140 likes | 301 Views
Server-Aided Verification : Theory and Practice. Source: ASIACRYPT 2005, LNCS 3788, pp. 605-623 Author: Marc Girault and David Lefranc Presenter : Chun-Yen Lee. First SAV Protocols for Pairing-Based Schemes. Zhang, Safavi-Naini and Susilo ZSNS signature scheme
E N D
Server-Aided Verification : Theory and Practice Source: ASIACRYPT 2005, LNCS 3788, pp. 605-623 Author: Marc Girault and David Lefranc Presenter: Chun-Yen Lee
First SAV Protocols for Pairing-Based Schemes • Zhang, Safavi-Naini and Susilo • ZSNS signature scheme • Boneh-Boyen signature schemes
First SAV Protocols for Pairing-Based Schemes • Verifier checks if • f is a public function • I : public parameters including the public key • (r, sigma): signature
Proof • Auxiliary completeness. • Auxiliary soundness. • Computational gain. • Auxiliary non-repudiation.
Application to the ZSNS Signature Scheme • Auxiliary completeness • Auxiliary non-repudiation • SAV construction allow the misbehaving prover to send any value . • Then, during the computation of , transmit the right value to • I is finally .
Application to the ZSNS Signature Scheme • Signer • public parameters • public key U • private key x • signature • Verifier
Application to the ZSNS Signature Scheme • π : ZSNS signature scheme • π* :generic protocol • :verification of the equation • : verification of the equation
Application to the ZSNS Signature Scheme • Lemma 2. • Assuming • if communicating with • qH: hash oracle; qS: signing oracle • I be with a probability • q-BCAA problem (q≥qH+qS−1)
Application to the ZSNS Signature Scheme • S1 • A • lH • S2 • makes a hash query • A answers wi and adds the couple (mi ,wi) inlH
Application to the ZSNS Signature Scheme • S3 • A SH • makes a signing query mi • if has been queried to the hash oracle • there exists a unique couple (mi ,wi) in lH; • if ,then A fails, otherwise A answers • if has not been queried to the hash oracle • Aanswers • (mi ,hi)in lH ; hi in SH
Application to the ZSNS Signature Scheme • S4 After making all the queries to the oracles • outputs a couple ( ). • If & ()is such that • A sends to the value • Otherwise, A fails and then stops • S5 Finally , answers a value • If • A the couple ( )
Application to the ZSNS Signature Scheme • A end if : • 1. S3, the messages queried to the signing oracle are all different from which occurs with a probability equal to • 2.S4, If & ()is such that • 3.S5, answers a value
Conclusion • 1.We have formalized the concept of a server-aided verification protocol. • 2.We have analyzed in new model. • 3.We have presented a generic SAV protocol for pairing-based schemes.