Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Distributed Sign-and-Encryption for Anonymity

Published byこうだい みつだ Modified over 5 years ago

Similar presentations

Presentation on theme: "A Distributed Sign-and-Encryption for Anonymity"— Presentation transcript:

1 A Distributed Sign-and-Encryption for Anonymity
Source: IEICE TRANS. FUNDAMENTALS, VOL.E87-A, NO.1 January 2004 Author: DongJin KWAK and SangJae MOON Speaker: Jin-Lin Hou Date: 11/08/2004

2 Outline Introduction Review Proposed Scheme Analysis Conclusion

3 Distributed encryption scheme
…… xA xB xQ decrypt by xQ A B Q Encrypted message Manager Group Public Key

4 Distributed Signcryption (1/5)
p : a prime number q : q | (p-1) ( q must be prime number? ) x1 - xn  Zq* P(x) = (x-x1)(x-x2) … (x-xn) = α0 + α1 x +… αn xn g : an order q element in Zp F(xi) = g P(xi) mod q ≡ 1 (mod p) , i = 1 , 2 , … , n

5 Distributed Signcryption (2/5)
α’0 = α0 α’n = αn n-1 α’1 = α’2 = … = α’n-1 = ∑αi i=1 P’(x) = α’0 + α’1 x +… α’n xn Ai = P’(xi) F’(xi) = g –Ai g P’(xi) ≡ 1 (mod p)

6 Distributed Signcryption (3/5)
γ  Zq* ρi = γAi mod q ( should be -γAi) Group Public Key: ( gα’0 , gα’1 , … , gα’n , gγ-1 mod q ) Send Secret Key ( xi , ρi ) to group member i by secure channel

7 Distributed Signcryption (4/5)
Sender Alice: ( have ska , pka = gska ) choose x  Zq* k = gx mod p Splits k into k1 and k2 ( the split way is public ) r = Hk2(m) s = x ( k*r + ska )-1 mod q w = h(m) c1 = { gk*r gw*α’0 , gw*α’0 , … , gw*α’n , gw *γ-1 } c2 = Ek1(m) send ( c1 , c2 , r , s ) to Bob

8 Distributed Signcryption (5/5)
Receiver Bob: k =(pka· gkr · gwα’0 · gwα’1 x i · … · gwα’n x in · gw γ-1ρi)s = gx mod p Splits k into k1 and k2 m ?= Dk1(c2)

9 Propose scheme (1/2) Sender Alice: ( have ska , pka = gska )
choose x  Zq* k = gx mod p Splits k into k1 and k2 ( the split way is public ) r = Hk2(m) s = x ( r + ska )-1 mod q w = h(m) c1 = { k · gw*α’0 , gw*α’0 , … , gw*α’n , gw *γ-1 } c2 = Ek1( m || r || s || Certa ) send ( c1 , c2 ) to Bob

10 Propose scheme (2/2) Receiver Bob:
k = k · gwα’0 · gwα’1 x i · … · gwα’n x in · gw γ-1ρi Splits k into k1 and k2 Dk1(c2) = m || r || s || Certa r ?= Hk2(m) k ?≡ ( pka · gr )s ( ≡ gx (mod p) )

11 Analysis (1/2) Unforgeability Non-repudiation
can’t get k by knowing k · gwα’0 so can’t compute Ek1(m’) can’t get a valid pair ( m’ , r’ , s’ ) because a valid s need ska to generate Non-repudiation if ( m , r , s ) is valid => sender must know ska => sender is Alice

12 Analysis (2/2) Anonymity Confidentiality
because Certa is encrypted Confidentiality Need k to decrypt c2 , but need ( xi , ρi ) to compute k only valid user know ( xi , ρi )

13 Conclusion have many good properties like unforgeability , non-repudiation , anonymity , confidentiality does not involve any additional computational cost has potential applications in electronic commerce

Download ppt "A Distributed Sign-and-Encryption for Anonymity"

Similar presentations

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Asymmetric encryption. Asymmetric encryption, often called public key encryption, allows Alice to send Bob an encrypted message without a shared secret.

Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall 2011 1.

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Public-Key Cryptography CS110 Fall 2002. Conventional Encryption.

Public-Key Cryptography CS110 Fall Conventional Encryption.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
CSE 331: Introduction to Networks and Security Fall 2001 Instructor: Carl A. Gunter Encrypted Knock Knock.

CSE 331: Introduction to Networks and Security Fall 2001 Instructor: Carl A. Gunter Encrypted Knock Knock.
Prepared by Dr. Lamiaa Elshenawy

Prepared by Dr. Lamiaa Elshenawy
COMP 424 Computer Security Lecture 09 & 10. Protocol ● An orderly sequence of steps agreed upon by two or more parties in order to accomplish a task ●

COMP 424 Computer Security Lecture 09 & 10. Protocol ● An orderly sequence of steps agreed upon by two or more parties in order to accomplish a task ●
Fair Blind Signature Based Authentication for Super Peer P2P Network Authors: Xiaoliang Wang and Xingming Sun Source: 2009, Information Technology Journal,

Fair Blind Signature Based Authentication for Super Peer P2P Network Authors: Xiaoliang Wang and Xingming Sun Source: 2009, Information Technology Journal,
Key Management Network Systems Security Mort Anvari.

Key Management Network Systems Security Mort Anvari.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 13

Cryptography and Network Security Chapter 13
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.

Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.

CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.

Similar presentations

Ads by Google