480 likes | 662 Views
Fuzzy Identity Based Signature. Based on P Yang et al 2008 Kittipat Virochsiri. Introduction. What is it? Applications. What is it?. An Identity Based Signature scheme With some error tolerance A signature issued by a user with identity can be verified by another user with identity
E N D
Fuzzy Identity Based Signature Based on P Yang et al 2008 KittipatVirochsiri
Introduction What is it? Applications
What is it? • An Identity Based Signature scheme • With some error tolerance • A signature issued by a user with identity can be verified by another user with identity • If and are within a certain distance judged by some metric
Applications • Attribute-based signature • Biometric identity based signature
Preliminaries Bilinear Pairing Computational Diffie-Hellman Threshold Secret Sharing Schemes
Bilinear pairing • Let and be multiplicative groups of the same prime order • Bilinear pairing is a map with following properties: • Bilinear: , where and • Non-degeneracy: • Computability: It is efficient to compute for all
Computational Diffie-Hellman (CDH) Challenger Adversary
CDH Assumption • An adversary has at least advantage if: • The computational (t,) - DH assumption holds if no polynomial-time adversary has at least advantage in solving the game
Threshold Secret Sharing Scheme • Let: • be a finite field with elements • be the secret • Assign every player with a unique field element • Set of players , where can recover secret using
Fuzzy Identity Based Signature (FIBS) scheme Consisted of 4 steps: Setup Extract Sign Verify
FIBS schemes Setup Sign Extract Verify 0/1
Security Model Unforgeable Fuzzy Identity Based Signature against Chosen-Message Attack (UF-FIBS-CMA)
Security Model Signing Oracle Setup Adversary Private Key Oracle for
Definition • ’s success probability is • The fuzzy identity based signature scheme FIBS is said to be UF-FIBS-CMA secure if is negligible in the security parameter
FIBS schemes Setup Sign Extract Verify invalid/valid 0/1
Building Blocks • and are groups of the prime order • Bilinear pairing • is a generator of • Identities are sets of elements of
Setup • Choose • Choose uniformly random from • Let be the set • Select a random integer • Select a random vector • Public parameters • Master key
Extract • Choose a random degree polynomial such that • Return • is a random number from defined for all
Sign • A bit string • Select a random for • Output
Verify • where • Choose an arbitrary -element subset of • Verify
Security Game Signing Oracle Setup Adversary Private Key Oracle for Simulator
Theorem • Let be an adversary that makes at most signature queries and produces a successful forgery against the scheme with probability in time • Then there exists an algorithm that solves the CDH problem in with probability in time
Setup • Select a random identity • Choose • A random number • Random numbers in the interval • Random exponents
Setup • Let and • Choose • A random degree polynomial • An degree polynomial such that if and only if • for from to
Private Key Oracle • Answer private key query on identity • Define , , • and
Private Key Oracle • Define private key for • For • and are chosen randomly in • For
Private Key Oracle • Define degree polynomial as • Let • For , it can be shown that
Signing Oracle • Answer signature query on identity for some • If , then the simulator aborts • Select a random set
Signing Oracle • For • is chosen randomly in • For
Signing Oracle • Pick random , for • Compute
Signing Oracle • For , it can be shown that
Producing Forgery • Output a valid forgery on for identity • If or , then aborts.
Producing Forgery • For some
Producing Forgery • Select a random set such that and • Compute
Solving CDH • could solve the CDH instance by outputting • The probability is
Issues Privacy Capture and replay
Privacy • No anonymity for signer
Capture and replay • Only secure when forgery of identity can be detected
Conclusion • Allows identity to issue a signature that identity can verify • Provided that and are within some distance • Unforgeableagainst adaptively chosen message attack
Thank you Question?
References • Dan Boneh and Matthew K. Franklin. Identity-based encryption from the weil pairing. In CRYPTO ’01: Proceedings of the 21st Annual International Cryptography Conference on Advance in Cryptology, page 213-229, London, UK, 2001. Springer-Verlag. • Jin Li and Kwangjo Kim. Attribute-based ring signature. Cryptology ePrint Archive, Report 2008/394, 2008. • AmitSahai and Brent Waters. Fuzzy Identity-Based encryption. In Advance in Cryptography – EUROCRYPT 2005, page 457-473. 2005. • Siamak F Shahandashti and ReihanehSafavi-Naini. Threshold attribute-based signatures and their application to anonymous credential systems. Cryptology ePrint Archive, Report 2009/126, 2009. • Brent Waters. Efficient Identity-Based encryption without random oracles. In Advance in Cryptography – EUROCRYPT 2005, page 114-127. 2005. • Piyi Yang, Zhenfu Cao, and Xiaolei Dong. Fuzzy identity based signature. Cryptology ePrint Archive, Report 2008/002, 2008.