Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao."— Presentation transcript:

1 Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao Presented by Yi-Jhih Jan 11/02/2004

2 Outlines Introductions The Fan et al’s protocol The proposed protocol Security analysis Conclusins

3 Introductions Deniable authentication protocol 1. It enables an intended receiver to identify the source of a given message.( 傳統 ) 2. The intended receiver cannot prove the source of a given message to any third party. ( 因 receiver 只要知道 protocol, 即可偽造此簽章, 所以 sender 可以否認 ) Application 1. It can provide Freedom from coercion in electronic voting systems 2. Secure negotiations over the Internet

4 YX’ D,M The Fan et al ’ s protocol Sender Receiver

5 The Fan et al ’ s protocol Weaknesses 1. INQ can impersonate the receiver and sends Y=g y mod p to the sender. 2.INQ can identify the source of X’. If INQ is sure that the M and X’ come from the same source, he can also identify the source of the message.

6 The proposed protocol Parameters: p: a large prime (bit size 1024-2048) q: a prime divisor of p-1 (160 bit size) g: a generator of order q H(.): a collision-free hash function X: private key Y: public key CA: a certification authority

7 The proposed protocol Sender(X s,Y s ) Receiver(X R,Y R )

8 Security analysis 1.Completeness

9 Security analysis 2. It can withstand forgery attacks. a) we first design a generalized ElGamal signature scheme (Harn proposed)

10 Security analysis If an adversary has an algorithm A(M,Y R ) and returns (r,s,MAC), he would forge the signature of the generalized ElGamal signature scheme for the message m’. M YRYR Algorithm (r,s,MAC)

11 H(w) =v Security analysis b) Define a function if X R is public, the h(.) is secure as long as H(.) is a secure hash function u v w h(u)=v

12 Security analysis 3. The proposed protocol is deniable. - If the receiver reveals the session key k, he can convince the third party the signature (r,s) of the sender - Then the third party can verfy MAC=H(k||M) by himself. - But, the third party can compute the Diffie-Hellman key of the sender and the receiver. - So the receiver would not reveal his secret informatino.

13 Security analysis - even though the receiver reveals k under coercion, the third party would also be skeptical. - because that the receiver can constuct other authenticator MAC’=H(k||M’) - that is, the receiver can simulate the authenticated message of the sender. - hence the protocol is deniable.

14 Security analysis 4. It can withstand impersonate attacks adversary: - assume that the adversary can obtain M and its authority (r,s,MAC). - if he can verify the message authenticator, he must find k’ such that - the adversary could compute - it’s impossible to do it under the Diffie-Hellman assumption.

15 Conclusions If an adversary could forge signature of this protocol, he would forge signatures of the generalized ElGamal signature scheme. Anyone can not impersonate the intended receiver.

Download ppt "Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Similar presentations

Ads by Google