PERLIMINARIES A. Bilinear Maps
Let G1 be an additive group of prime order q. Let G2 be a multiplicative group of the same order. Bilinear: Non-degeneracy: Computable: There exists an efficient algorithm to compute

8 PERLIMINARIES B. Framework of Certificateless Signature Schemes Setup
input: a security parameter l output: a master-key,system parameters params. Partial-Private-Key-Extract input: ID,params,master-key output: user’s partial private key Set-Secret-Value input: ID,params output: user’s secret value

9 PERLIMINARIES Set-Public-Key Sign Verify ( , ,params,ID, )
input: ID,params, output: public key Sign accepts(params, ,ID, , , )to produce a signature on message Verify ( , ,params,ID, ) if the signature is valid or not.

10 PERLIMINARIES C.Adversarial Model of Certificateless Signature Schemes
the following two games between a challenger C and an adversary AI or AII . Game 1 (for Type I Adversary) Setup:C runs the Setup algorithm Input: a security parameter l obtain:a master-key,system parameters params

11 PERLIMINARIES Attack: Partial-Private-Key Queries PPK( )
AI request: the partial private key of any user’s identity C output: the partial private key Public-Key Queries PK( ) AI request: the public key of a user’s identity C output: the public key Secret-Value Queries SV( ) AI request:the secret value of a user’s identity C output:the secret value (if PK replaced,output )

12 PERLIMINARIES Public-Key-Replacement Queries PKR( , )
AI can choose a new public key as the public key of this user.C will record this replacement. Sign Queries S( ) On receiving a query S( ),C generates a signature (AI need not supply the secret value) Forgery:AI outputs is a valid signature on under and AI has never requested the Partial-Private-Key(of user’s ) S( )has never been submitted WIN!!

13 PERLIMINARIES Game 2 (for Type II Adversary )
Setup:C runs the Setup algorithm Input: a security parameter l obtain:a master-key,system parameters params Attack: Public-Key Queries PK( ) AII request: the public key of a user’s identity C output: the public key Secret-Value Queries SV( ) AII choose a user and request the secret value C output:the secret value (if PK replaced,output )

14 PERLIMINARIES Public-Key-Replacement Queries PKR( , )
AII can choose a new public key as the public key of this user. Sign Queries S( ) On receiving a query S( ),C replies a signature (AII need not supply the secret value) Forgery: AII outputs is a valid signature on under and AII has never requested the Secret-Value (of user’s ) AII has not requested PKR query on S( )has never been queried WIN!!

15 OUR CERTIFICATELESS SIGNATURE SCHEME
A. An Efficient Construction Setup Given a security parameter l, chooses a master-key and set , , params= , Partial-Private-Key-Extract input: params,master-key , Computes Outputs:users partial private key

16 OUR CERTIFICATELESS SIGNATURE SCHEME
Set-Secret-Value input: params, output: as the users secret value. Set-Public-Key input: params, , output: the user’s public key Sign input: Choose a random ,compute Compute Output on

17 OUR CERTIFICATELESS SIGNATURE SCHEME
Verify To verify a signature on a message for an identity and public key Compute , 2. Verify

18 OUR CERTIFICATELESS SIGNATURE SCHEME
B. Comparison P: pairing operation. S: a scalar multiplication in G1. H: a MapToPoint hash operation. E: an exponentiation in G2. SL:signature length. PKL:signature length. P1:the length of a point in G1. Z1:the length of a point in

19 SECURITY PROOF Theorem :unforgeable against a super typeI/II adversary in the random oracle model(CDH problem is intractable.) TypeI proof: Let C be a CDH attacker who receives a random instance (P,aP,bP) and to compute the value of abP.( C can use AI to solve the CDH problem.) C sets PT = aP,selects params=(G1,G2, e, P, PT,H1,H2,H3) to AI. H1 Queries:AI can make at most qH1 times H1 queries,C chooses J∈[1,qH1].C maintains an initially empty list H1 of tuples(IDj,αj,Qj).On receiving a new query H1(IDi||P), If i = J, set Qi = bP ,add(IDi,⊥,Qi)to H1 and return Qi as answer. Otherwise ,pick at random,set ,add (IDi,αi,Qi)to H1 and return Qi as answer.

20 H2 Queries: C keeps an initially empty list H2 of tuples( )
H2 Queries: C keeps an initially empty list H2 of tuples( ).AI issues a query( )to H2,If the query is new,C selects a random adds( )to H2 and returns as answer. H3 Queries: AI issues a query( )to H3,for a new query,C selects a random adds( )to H2 and returns as answer. Partial-Private-Key Queries: C keeps an initially empty list K of tuples( ).Whenever AI issues a query PPK( ).If the query is new,C does the following. If ,abort. Else if there’s a tuple( ) on K If( )on H1,set and return as answer. Otherwise,first make an H1 query on(IDi||P), to generate( ),then set and return as answer.

21 Otherwise,do the following.
If a tuple( ) on H1,compute ,set ,return as answer and add ( )to K. Else,generate the tuple( )to simulates the random oracle H1,after the same way as a). Public-Key Queries: receiving a query PK(IDi),the current public key from K will be given.Otherwise,C does as follows. If a tuple ( )on K,choose ,compute ,return as answer and update to ( ). Otherwise,choose ,set , and add the tuple to K.

22 Secret-Value Queries:receiving a query SV( ),if the public key has been replaced,C returns .Otherwise,if a tuple( )on K,C returns as answer;else,C first makes PK( ) then returns as answer. Public-Key-Replacement Queries: AI choose a new public key for the user’s identity( ).On receiving a query PKR( , ),C first finds the tuple( ) on K,then C updates to Sign Queries: On receive a Sign query S( ), denotes the public key chosen by AI ,C generates the signature as follows. Choose ,set Set , Compute and output

23 Forgery: Finally, AI returns a successful forgery
If ,C aborts. Type II proof: Let C be a CDH attacker who receives a random instance (P,aP,bP) and to compute the value of abP.( C can use AI to solve the CDH problem.) C sets PT = aP,selects params=(G1,G2, e, P, PT,H1,H2,H3) to AI. Public-Key Queries:C keeps an initially empty list K of tuples(IDj,xj,Pj) For a new query,if ,C return as answer and adds to K ;else,C picks ,compute add to K and return .

24 Secret-Value Queries: On receiving a query SV( ), if the public key of
has been replaced, C returns ⊥; otherwise, if , C aborts; else if a tuple on K, C returns as answer; else, C first makes PK( ), then recovers the tuple from K, returns Public-Key-Replacement Queries: AII can choose a new public key for the user’s identity On receiving a query PKR( ) if , C aborts; otherwise, C finds the tuple on K and updates to

25 CONCLUSIONS Only two pairing operations are required in signing and verification. It is more efficient than the other CLS schemes achieving the same security level.

Download ppt "A New Provably Secure Certificateless Signature Scheme"

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
Hybrid Signcryption with Insider Security Alexander W. Dent.

Hybrid Signcryption with Insider Security Alexander W. Dent.
1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.

1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.
1 An Efficient Strong Key-Insulated Signature Scheme and Its Application 5 th European PKI Workshop June 16-17, 2008 NTNU, Trondheim, Norway Go Ohtake.

1 An Efficient Strong Key-Insulated Signature Scheme and Its Application 5 th European PKI Workshop June 16-17, 2008 NTNU, Trondheim, Norway Go Ohtake.
Identity Based Encryption

Identity Based Encryption
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Certificateless Authenticated Two-Party Key Agreement Protocols

Certificateless Authenticated Two-Party Key Agreement Protocols
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group

Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.

1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Certificateless Threshold Ring Signature Source: Information Sciences 179(2009) 3685-3696 Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang Presenter:

Certificateless Threshold Ring Signature Source: Information Sciences 179(2009) Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang Presenter:
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Hybrid Signcryption with Outsider Security

Hybrid Signcryption with Outsider Security
1 CIS 5371 Cryptography 9. Data Integrity Techniques.

1 CIS 5371 Cryptography 9. Data Integrity Techniques.
By Jyh-haw Yeh Boise State University ICIKM 2013.

By Jyh-haw Yeh Boise State University ICIKM 2013.
8. Data Integrity Techniques

8. Data Integrity Techniques

Similar presentations

Ads by Google