120 likes | 322 Views
Certificateless signature revisited. X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07 Presenter: Yu-Chi Chen. Outline. Introduction Huang et al.’s scheme Conclusion. Introduction. Traditional PKC ID-based PKC: 1984 Certificateless PKC: 2003. ID-PKC. User (signer) ID 1.
E N D
Certificateless signature revisited X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07 Presenter: Yu-Chi Chen
Outline. • Introduction • Huang et al.’s scheme • Conclusion
Introduction. • Traditional PKC • ID-based PKC: 1984 • CertificatelessPKC: 2003
ID-PKC User (signer) ID1 Private Key Generation master-key = s mpk=sP Secure channel Require priv-key Sign: σ=sH(ID1)+H(M,…) Return priv-key=sH(ID1) User (verifier) Use ID1 and PKG’s mpk=sP to check e(σ,P)=? e(mpk, H(ID1))e(H(M,…),P)
CL-PKC Decide his secret value r And public key pk=rP User (signer) ID1 Key Generation Center master-key = s mpk=sP Secure channel Require part-priv-key Sign: σ=sH(ID1)+rH(M,…) Return part-priv-key=sH(ID1) bulletin board User (verifier) Use ID1 and PKG’s mpk=sP to check e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)
Outline. Introduction Huang et al.’s scheme Conclusion 6
Huang et al.’s scheme • In this paper, Huang et al. proposed a short certificateless signature scheme • Short: 160 bit (elliptic curve) • Conventional security model
Conventional security model • Game I (An adversary can replace any user’s public key, but it cannot access master-key) • Setup. • Attack: public-key queries, partial-private-key queries, sign queries, public-key-replacement. • Forgery. • A wins the game iff it can forge a valid signature which has never been queried.
Short CLS • Setup. (omitted.) • Secret-Value: The user sets a value • Partial-private-key: KGC sets the partial-private-key to the user
Short CLS • Public-key: the user sets his public key • Private-key: the user sets his private key • Sign: • Ver:
Outline. Introduction Huang et al.’s scheme Conclusion 11
Conclusion • Hu et al.’s CLS scheme is short, but Du and Wen’s scheme is more efficient. • Shim in 2009 present a cryptanalysis for short CLS schemes. (next page.)