1 / 17

ID-Based Proxy Signature Using Bilinear Pairings

ID-Based Proxy Signature Using Bilinear Pairings. Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻. Outline. Introduction Preliminaries The Proposed Scheme Conclusion. Introduction.

tiger-wiley
Download Presentation

ID-Based Proxy Signature Using Bilinear Pairings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ID-Based Proxy Signature Using Bilinear Pairings Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻

  2. Outline • Introduction • Preliminaries • The Proposed Scheme • Conclusion

  3. Introduction • An entity to delegate signing capabilities to other participants so that they can sign on behalf of the entity within a given context Alice Bob context

  4. Outline • Introduction • Preliminaries • The Proposed Scheme • Conclusion

  5. Preliminaries • Bilinear Pairing • Gap Diffie-Hellman (GDH) Group • ID-Based

  6. Bilinear Pairing • e : G × G → V • Bilinearity • Non-degeneracy • Computability

  7. Gap Diffie-Hellman (GDH) Group • (t, ε)-gap Diffie-Hellman group • CDH problem︰ given P, aP, bP ∈ G compute abP

  8. ID-Based • The user’s public key can be calculated directly from his/her identity rather than being extracted from a certificate issued by a certificate authority (CA)

  9. Outline • Introduction • Preliminaries • The Proposed Scheme • Conclusion

  10. Proposed Scheme • PS=(G,K, S, V, (D,P),PS,PV,ID) • – G: 設定k 為安全參數. G是由P 產生prime order q > 2k的GDH group, 而e : G × G → V 是一個 bilinear map. 隨機選取master key s ∈ Z∗q並設定Ppub= sP 使用hash functions H1,H2,H3 : {0, 1}∗ → G, H4 : {0, 1}∗ → Z∗q

  11. Proposed Scheme (cont.) • – K: 給一使用者ID, 計算QID= H1(ID) ∈ G 及對應的私鑰dID= sQID ∈ G • – S: 為了對訊息mω簽章給指定者IDi的私鑰di1. 隨機選取rω ∈ Z∗q計算Uω= rωP ∈ G 並令Hω= H2(IDi,mω, Uω) ∈ G 2.計算Vω= di+ rωHω ∈ G mω上的簽章是warrant ω = Uω, Vω

  12. Proposed Scheme (cont.) • – V:驗證IDi對mω做的簽章ω = Uω, Vω驗證者取Qi= H1(IDi) ∈ G 和Hω= H2(IDi,mω, Uω) ∈ Ge(P, Vω) = e(Ppub,Qi)e(Uω,Hω) • – (D,P):為了指定IDj為代理者proxy signing key skp = H4(IDi, IDj,mω, Uω)dj + Vω IDi IDj mω +Warrant ω

  13. Proposed Scheme (cont.) • – PS: IDj為代表IDi對m做簽章時給予一個skp1.隨機選取rp ∈ Z∗q計算Up = rpP ∈ G 令Hp = H3(IDj ,m,Up) ∈ G2.計算Vp = skp + rpHp ∈ G此時 psig =(mω,IDj,Uω,Up,Vp)

  14. Proposed Scheme (cont.) • – PV:使用指定者IDi驗證對m做出的代理簽章psig, 取出Qi = H1(IDi) ∈ G, Qj = H1(IDj ) ∈ G , Hω = H2(IDi,mω,Uω) ∈ G 和Hp = H3(IDj ,m,Up) ∈ G • – ID: 給一用於m得代理簽章psig則ID(psig)= IDj表示代理認證演算法

  15. Proposed Scheme (cont.) • 正確性

  16. Outline • Introduction • Preliminaries • The Proposed Scheme • Conclusion

  17. Conclusion • 本篇所提出的方法之安全性與在Random Oracle model中解CDH問題有緊密的關聯並達到ID-based代理簽章中安全縮減最佳化

More Related