160 likes | 311 Views
A novel and efficient unlinkable secret handshakes scheme. Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter: Yu-Chi Chen. Outline. Introduction Huang and Cao’s scheme Conclusions. Introduction. A secret handshakes scheme
E N D
A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter: Yu-Chi Chen
Outline • Introduction • Huang and Cao’s scheme • Conclusions
Introduction • A secret handshakes scheme • affiliation-hiding authentication • firstly introduced by Balfanz et al. • For example, two FBIagents, Alice and Bob, want to discover and communicates with other agents, but they don’t want to reveal their affiliations to non-agents.
Introduction • An unlinkable secret handshakes scheme • provide unlinkability • an adversary cannot link any two different instances of same party. • Given C, to guess C is AB, A’B’, or other.(blind signature) • unlinkabilityhas been widely considered in many applications.
Introduction • Jarecki et al.’s scheme • an unlinkable secret handshakes scheme • not efficient, but secure at present • Huang and Cao presented an unlinkable secret handshakes scheme • novel and efficient • Simple, so it can be published in IEEE-CL.
Outline • Introduction • Huang and Cao’s scheme • Conclusions
Bilinear pairing • Referred to as “bilinear maps” • e: G1× G2→G3 • G1, G2: (+, q) • G3: (×, q)
Bilinear pairing • Properties: • Computation: given P1 (P2) in G1 (G2), we can obtain e(P1, P2) in G3 • Bilinear: given xP1 and bP2, where a, b in Zq, then e(aP1, bP2) = e(P1, P2)ab • Non-degenerate: P1 (P2) is a generator of G1(G2), then e(P1, P2) ≠ 1.(or e(P1, P2) is a generator of G3)
Huang and Cao’s scheme This figure is copied from IEEE Comm. Letters 13 (9) (2009), page 731
Conclusions • Huang and Cao analyzed this scheme can provide authenticated key exchange security, affiliation-hiding, and unlinkability. • The scheme is more efficient than Jarecki et al.’s.
On the security of a novel and efficient unlinkable secret handshakes scheme Author: Renwang Su (PR China) Source: IEEE Comm. Letters 13 (9) (2009)
Su found Huang and Cao’s scheme is not secure. • Cannot provide authenticated key exchange security.
This figure is copied from IEEE Comm. Letters 13 (9) (2009), page 731
Security analysis of an unlinkable secret handshakes scheme Author: T.-Y. Youn and Y.-H. Park (Korea) Source: IEEE Comm. Letters 14 (1) (2009)
Youn and Park also found Huang and Cao’s scheme is not secure. • Cannot provide authenticated key exchange securityand affiliation-hiding.
Receiving vB,thentry find PK where vB=H1(KA, (PK, EA, EB), resp)