1 / 17

A new identity based proxy signature scheme

A new identity based proxy signature scheme. Source: Lecture Notes In Computer Science Author: Chunxiang Gu and Yuefei Zhu Presenter: 林志鴻. Outline. Introduction Preliminaries The Proposed Scheme Efficiency Analysis Conclusion. Introduction. Full delegation Partial delegation

paiva
Download Presentation

A new identity based proxy signature scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A new identity based proxy signature scheme Source: Lecture Notes In Computer Science Author: Chunxiang Gu and Yuefei Zhu Presenter:林志鴻

  2. Outline • Introduction • Preliminaries • The Proposed Scheme • Efficiency Analysis • Conclusion

  3. Introduction • Full delegation • Partial delegation • Delegation by warrant • Partial delegation with warrant Alice Bob 1.SK of Alice 2.PPK 3.delegation

  4. Outline • Introduction • Preliminaries • The Proposed Scheme • Efficiency Analysis • Conclusion

  5. Preliminaries • Bilinear Pairing • k-BDHI problem

  6. Bilinear Pairing • e : G1 × G1 → G2 • Bilinearity • Non-degeneracy • Computability

  7. k-BDHI problem • BDHI︰ Bilinear Diffie-Hellman Inverse • k-BDHI problem︰給定(P,aP,a2P,...akP) ∈ (G1*)k+1,輸出令一演算法A解此問題的機率為ε

  8. Outline • Introduction • Preliminaries • The Proposed Scheme • Efficiency Analysis • Conclusion

  9. Proposed Scheme • Steup • Extract • Delegate • Dverify • PKgen • PSign • PVerify • ID

  10. Proposed Scheme (cont.) • Steup : • 設定k為安全參數 • Ω =<(G1, G2,q,e,P,Ps,Pss,g,gsH1,H2> • G1 and G2 (由P產生prime order q) • e : G1 × G1 → G2 • Ps = sP, Pss = s2P, g = e(P,P) gs =e(Ps,P) • 選擇二個hash functions H1 : {0, 1}∗ → Zq*H2 : {0, 1}∗× G1→ Zq

  11. g = e(P,P) gS =e(Ps,P) PS=sP PSS=s2P Proposed Scheme (cont.) • Extract: 給一使用者IDX ∈ Z∗q, 計算DX=(H1(IDX)+s)-1P • Delegate:A授權給B 1.隨機選取x ∈ Z∗q 2.計算qB=H1(IDB), rA=gsx.gqBx, hA=H2(mω, rA), VA=(x+hA)DA 3. WA→B=(mω, rA, VA) • DVerify:B驗證 計算hA=H2(mω, rA), qA=H1(IDA), qB=H1(IDB) 驗證等式e((qA+qB)Ps+qAqBP+Pss,VA)=rA . gshA.gqBhA

  12. rA=gsx.gqBx hA=H2(mω, rA) VA=(x+hA)DA DX=(H1(IDX)+s)-1P Proposed Scheme (cont.) • PKGen:B接受了WA→B =(mω, rA, VA) • 計算代簽金鑰DP=hA.DB-VA • PSign: • 代簽者預先計算ζ=ghA(qA-qB)/rA, qA=H1(IDA), qB=H1(IDB),rA從WA→B取得 • 隨機選取 y ∈ Z∗q 計算rP=ζy, hP=H2(m, rp), VP=(y+hP)DP • (m, τ)=(m, rP, VP, mω, rA)為完成之簽章

  13. hP=H2(m, rp) ,PS=sP VP=(y+hP)DP ,PSS=s2P rA=gsx.gqBx hA=H2(mω, rA) Proposed Scheme (cont.) • PVerify: • 對簽章(m, rP, VP, mω, rA)接收者先驗證授權 • 計算hP=H2(m, rP), qA=H1(IDA), qB=H1(IDB) • 驗證等式 • ID: • 從mω中可獲得代簽者IDB的身份

  14. Outline • Introduction • Preliminaries • The Proposed Scheme • Efficiency Analysis • Conclusion

  15. Efficiency Analysis M:乘法 E:指數運算 H :hash e:pairing

  16. Outline • Introduction • Preliminaries • The Proposed Scheme • Efficiency Analysis • Conclusion

  17. Conclusion • 雖然pairing的計算效率已加強但仍為一個效能的重擔而本篇的方法在驗證時只需要一個pairing故較為有效率 • 本篇所提出的方法之安全建立於在random oracle model中的k-BDHI problem困難假設

More Related