1 / 15

A Note on Girault's Self-Certified Model

This article discusses Girault's self-certified model for certificate-based systems, highlighting its advantages and disadvantages, levels of trust, and potential problems and solutions. The conclusion suggests improvements to achieve a higher level of trust.

wendyhill
Download Presentation

A Note on Girault's Self-Certified Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Note on Girault's Self-Certified Model Source : Information Processing Letters, Vol. 86 No. 6, June 2003, pp. 323- 327 Author : Shahrokh Saeednia Advisor : Dr. Chang, Chin-Chen Speaker : Chou Chien-Long Date : 2004/12/14

  2. Outline • Certificate-Based Model • Girault’s Self-Certified Model • Three Levels of Trust • Problems and Solutions • Conclusions

  3. Certificate-Based Model

  4. Certificate-Based Model (cont.) • Advantage: • Authority does not know the users’ secret key. • Disadvantage: • Authority requires some amount of storage, communication and computation.

  5. Girault’s Self-Certified Model • Notations • n : an RSA modulus n, as the product of two random safe primes p and q. • e : co-prime to p-1 and q-1. • g : maximum order in (Z / nZ)*. • d : inverse d of e modulo ψ(n). • I : identification string. • Publishes : n, e, and g. • Secrets : p, q, and d.

  6. Girault’s Self-Certified Model (cont.) • User chooses private key s, and computes public key v = g-s (mod n) and gives v to the authority. • Authority computes a certificate P = (g-s – I)d (mod n) • Everybody can compute his public key v = (Pe + I) (mod n) Pe = g-s – I Pe + I = g-s (mod n) = v

  7. Girault’s Self-Certified Model (cont.) • Advantage: • Reducing the amount of storage and computations. • Disadvantage: • Only guaranteed if the protocol is successfully completed.

  8. Three Levels of Trust • Level 1 • Authority knows (or can compute) the users’ secret keys and is capable of impersonating any user without being detected. • Level 2 • Authority does not know the secret keys, but it can still impersonate any user by generating false certificates that may be used without being detected.

  9. Three Levels of Trust (cont.) • Level 3 • Authority doesn’t know (and can’t compute) the secret keys and if it generates false certificates for users, it can be proven. • Certificate-based model and self-certified model attain level 3.

  10. Problems and Solutions • In fact, to retrieve a secret key, the authority has to compute the factorization of integer n. • Authority can choose n • (1) Product of some relatively small primes. • (2) All prime factors of p-1 and q-1 are small.

  11. Problems and Solutions (cont.) • Bach showed, to compute a integer n, it suffices to first factorize n and to solve each prime factor. • Authority already knows the prime factors of n, to derive the users’ secret keys.

  12. Problems and Solutions (cont.) • Thanks to the Pohlig-Hellman algorithm, the authority can do so if n is chosen following (1) or (2). • Because the running time of the algorithm is proportional to the square root of the largest prime factor of p-1.

  13. Problems and Solutions (cont.) • There is an protocol due to Camenisch and Michels, allowing to prove that a number is the product of two large safe primes. • But the model can’t yet be of level 3, since there exist some special primes for which easier to compute.

  14. Problems and Solutions (cont.) • Gordon showed that authority can still choose p and q of 512 bits, which would allow it to find the users’ secret keys. • So, we recommend that p and q be of 1024 bits.

  15. Conclusions • We showed that Girault’s self-certified model is only of level of trust 1. • To make the model of level 3, we should • Choosing the modulus n as a 2048-bit. • Adding an interactive zero-knowledge. • However, the resulting model does no longer meet the primary goal of using self-certified keys.

More Related