Upload
austin-morris
View
42
Download
0
Embed Size (px)
DESCRIPTION
Certificateless signature revisited. X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu ACISP’07 Presenter: Yu-Chi Chen. Outline. Introduction Huang et al.’s scheme Conclusion. Introduction. Traditional PKC ID-based PKC: 1984 Certificateless PKC: 2003. ID-PKC. User (signer) ID 1. - PowerPoint PPT Presentation
Citation preview
Certificateless signature revisited
X. Huang, Yi Mu, W. Susilo, D.S. Wong, W. Wu
ACISP’07
Presenter: Yu-Chi Chen
ID-PKC
Private Key Generationmaster-key = smpk=sP Require priv-key
Return priv-key= sH(ID1)
User (signer) ID1
Sign:σ=sH(ID1)+H(M,…)
Secure channel
User (verifier)
Use ID1 and PKG’s mpk=sP to check e(σ,P) =? e(mpk, H(ID1))e(H(M,…),P)
4
CL-PKC
Key Generation Centermaster-key = smpk=sP Require part-priv-key
Return part-priv-key= sH(ID1)
User (signer) ID1
Sign:σ=sH(ID1)+rH(M,…)
Secure channel
User (verifier)
Use ID1 and PKG’s mpk=sP to check e(σ,P) =? e(mpk, H(ID1))e(H(M,…),pk)
Decide his secret value rAnd public key pk=rP
bulletin board
ID pk
5
Huang et al.’s scheme
• In this paper, Huang et al. proposed a short certificateless signature scheme– Short: 160 bit (elliptic curve)
– Conventional security model
7
Conventional security model
• Game I (An adversary can replace any user’s public key, but it cannot access master-key)– Setup.
– Attack: public-key queries, partial-private-key queries, sign queries, public-key-replacement.
– Forgery.• A wins the game iff it can forge a valid signature which
has never been queried.
Short CLS
• Setup. (omitted.)
• Secret-Value: The user sets a value
• Partial-private-key: KGC sets the partial-private-key to the user
Short CLS
• Public-key: the user sets his public key
• Private-key: the user sets his private key
• Sign:
• Ver: