Upload
mervyn-patrick-fitzgerald
View
236
Download
0
Embed Size (px)
Citation preview
Certificateless signature revisited
X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu
ACISP’07
Presenter: Yu-Chi Chen
Outline.
• Introduction
• Huang et al.’s scheme
• Conclusion
2
Introduction.
• Traditional PKC
• ID-based PKC: 1984
• Certificateless PKC: 2003
3
ID-PKC
Private Key Generationmaster-key = smpk=sP Require priv-key
Return priv-key= sH(ID1)
User (signer) ID1
Sign:σ=sH(ID1)+H(M,…)
Secure channel
User (verifier)
Use ID1 and PKG’s mpk=sP to check e(σ,P) =? e(mpk, H(ID1))e(H(M,…),P)
4
CL-PKC
Key Generation Centermaster-key = smpk=sP Require part-priv-key
Return part-priv-key= sH(ID1)
User (signer) ID1
Sign:σ=sH(ID1)+rH(M,…)
Secure channel
User (verifier)
Use ID1 and PKG’s mpk=sP to check e(σ,P) =? e(mpk, H(ID1))e(H(M,…),pk)
Decide his secret value rAnd public key pk=rP
bulletin board
ID pk
5
Outline.
• Introduction
• Huang et al.’s scheme
• Conclusion
6
Huang et al.’s scheme
• In this paper, Huang et al. proposed a short certificateless signature scheme– Short: 160 bit (elliptic curve)
– Conventional security model
7
Conventional security model
• Game I (An adversary can replace any user’s public key, but it cannot access master-key)– Setup.
– Attack: public-key queries, partial-private-key queries, sign queries, public-key-replacement.
– Forgery.• A wins the game iff it can forge a valid signature which
has never been queried.
Short CLS
• Setup. (omitted.)
• Secret-Value: The user sets a value
• Partial-private-key: KGC sets the partial-private-key to the user
Short CLS
• Public-key: the user sets his public key
• Private-key: the user sets his private key
• Sign:
• Ver:
Outline.
• Introduction
• Huang et al.’s scheme
• Conclusion
11
Conclusion
• Hu et al.’s CLS scheme is short, but Du and Wen’s scheme is more efficient.
• Shim in 2009 present a cryptanalysis for short CLS schemes. (next page.)
12