A New ForwardSecure Digital Signature Scheme Source Advances
- Slides: 20
A New Forward-Secure Digital Signature Scheme Source : Advances in Cryptology - Asiacrypt 2000, Lecture Notes in Computer Science, p. 116 -129 Authors : Michel Abdalla, Leonid Reyzin Date : 2001/8/16 Speaker : Ya-Ping Pan 1
Key exposure problem n Traditional digital signature System Signer SK Sig. SK(M) = x key (M, x) Verifier Adversary Sig. SK(M 1) Sig. SK(M 2) Sig. SK(Mi) can forge key exposure 2
Key exposure problem (cont. ) n Secret sharing Lower the chance of key exposure (quite costly) key 1 reconstruct share key 2 key 3 Adversary 3
Forward-Secure Signature Scheme Sig. SK 1(M 1) Sig. SK 2(M 2) Can’t forge Sig. SKi(Mi) key exposure Can forge § Secret keys are used only for short time periods §Don’t change the public key 4
Forward-Secure Signature Scheme (cont. ) n SK 0 Key-evolving signature scheme 1 2 SK 1 SK 2 i T Update SKi SKT PK § key generation: Gen(k, T) = (SK 0, PK) § signing:Sign. SKi (M) = (i, Z) § secret key update:Update(SKi-1) = SKi § verification:Vf. PK(M, (i, Z)) = 1 if accept 5
Forward-Secure Signature Scheme (cont. ) § Anderson (ACM 1997) n n the size of secret key grows linearly with T Bellare and Miner (Crypto 99) n key size is very large 6
Background n Blum Integer n Example: n x has four square roots, and exactly one of which is also in QRN Example: The four square roots of 4: 2, 5, 16, 19 Only 16 is also in QR 21 7
Background (cont. ) § The function F is a permutation over QR Example: F is a one-way function when the factorization of N is unknown 8
Background (cont. ) § Example: § Compute and : 9
Background (cont. ) § , l-bit binary string Example: 10
Background (cont. ) § Know N and U : (knowing p and q, it can be efficiently computed) Example: 11
Background (cont. ) with N and U Y l=3 hard easy R Z § If we have R and S, we can compute the value of any leaf. 12
2 l-th Root Signature Scheme Y § Blum Integer § R Z § 13
2 l-th Root Signature Scheme (cont. ) § Y We can compute the square root R 14
The Forward-Secure Signature Scheme T=2 § Blum Integer § j=2 j=1 j=0 15
The Forward-Secure Signature Scheme (cont. ) § § 16
The Forward-Secure Signature Scheme (cont. ) Example: Blum Integer 17
The Forward-Secure Signature Scheme(cont. ) § Y j=1 § R Z 18
The Forward-Secure Signature Scheme(cont. ) j=2 § Y § R Z 19
Conclusions n n The scheme is based on the hardness of factoring forge successfully compute square root factor the Blum Integer N When k is large enough, the insecurity of the scheme is low slightly better security, shorter keys 20
- Message authentication code
- Rsa digital signature
- Pfms dsc
- Cipher-based message authentication code
- Diffie hellman signature
- Properties of digital signature
- Schnorr rsa
- Digital signature
- Digital signature authentication protocol
- Digital signature in cryptography and network security
- Digital signature authentication protocol
- Digital signature forgery
- Dss digital signature
- Attack on digital signature
- Digital signature algorithm
- Cryptography topics crossword
- Non-repudiation digital signature
- Digital signature authentication protocol
- 3 domain scheme and 5 kingdom scheme
- Stata graph schemes
- Ponzi scheme vs pyramid scheme