Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by."— Presentation transcript:

1 Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by J.Liu 17/9/2002

2 Outline Introduction Weil pairing AK and AKC protocols System setup Authenticated key exchange Security Three pass AKC protocol Conclusion

3 Introduction The first key agreement protocol was the Diff.-H. key exchange protocol. But the basic D.-H.suffers from the man - in –the-middle attack (without authenticate the communicating parties). In this Letter will describe a two pass ID- based authenticate key agreement protocol base on the Weil pairing.

4 Weil pairing G : a prime order subgroup of super- singular elliptic curve E over the finite field F q, and O(G)=l. k is the smallest integer such that l|q k -1.Where q k is large enough to make DLP Weil pairing is a map ê :G  G  F q k * (1)Bilinear (2)Non-degenerate:  P  G  ê(P,P)  1 (3)Computable :ê(P,Q) in poly time

5 AK and AKC protocols Key derivation function V: F q k *  {0,1}* Cryptographic hash function H{0,1}*  G H(#)=X, if X is invalid x-coordinate in G then X i =X+i, for i=0,1,2…. until X i is valid x-coordinate in G It’s easy find and fix the y-coordinate from the valid x-coordinate.

6 System setup The key generation center (KGC) select a secret key s  {1,…l-1} KGC produces a random P  G, computes P KGS = sP,publishes (P,P KGS ) User with ID wish to obtain a public/private key,then the KGC compute Q ID =H(ID) ( 公 ) S ID =sQ ID ( 私 )

7 Authenticated key exchange If A,B wish to agree a key and they have been obtain the key S A(B) =sQ A(B) A and B use the ephemeral private key a,b to compute T A(B) =a(or b)P and exchange T A,B User A compute k A =ê(aQ B,P KGS )ê(S A,T B ) User B compute k B =ê(bQ A,P KGS )ê(S B,T A ) K=V(k A )=V(k B ), ∵ k A =k B =ê(aQ B +bQ A,sP)

8 Authenticated key exchange(cont) k A = ê(aQ B,P KGS )ê(S A,T B ) = ê(aQ B,sP)ê(sQ A,bP) = ê(aQ B,P KGS )ê(bQ A,sP)= ê(aQ B +bQ A,sP) = ê(bQ A,sP)ê(aQ B,sP) = ê(bQ A,P KGS )ê(sQ B,aP) = ê(bQ A,P KGS )ê(S B,T A ) = k B The shared secret depend on s and two ephemeral keys a,b (Q A,Q B ).

9 Security Known key security : Each run produces a different session key, and knowledge of past session key. Forward secrecy : The KGC can determine all secret session key by the following step k A = ê(Q B,T A ) s ê(Q A,T B ) s = k B Key control : Neither party can control the outcome of the session key.

10 Three pass AKC protocol As with the MQV protocol it is trivial to add a key confirmation property in the scheme. Here need MAC and key derivation function V. Let R= ê(aQ B,P KGS )=ê(bQ A,P KGS ) …??? The three pass AKC protocol

11 Conclusion This paper has proposed an ID-based authenticated key agreement scheme which used the Weil pairing. In the end of paper has present how to add key confirmation to basic protocol.

Download ppt "Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by."

Similar presentations

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.

11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter:

A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter:
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu.

Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
Certificateless Authenticated Two-Party Key Agreement Protocols

Certificateless Authenticated Two-Party Key Agreement Protocols
Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.

Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.
Identity-based authenticated key agreement protocol based on Weil pairing N.P. Smart IEE Electronics Letters 2002 Presented By Kuang-Ling Lin 10/7/2003.

Identity-based authenticated key agreement protocol based on Weil pairing N.P. Smart IEE Electronics Letters 2002 Presented By Kuang-Ling Lin 10/7/2003.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Similar presentations

Ads by Google