1 / 36

Practical Affiliation-Hiding Authentication from Improved Polynomial Interpolation

Practical Affiliation-Hiding Authentication from Improved Polynomial Interpolation. Mark Manulis , Bertram Poettering ASIACCS ‘11 Proceedings of the 6 th ACM Symposium on Information, Computer and Communications Security, March 2011, Pages 286-295, Citation: 4 Presenter: 方竣民

adair
Download Presentation

Practical Affiliation-Hiding Authentication from Improved Polynomial Interpolation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practical Affiliation-Hiding Authenticationfrom Improved Polynomial Interpolation Mark Manulis, Bertram Poettering ASIACCS ‘11 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, March 2011, Pages 286-295, Citation:4 Presenter: 方竣民 Date: 2012/12/03

  2. Outline • Introduction • Initial Technique • Polynomial Interpolation • Optimized Multi-Group AH Protocol • Analysis • Conclusion

  3. Outline • Introduction • Initial Technique • Polynomial Interpolation • Optimized Multi-Group AH Protocol • Analysis • Conclusion

  4. Introduction • Affiliation-hiding (AH) protocols are valuable for hiding identities of communicating users behind their membership of groups. • Improvements advance the area of efficient polynomial interpolation in finite fields.

  5. Introduction You will see : • Implementing polynomial interpolation by lots of mathematical ways and their pseudocode. • One optimized multi-group Affiliation-hiding protocol.

  6. Outline • Introduction • Initial Technique • Polynomial Interpolation • Optimized Multi-Group AH Protocol • Analysis • Conclusion

  7. Index-Hiding Message Encoding Indices , messages Two algorithms iEncode and iDecode

  8. Multi-Group AH Protocol • GA creates public key (n,e,g) • n is the RSA modulus • e the public exponent • g a generator of a large subgroup of • GA keeps private key d • Membership credential cred = • Pseudonym id • , is random exponent t is used to generate session key.

  9. Outline • Introduction • Initial Technique • Polynomial Interpolation • Optimized Multi-Group AH Protocol • Analysis • Conclusion

  10. Interpolation Without Precomputation • As Algorithm1, it has quadratic running time • Algo1 already solves the problem of polynomial interpolation in reasonable time.

  11. Algorithm1 Polynomial Interpolation

  12. Interpolation Without Precomputation • Most divisions can be replaced by multiplications, e.g. • It is solved by algorithm2 with performance: • But, algorithm2 needs extra storage for n-1 variables

  13. Algorithm2 Interpolation with Deferred Inversion

  14. Interpolation With Precomputation • In some occasions polynomial interpolations have to be computed many times in succession.

  15. Algorithm3 Interpolation after Precomputiation

  16. Compare Algo2 and Algo3 • Device: Intel XEON 2.66GHz. • Using gcryptlibrary. Algorithm2 Algorithm3

  17. Within/Without Precomputation

  18. Interleaved IHME • These fields may become rather large, e.g. . • IHME’s running time is still ,so it will be very slow.

  19. Interleaved IHME For instance, an IHME setting with and Could split all messages into 8 chunks Each of length We get new field • The gain in efficiency might be superlinear.

  20. V-fold IHME => => is a prime, is a nature number. index space message space

  21. Comparison v-fold/IHME by Algo2,3 80*14=1120

  22. Outline • Introduction • Initial Technique • Polynomial Interpolation • Optimized Multi-Group AH Protocol • Analysis • Conclusion

  23. Group Initialization Phase • Performance in this phase is not very important, because it is only executing once. • They improve on storage size of group parameters.

  24. Group Initialization Phase • A safe prime is a prime number such that ,where is a prime as well.

  25. Implementing CreateGroup

  26. User Registration Phase • By altering the generation of user credentials to: cred = with

  27. Implementing Adduser

  28. Multi-Group Handshake Protocol • Users have a set • at least; in first-round messages are encoded over a much small field of elements

  29. Multi-Group Handshake Protocol • In second-round, the per-group key confirmation messages are of length • Where bits would suffice. • It mades the field size to be elements.

  30. Multi-Group Handshake Protocol Part1

  31. Multi-Group Handshake Protocol Part2

  32. Multi-Group Handshake Protocol Part3

  33. Outline • Introduction • Initial Technique • Polynomial Interpolation • Optimized Multi-Group AH Protocol • Analysis • Conclusion

  34. Analysis Symmetric Key Size Is it possible < ? Asymmetric Key Size

  35. Outline • Introduction • Initial Technique • Polynomial Interpolation • Optimized Multi-Group AH Protocol • Analysis • Conclusion

  36. Conclusion • They heavily modified the group management and handshake algorihms to achieve considerably better performance. • It showed that AH authentication in the multi-group setting, and provided appropriate performance measurements .

More Related