Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.

Published byClaude Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU."— Presentation transcript:

1 Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU

2 Goal: 1.Alice wants to send a message to Bob. 2.She wants to make sure that Bob could verify it, and no one can change the message during the process. 3.So, she signs her message by using her identity. Now after getting message, Bob uses Alice’s identity to verify either its from Alice or someone else. And he could verify that it is written by Alice. Alice Bob Possible Identity : email id : alice@fau.edu phone : 561297alice Address : 777 Glades Road ID based signature scheme 02/21/2013Cyber Security Seminar, FAU

3 Signature Scheme in ID Based Cryptography Pairings Hash Functions Attack Model Secure Scheme Diffie-Hellman Problem Hess’s Scheme Outline: 02/21/2013Cyber Security Seminar, FAU

4 1.Setup 2.Extract 3.Sign 4.Verify Signature Scheme in ID Based Cryptography: 02/21/2013Cyber Security Seminar, FAU

5 ID:= alice@fau.edu Trust Authority (TA) Secret Key Alice Private Key for Alice Signature:=Sign( Message, Private Key ) Verify ( Signature, ID ) Verifier 1. Setup 2.Extract 3. Sign 4. Verify Public Parameter Signature Scheme in ID Based Cryptography: 02/21/2013Cyber Security Seminar, FAU

6 Pairing Domain G1G1 G2G2 Range V P Q e e(P,Q) Domain G G 02/21/2013Cyber Security Seminar, FAU

7 1)Bilinearity : ∀ P, Q, R ∈ G we have e(P+R, Q)= e(P,Q) e(R,Q) and e(P, R+Q)= e(P,R) e(P,Q) 2) Non-degeneracy : There exists P, Q ∈ G such that e(P,Q) ≠1. 3)e is efficiently computable. Pairing Let (G,+) and (V, ∙ ) denote cyclic groups of prime order q, P ∈ G, a generator of G and a pairing e: G x G V is a map which satisfies the following properties: 02/21/2013Cyber Security Seminar, FAU

8 Hash Functions: H Domain x Range Fixed size H(x ) Any size No Inverse 02/21/2013Cyber Security Seminar, FAU

9 Hash Function : One way transformation Input := Random size, Output:= Fixed size H(x 1 ) = H(x 2 ) for x 1 ≠ x 2, Not possible 02/21/2013Cyber Security Seminar, FAU

10 Attack Model: Challenger Adversary Setup Public Parameters Give me a hash value for this and that … Here is the hash value of this & that … Give me a private key for ID 1 Private key for ID 1 Give me a signature for ID 2 and message M Signature for ID 2 and message M GAME 02/21/2013Cyber Security Seminar, FAU

11 Attack Model: Adversary Adversary outputs ( ID, M, Signature ), such that ID and (ID, M) are not equal to the inputs of any query. And, Adversary wins the game if Signature is a valid signature for ID and M. GAME 02/21/2013Cyber Security Seminar, FAU

12 Secure Scheme We say ID based signature scheme is secure against existential forgery on adaptively chosen message and ID attacks if no polynomial time adversary has a non-negligible probability of success against a challenger in previous Game. 02/21/2013Cyber Security Seminar, FAU

13 Diffie-Hellman Problem: Let G be a cyclic group of order q with generator P. The Diffie-Hellman Problem (DHP) in G is to find, on input (aP, bP, P), with uniformly and independently chosen a,b from {1,…, q}, the value abP. 02/21/2013Cyber Security Seminar, FAU

14 Hess Scheme Let (G, +) and (V,.) denote cyclic groups of prime order q such that G =, and let e: G × G  V be a pairing. The hash functions : h: {0,1} * × V  Z q * H: {0,1} *   G * Where G * := G\{0} Assumption : DHP in G is hard. 02/21/2013Cyber Security Seminar, FAU

15 ID:= alice@fau.edu Alice Verifier 1. Setup 2.Extract 3. Sign 4. Verify Hess Scheme: TA Setup Algorithm: Chooses s from Z q * Master Key := s Public key Q:= sP Extract Algorithm: S ID := s H(ID) S ID Sign Algorithm: Alice picks random k from Z q * 1.r = e(S ID, P ) k 2.V = h(M, r) 3.U = ( V + k) S ID Signature := (U, V) Verify Algorithm: 1.Compute r = e(U, P) e(H(ID), -Q) V 2.Accept the signature if V = h(M, r) Master Key=s Public Key Q= sP 02/21/2013Cyber Security Seminar, FAU

16 Correctness of Verification : 1.e ( U, P). e(H(ID), -Q) V = e ( (V + k) sH(ID), P ). e( H(ID), -sP) V = e( H(ID), P) s(V+k) e(H(ID), P) -sV = e(H(ID), P) sk = e(sH(ID), P) k = r 2. Accepts if V= h(M, r) 02/21/2013Cyber Security Seminar, FAU

17 Summary Did we achieve our goal ? Do we know any Id based signature scheme ? We have proposed an Id based signature scheme !!! 02/21/2013Cyber Security Seminar, FAU

18 Questions ? Thank You 02/21/2013Cyber Security Seminar, FAU

Download ppt "Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
Parshuram Budhathoki FAU October 25, 2012 11/25/2012 Ph.D. Preliminary Exam, Department of Mathematics, FAU.

Parshuram Budhathoki FAU October 25, /25/2012 Ph.D. Preliminary Exam, Department of Mathematics, FAU.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Identity Based Encryption

Identity Based Encryption
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Certificateless Authenticated Two-Party Key Agreement Protocols

Certificateless Authenticated Two-Party Key Agreement Protocols
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.

1 CIS 5371 Cryptography 9. Data Integrity Techniques.

Similar presentations

Ads by Google