Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升."— Presentation transcript:

1 1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升

2 2 Abstract A variant of RSA public key scheme –called Hidden Exponent RSA scheme Based on this new scheme, we devised an efficient lightweight key management scheme and show that it is secure under the strong RSA assumption.

3 3 Outline Introduction RSA scheme Hidden Exponent RSA scheme Efficient Key Management Scheme Strong RSA Assumption Proof of the proposed scheme

4 4 Introduction Pervasive computing –computation can be carried out anywhere by any possible electronic devices. –eg: mobile computing, wireless Ad Hoc network, sensor network, etc. Key distribution/management problem –common secret keys in these devices compromise of some devices will reveal all communication. –public key cryptography consume lots of resources.

5 5 RSA Scheme e may be small (3, or 2^16+1) But d should be fairly large (above 1000 bit) to prevent attack

6 6 Hidden Exponent RSA scheme We choose d,k 160 bit, the encryption needs about 320 multiplication, while decryption needs about 160 multiplications. Total cost are about 480 multiplication. A balance of computation overhead for encryption and decryption. We can safely choose small d : When we hide e as the discrete logarithm of E, small decryption exponent attack will not be effective anymore.

7 7 Hidden Exponent RSA scheme To encrypt a random message

8 8 An Efficient Key Management Scheme Key generation center(KGC) generates many keypairs and distributes each keypair to each device. Keypair holders can implement an authenticated key exchange.

9 9 Parameter Setting of KGC

10 10 Keypair Generation To generate a keypair for a device –KGC picks random prime d (160 bit) and t (24 bit) –KGC computes –d is the private key and ( E,t ) is the public key – t is the unique identifier to represent a valid keypair. We will show that (d,E,t) is unforgeable.

11 11 Authenticated Key Exchange A randomly choose r a B randomly choose r b private d a public (, t a )public (, t b )private d b verify exchange

12 12 Traditional Authenticated Key Exchange A randomly choose r a B randomly choose r b private d a public (n a,e a )public (n b,e b )private d b Verify that the received public key has been authenticated by KAC. exchange

13 13 Comparison Traditional scheme New scheme Communication payload 3072 bits for each party 2048 bits for each party Modular multiplication 1344 (1024+160*2) multiplication 480 (160*3) Multiplication

14 14 Strong RSA Assumption

15 15 Infeasible to forge a valid key Thm 1. Keypair Unforgeable Under the strong RSA assumption, there exists no polynomial time algorithm which takes a list of valid keypairs, (d 1,E 1,t 1 ), (d 2,E 2,t 2 ), …, (d k,E k,t k ) and produces a new keypair (d,E,t) such that E dt =g (mod n) such t≠t i for i=1,…,k.

16 16 Proof of Keypair Unforgeability Proof. (Illustration) –Suppose we have polynomial-time algorithm A which can compute a new valid keypair based on the available keypairs. A We use (d,t,E) to find a pair (y,t) such that y t =u (mod n). g n H

17 17 Proof of Keypair Unforgeability Proof. (Sketch)

18 18 Conclusion A public key scheme “Hidden Exponent RSA” Based on this scheme, we devised a lightweight key management scheme  Lower communication and computation overhead. Prove that the keypair forgery is infeasible under Strong RSA assumption.

Download ppt "1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.

A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Similar presentations

Ads by Google