1 / 14

New Nominative Proxy Signature Scheme for Mobile Communication

New Nominative Proxy Signature Scheme for Mobile Communication. April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and Engineering EWHA Womans University, Seoul, Korea happyday@ewha.ac.kr. Contents. Introduction Notations Brief Description of Park-Lee’s Scheme

janisthomas
Télécharger la présentation

New Nominative Proxy Signature Scheme for Mobile Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and Engineering EWHA Womans University, Seoul, Korea happyday@ewha.ac.kr

  2. Contents • Introduction • Notations • Brief Description of Park-Lee’s Scheme • Proposed Nominative Proxy Signature Scheme • Security Analysis • Conclusions

  3. Introduction(1/3) • Definition of Nominative Proxy Signatures • The nominative proxy signature scheme : the designated proxy signer generates the nominative signature and transmits it to a verifier • It provides mobile user’s anonymity and decreases the mobile user’s computational cost. It is a useful method for secure mobile communication

  4. Introduction(2/3) • To construct a nominative proxy signature scheme: • The original signer can delegate his signing operation to the proxy signer. • Only the delegated proxy signer can nominate the verifier, and create the nominative proxy signature. • Only the nominee(verifier) can verify the nominator(proxy signer)’s signature. • If necessary, only the nominee can prove to the third party that the signature was issued to him by the nominator and it is valid.

  5. Introduction(3/3) • Our objectives • Point out the weaknesses of Park-Lee’s scheme • ICICS 2001, Park and Lee’s scheme doesn’t provide the non-repudiation • Design the new nominative proxy signature scheme • To satisfy the four requirements for the nominative proxy signature • To solve the weaknesses of Park-Lee’s scheme

  6. Notations • A : an original signer, mobile user • G : a proxy agent (a nominator) • B : a verifier ( a nominee) • : a large prime • : a prime factor of • : a generator for • : a strong one-way hash function • : a message • : a warrant which contains the original signer’s ID, the proxy agent’s ID, and the delegation period • : a private key / a public key of A • : a private key / a public key of G • : a private key / a public key of B

  7. chooses ? computes checks ? Brief Description of Park-Lee’s Scheme(1/2) G A B <Proxy generation step> • 2001, Park & Lee <Proxy verification & Nominative proxy signing step > verifies chooses <Proxy delivery step> computes [secure channel] <Nominative proxy signature verification step> <Nominative proxy signature delivery step>

  8. ? Brief Description of Park-Lee’s Scheme(2/2) • Cryptanalysis of Park-Lee’s Scheme • It doesn’t provide non-repudiation • [ The Attack Scenario(in case of dishonest original signer) ] A’ B (Verifier ) (dishonest original signer) chooses computes chooses computes verifies

  9. [ Proxy signature key generation phase ] chooses < Proxy generation > computes < Verification & alteration of the proxy > < Proxy delivery > checks ? computes Proposed Nominative Proxy Signature Scheme(1/2) A (original signer) G (proxy agent)

  10. [ Nominative proxy signature generation phase ] < Nominative proxy signing > chooses [ Nominative proxy signature verification phase ] computes < Confirmation of the G & A > checks < Nominative proxy signature delivery > < Verification of the nominative proxy signature > computes ? checks Proposed Nominative Proxy Signature Scheme(2/2) B (verifier) G (proxy agent)

  11. Security Analysis(1/3) • Our scheme satisfies the four conditions for the nominative proxy signature scheme. • The original signer can delegate his signing operation to the proxy signer. Because the original signer generates the proxy with his private key and transmits it to the proxy agent. • Only the delegated proxy signer can nominate the verifier, and create the nominative proxy signature. Because the proxy signature key includes the proxy agent’s private key. • Only the nominee(verifier) can verify the nominator(proxy signer)’s signature. Because the verifier’s private key is required to verify the nominative proxy signature.

  12. Security Analysis(2/3) • If necessary, only the nominee can prove to the third party that the signature was issued to him by the nominator and it is valid. By confirmation protocol, only nominee(verifier B) can prove to the third party without revealing <confirmation protocol> Nominee B The third party chooses chooses computes computes verifies verifies ? ? ?

  13. Security Analysis(3/3) • Unlike Park-Lee’s scheme, our scheme has two additional properties • It provides the non-repudiation. : Because only the proxy agent can compute a proxy signature key , only he can create the nominative proxy signature. And, because his public key are used in the nominative proxy signature verification phase, the verifier can check the proxy agent’s private key was included or not. 2. It doesn’t need the secure channel between the original signer and the proxy agent.

  14. Conclusions • In this paper, • We show that Park-Lee’s scheme doesn’t provide the non-repudiation. • We propose the new nominative proxy signature scheme • Solves the weakness of Park-Lee’s scheme(i.e., Our scheme provides the non-repudiation property.) • Satisfies four conditions for the nominative proxy signature scheme • Decreases the user’s computational cost by using the proxy agent • Doesn’t need the secure channel

More Related