Download
1 / 8
80 likes | 149 Vues
This paper presents an ID-based multisignature scheme without reblocking and predetermined signing order to simplify public key certification and enhance security against collaboration attacks. The scheme eliminates the need for reblocking of signed messages and allows for flexible signing order. Key concepts include RSA-based multisignature, key generation, signing process, verification, and security analysis.
E N D
An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards and Interfaces, Vol. 27, No. 4, pp. 407-413, 2005. Presented by 廖冠捷 (2005/04/08)
Introduction • RSA based multisignature • ei *di =1 mod (ni) • si = si-1di mod ni (message must be reblocked) • ID-based multisignature scheme • No reblocking • No predetermined order of signing
ID-based multisignature scheme • Initial phase • Key Authentication Center (KAC) p, q: two distinct large primes (keeping secret) N = p · q: public value E (1<E< (N) , gcd((N), E)=1): public key of KAC D = E-1 mod N: private key of KAC
ID-based multisignature scheme • Key generation phase • IDi (1<IDi<N): User Ui’s identity • KAC compute Ui’s private key as follows di=IDi·DIDi mod (N) • KAC publishes IDi and returns di to Ui in a secret manner.
ID-based multisignature scheme • Signing phase • Assume that authorized user U1, U2, …, Um will collectively sign on document M • Ui generate the signature Si such that Si=Si-1di mod N, where S0=M • Then multisignature
ID-based multisignature scheme • Verification phase • Compute so that • Check whether
Security analysis • Secrecy • The security of the KAC’s private key D • Resistance against collaboration attacks • Several users may reveal their private key in order to attempt deriving the private keys of other users.
Conclusions • The public key certification can be simplified • It does not require reblocking of signed message • It is not necessary to enforce predetermined order of signing
