1 / 24

Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity

Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity. Vijay Gabale Ashutosh Dhekne Sagar Bijwe Nishant Burte MTech 1 st Year, CSE Dept., IIT Bombay. Blind Signatures . What are blind digital signatures?

Download Presentation

Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity Vijay Gabale Ashutosh Dhekne Sagar Bijwe Nishant Burte MTech 1st Year, CSE Dept., IIT Bombay Network Security Project Presentation, CSE Department, IIT Bombay

  2. Blind Signatures What are blind digital signatures? • Signer signs the document without actually looking at its contents The need for blind signatures Cast vote Voting Center Voter

  3. Voting Scheme Check credentials, curb duplicates Election Authority Authentication, Blinded vote sign on blinded vote Verification using public key Unblind vote, retain signature Cast vote Voting Center Voter

  4. Blinding Using RSA Check credentials, Sign(B)=Bd Election Authority B = H(m).re authentication, B Sign(B) = (H(m).re)d Sign(B) = H(m)d.r (Sign(m))e = H(m) Sign(m) = Sign(B)/r Cast vote <m, Sign(m)> Voting Center Voter

  5. Need for grouping • Multiple election authorities • One public key for the voting center to verify Voting Center

  6. Group Digital Signature Internal Structure?

  7. Security Wishlist • Unforgeability • No one other than group members should be able to produce a valid signature • Conditional Signer Anonymity • No one but the Group Manager should be able to determine which member issued the signature • Undeniable Signer Identity • Identity when revoked should be provable to an external law enforcement authority

  8. Security Wishlist Continued… • Unlinkability • Determining if two different signatures were issued by the same member is infeasible • Security against Framing Attacks • A group member not be able to produce signatures which give someone else’s identity • Coalition Resistant • Members colluding to produce irrevocable keys should be infeasible

  9. Setup Phase • Two large prime numbers p &q • RSA public key (n,e), private key (n,d) • Group G : • |G|=n • Cyclic subgroup of Zp2* such that n divides p2-1 • Primitive root : g(p2-1)/pi ≠ 1 mod p2 • Group Public key : Y =(n,e,G,g,a,λ, μ)

  10. Digital Signatures x y m || s f(H(m)) f(s)=H(m) x

  11. Requirements : Anonymity, Revocation x ax = y Infeasibility of Calculating Discrete log A New Scheme Signature of Knowledge

  12. x ax = y PB m || (c,s,y) Signature of Knowledge ri ri(1 to |c|) Pi = a C = H ( m, y, Pi ) Si = ri if c [ i ] = 0 Si = ri - xif c [ i ] = 1 m || sign

  13. Group Public Key Si Pi =a if c [ i ] = 0 Pi = a y if c [ i ] = 1 Si x m || (c,s,y) Group Public Key Verification ri C = H ( m, y, Pi ) ( C, S, y ) Pi = a Si = ri if c [ i ] = 0 Si = ri - xif c [ i ] = 1

  14. Revocation y Epwd( z =gy ) Signature : (g~,z~, C, S ) Is g~y’ = z~ ? Group Member

  15. Join Protocol - Revisited y = ax z = gy V = ( y + 1 )d

  16. Quasi-Coalition Attack -rx C ( A B-1)-r

  17. Modified Join Protocol y’ = ax u y = ax + u z = gy V = ( y + 1 )d

  18. Demo

  19. Timing Analysis

  20. Additional Applications • Applying for Patents (Blind Signatures) • Insurance Company (Group Digital Signatures) • e-Banking (Group Blind Digital Signatures)

  21. Conclusion • Anonymity & revocation features of Group Signatures are suitable in current scenarios like organization hierarchy • Added advantage of reducing the burden off PKI & CA employing a single Group Public key for verification

  22. References • Z.A. Ramzan, Group Blind Digital Signatures: Theory and Applications, Master of Science, MIT, 1999. http://citeseer.ist.psu.edu/ramzan99group.html • David Chaum, Blind signatures for untraceable payments. In Proc. CRYPTO 82, pages 199-203, New York, 1983. Plenum Press. • Jan Camenisch and Markus Stadler, Efficient group signatures for large groups. In Proc. CRYPTO 97, pages 410-424. Springer-Verlag, 1997. Lecture Notes in Computer Science No. 1294. • S. Kopsell, R. Wendolsky, H. Federrath, Revocable Anonymity. In Proc. ETRICS 2006, pages 206-220, LNCS 3995, Springer-Verlag, Heidelberg 2006

  23. Questions Network Security Project Presentation, CSE Department, IIT Bombay

  24. Thank you Network Security Project Presentation, CSE Department, IIT Bombay

More Related