1 / 12

Certificateless signature revisited

Certificateless signature revisited. X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07 Presenter: Yu-Chi Chen. Outline. Introduction Huang et al.’s scheme Conclusion. Introduction. Traditional PKC ID-based PKC: 1984 Certificateless PKC: 2003. ID-PKC. User (signer) ID 1.

austin-morris
Télécharger la présentation

Certificateless signature revisited

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Certificateless signature revisited X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07 Presenter: Yu-Chi Chen

  2. Outline. • Introduction • Huang et al.’s scheme • Conclusion

  3. Introduction. • Traditional PKC • ID-based PKC: 1984 • CertificatelessPKC: 2003

  4. ID-PKC User (signer) ID1 Private Key Generation master-key = s mpk=sP Secure channel Require priv-key Sign: σ=sH(ID1)+H(M,…) Return priv-key=sH(ID1) User (verifier) Use ID1 and PKG’s mpk=sP to check e(σ,P)=? e(mpk, H(ID1))e(H(M,…),P)

  5. CL-PKC Decide his secret value r And public key pk=rP User (signer) ID1 Key Generation Center master-key = s mpk=sP Secure channel Require part-priv-key Sign: σ=sH(ID1)+rH(M,…) Return part-priv-key=sH(ID1) bulletin board User (verifier) Use ID1 and PKG’s mpk=sP to check e(σ,P)=? e(mpk, H(ID1))e(H(M,…),pk)

  6. Outline. Introduction Huang et al.’s scheme Conclusion 6

  7. Huang et al.’s scheme • In this paper, Huang et al. proposed a short certificateless signature scheme • Short: 160 bit (elliptic curve) • Conventional security model

  8. Conventional security model • Game I (An adversary can replace any user’s public key, but it cannot access master-key) • Setup. • Attack: public-key queries, partial-private-key queries, sign queries, public-key-replacement. • Forgery. • A wins the game iff it can forge a valid signature which has never been queried.

  9. Short CLS • Setup. (omitted.) • Secret-Value: The user sets a value • Partial-private-key: KGC sets the partial-private-key to the user

  10. Short CLS • Public-key: the user sets his public key • Private-key: the user sets his private key • Sign: • Ver:

  11. Outline. Introduction Huang et al.’s scheme Conclusion 11

  12. Conclusion • Hu et al.’s CLS scheme is short, but Du and Wen’s scheme is more efficient. • Shim in 2009 present a cryptanalysis for short CLS schemes. (next page.)

More Related