s ignature s chemes by using p airings Parshuram Budhathoki Department of M athematical S cience FAU 02212013 02212013 Cyber Security Seminar FAU Goal Alice wants to send a message to Bob ID: 581046
Download Presentation The PPT/PDF document "Identity based" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Identity based signature schemes by using pairings
Parshuram BudhathokiDepartment of Mathematical ScienceFAU02/21/2013
02/21/2013
Cyber Security Seminar, FAUSlide2
Goal:Alice wants to send a message to Bob.She wants to make sure that Bob could verify it, and no one can change the message during the process.
So, she signs her message by using her identity. Now after getting message, Bob uses Alice’s identity to verify either its from Alice or someone else. And he could verify that it is written by Alice.
Alice
Bob
Possible Identity :
email
id :
alice@
fau.edu
phone
:
561297alice
Address
: 777 Glades Road
ID based signature scheme
02/21/2013
Cyber Security Seminar, FAUSlide3
Signature Scheme in ID Based Cryptography PairingsHash FunctionsAttack Model Secure SchemeDiffie-Hellman ProblemHess’s Scheme
Outline:02/21/2013Cyber Security Seminar, FAUSlide4
SetupExtractSignVerify
Signature Scheme in ID Based Cryptography:02/21/2013Cyber Security Seminar, FAUSlide5
ID:= alice@fau.edu
Trust Authority (TA)Secret Key
Alice
Private Key for Alice
Signature:=Sign( Message
, Private Key
)
Verify ( Signature, ID )
Verifier
1. Setup
2.Extract
3. Sign
4. Verify
Public Parameter
Signature Scheme in ID Based Cryptography:
02/21/2013
Cyber Security Seminar, FAUSlide6
Pairing
DomainG1
Domain
G
2
Range
V
P
Q
e
e
(P,Q)
Domain
G
Domain
G
02/21/2013
Cyber Security Seminar, FAUSlide7
Bilinearity : ∀ P, Q , R ∈ G we have
e(P+R, Q)= e(P,Q) e(R,Q)and e(P, R+Q)= e(P,R) e(P,Q)2) Non-degeneracy : There exists P, Q ∈ G such that e(P,Q) ≠1.
e is efficiently computable.
Pairing
Let (G,+) and (V,
∙
) denote cyclic groups of prime order q ,
P ∈
G, a generator of G and a pairing
e: G x G
V
is a map which satisfies the following
properties:
02/21/2013
Cyber Security Seminar, FAUSlide8
Hash Functions:
HDomainx
Range
Fixed size
H(x)
Any size
No Inverse
02/21/2013
Cyber Security Seminar, FAUSlide9
Hash Function:One way transformation
Input := Random size, Output:= Fixed sizeH(x1 ) = H(x2) for x1 ≠ x2 , Not possible 02/21/2013Cyber Security Seminar, FAUSlide10
Attack Model:
Challenger
Adversary
Setup
Public Parameters
Give me a hash value for this and that …
Here is the hash value of this & that …
Give me a private key for ID
1
Private key for ID
1
Give me a signature for ID
2
and message M
Signature for ID
2
and message M
GAME
02/21/2013
Cyber Security Seminar, FAUSlide11
Attack Model:
AdversaryAdversary outputs ( ID, M, Signature ) , such that ID and (ID, M) are not equal to the inputs of any query.
And, Adversary wins the game if Signature is a valid signature for ID and M.
GAME
02/21/2013
Cyber Security Seminar, FAUSlide12
Secure SchemeWe say ID based signature scheme is secure against existential forgery on adaptively chosen message and ID attacks if no polynomial time adversary has a non-negligible probability of success against a
challenger in previous Game.02/21/2013Cyber Security Seminar, FAUSlide13
Diffie-Hellman Problem:Let G be a cyclic group of order q with generator P. The Diffie
-Hellman Problem (DHP) in G is to find, on input (aP, bP, P), with uniformly and independently chosen a,b from {1,…, q}, the value abP.02/21/2013Cyber Security Seminar, FAUSlide14
Hess SchemeLet (G, +) and (V,.) denote cyclic groups of prime order q such that G = <P>, and let e: G × G
V be a pairing.The hash functions :h: {0,1}* × V Zq *
H: {0,1}
*
G
*
Where G
*
:= G\{0}
Assumption :
DHP in G is hard.02/21/2013
Cyber Security Seminar, FAUSlide15
ID:= alice@fau.edu
Alice
Verifier
1. Setup
2.Extract
3. Sign
4. Verify
Hess Scheme:
TA
Setup
Algorithm:
Chooses s from
Z
q
*
Master Key :=
s
Public key Q:=
sP
Extract
Algorithm:
S
ID
:= s H(ID)
S
ID
Sign
Algorithm:
Alice picks random k from
Z
q
*
r = e(S
ID
, P )
k
V = h(M, r)
U = (
V + k) S
ID
Signature := (U, V)
Verify
Algorithm:
Compute r = e(
U
, P) e(H(ID), -Q)
V
Accept the signature if V = h(M, r)
Master Key=s
Public Key Q=
sP
02/21/2013
Cyber Security Seminar, FAUSlide16
Correctness of Verification :e ( U, P) . e(H(ID), -Q)V = e ( (V + k)
sH(ID), P ) . e( H(ID), -sP)V = e( H(ID), P)s(V+k) e(H(ID), P)-sV = e(H(ID), P)sk
= e(sH
(ID), P)
k
= r
2. Accepts if V= h(M, r)
02/21/2013
Cyber Security Seminar, FAUSlide17
SummaryDid we achieve our goal ?
Do we know any Id based signature scheme ?We have proposed an Id based signature scheme !!!02/21/2013
Cyber Security Seminar, FAUSlide18
Questions ?Thank You
02/21/2013Cyber Security Seminar, FAU