1 / 16

一個新的代理簽章法 A New Proxy Signature Scheme

一個新的代理簽章法 A New Proxy Signature Scheme. 作 者 : 洪國寶 , 許琪慧 , 郭淑娟與邱文怡 報告者 : 郭淑娟. Outline. Definition Our proxy signature scheme Security analysis Conclusions. Definition. Proxy Signature [Mambo et al. 1996] A designed proxy signer signed message on behalf of the original signer. 

ally
Download Presentation

一個新的代理簽章法 A New Proxy Signature Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 一個新的代理簽章法A New Proxy Signature Scheme 作 者:洪國寶,許琪慧,郭淑娟與邱文怡 報告者:郭淑娟

  2. Outline • Definition • Our proxy signature scheme • Security analysis • Conclusions

  3. Definition • Proxy Signature [Mambo et al. 1996] A designed proxy signer signed message on behalf of the original signer.  Proxy Signer B  Original Signer A Delegation Message Proxy Signer B

  4. Our scheme--system parameters • Two public large primes p and q that q|p-1. • One public generator gZ*p with order q. • A public one way hash function h. • Each user i has a secret key xiZ*q and corresponding public key yi=gxi mod p. • Message m • Public delegation warrant w.

  5. Delegation warrant w • Proxy period. • The name of proxy and original signers. • The responsibility of proxy signer. • The key of certification including yA and yB.

  6. Our scheme — participants • A: Original signer • B: Proxy signer • V: Verifier

  7. Our scheme—three phases • Delegation phase • Signature phase • Verification phase

  8. Our scheme diagram Delegation phase Signature phase   Proxy certification Origin signer Proxy signer Verification phase  Proxy certification + Proxy signature Verifiers

  9. Delegation phase Step 1: Original signer A chooses a secret random number kZ*q , computes r =gk mod p . Step 2: A computes e =h(r, w) . Step 3: A computes s = k- xA e mod q. Step 4: A sends (e, s, w) to proxy signer B.

  10. Signature phase Step 1: Proxy signer B computes r’=gsyAe mod p Step 2: B checks h(r’, w)=ee, s, w is valid. Step 3: B chooses a secret random number tZ*q, computes = gt mod p. Step 4: B signs m by U= h(, m). Step 5: Bcomputes V= t-xB U-s mod q . Step 6: B sends ((e, s, w), (U,V,m)) to verifier V.

  11. Verification phase Step 1: Verifier V checks authentication for m. Step 2: Getting yA and yB from w, V computes r’= gsyAe mod p and ’= gv+syBU mod p. Step 3: If h(r’, w)=e  B is an authenticated proxy signer. Step 4: If U=h(’, m) (U, V, m) is valid.

  12. Security analysis • Attack1: Get the secret key xA of original signer A. • Attack2: Get the secret key xB of proxy signer B. • Attack3: Find the k choosing by A. • Attack4: Find the t choosing by B .

  13. Security analysis • Attack 5: Forge a valid proxy certification(e, s,w). • Attack 6: Forge a valid proxy signature(U, V, m).

  14. Conclusions • Original signer couldn’t forge proxy signer to generate proxy signature. • Only proxy signer can generate valid proxy signature. • Proxy signers could be identified efficiently. • The scheme is based on schnorr scheme. • Without secure channel.

  15. Ending

  16. Computation analysis

More Related