A New Identity-based Proxy Blind Signature Scheme

Junjie He, Chuanda Qi, and Fang Sun2012 IEEE International Conference on

Information Science and Technology

Presenter:陳昱安Date:2013/12/09

Outline

• Introduction• Preliminaries• ID-based proxy blind signature scheme• Analysis of the proposed scheme• Conclusion

Outline

Introduction(1/2)

Proxy blind signature

Identity-based cryptography

ID-based proxy blind signature

Introduction(2/2)

• The new scheme satisfies strong unforgeability, nonrepudiation, blindness and unlinkability, etc..

• Moreover, compared with other identity-based proxy blind signature schemes, the scheme has better computational efficiency and less traffic.

Outline

Preliminaries

• Bilinear pairings • Computational problems• Discrete Logarithm Problem (DLP)• Diffie-Hellman Problem (DHP)

• Security requirements of proxy blind signature• Distinguishability• Verifiability• Undeniability• Identifiability• Unforgeability• Unmisusability• Blindness• Unlinkability

Outline

ID-based proxy blind signature scheme (1/7)

Setup Extract Proxy Delegation

Proxy Blind Signature

Issuing ProtocolVerification

We assume there is a trusted key generation center (KGC) that establishes the identity-based cryptosystem and generates private keys for users.

• Setup KGC selects a prime q, two groups G1 and G2 , generator P of G1, and a bilinear pairing e:G1 ×G1 →G2. It also specifies two hash functions H1:→G1 and H2 :→ . KGC picks a master private key s at random andsets his public key Ppub = sP .

That is to say, the system parameters are {G1, G2, q, P, Ppub, H1, H2}.

• ExtractFor a given public identity information of user u.

KGC computes , , and sends to user u.

After received , User u checks .

• Proxy Delegation(1) First, the original signer A generates proxy warrant .(2) The original signer A selects randomly, computes , , .(3) A send to the proxy signer B.(4) After received , B computes and checks . If it is correct, B accepts the delegation, and computes the proxy secret key . Responding proxy public key is .

• Proxy Blind Signature Issuing ProtocolFor given message m :(1) The proxy signer B selects randomly, computes , and

send to the message owner C.(2) After received , C selects randomly, computes , ,

, and send to the proxy signer B.(3) After received, B computes , and send to the message

owner C.(4) After received , C computes . Finally, the proxy blind signature of message m is .

• Verification(1) Given a proxy blind signature , the receiver gets the

original signer A and proxy signer B's identity IDi, i=A,B from the proxy warrant .

(2) Computes their public key ,i=A,B ,and generates the proxy public key , where .

(3) Then computes , and checks .

Outline

Analysis of the proposed scheme(1/9)

• Correctness

• Security(1) Distinguishability On the one hand, the proxy warrant is included in proxy blind signature .

On the other hand, the proxy public key includes the original signer A’s public key and the proxy signer B’s public key .

(2) VerifiabilityThe proxy blind signature includes the proxy warrant .

(3) UndeniabilityThe proxy secret key .The original signer A does not know the proxy signer B’s private key, so only B knows the proxy secret key .

(4) Identifiability The proxy blind signature contains the proxy warrant , which includes the identity information of the original signer A and proxy signer B.

(5) UnforgeabilityWe analyze the unforgeability of the proposed scheme through the following four aspects.

• First, the attacker can not get the master secret key. Ppub = sP (DLP on G1 )

• Second, the attacker can‘t get user’s private key. (CDHP on G1)

• Third, the attacker can’t get the proxy secret key. = s .

• Fourth, the scheme can resist against the universal forgery attack.

Attacker forge the proxy blind signature proxy public key the attacker selects G1 randomly. (CDHP on G1)

the attacker select G1 randomly.compute via (DLP and inverse of hash function)

(6) Unmisusability The proxy warrant includes the valid period of delegation, and possible other restrictions on the signing capability delegated to the proxy signer.

With the proxy private/public key pair, the proxy signer cannot sign messages which have not been authorized by the original signer.

(7) Blindness The proxy signer B signs which is the result of transformation with hash function and blind factorsby the message owner C.

(8) UnlinkabilityThe proxy blind signature of message m is .The proxy signer B selects a intermediate result randomly.B can compute , but can’t compute by or . (DLP on G1)

• Efficiencypairing operation(Pa)point scalar multiplication on G1 (Pm)exponentiation in G2 (Pe)division in (Div)

Outline

Conclusion

• We proved its correctness and analyzed the security and computational performance.

• Analysis shows that the proposed scheme not only satisfies strong unforgeability, non-repudiation, blindness and unlinkability and other security requirements, but also has better computational efficiency and less traffic.

A New Identity-based Proxy Blind Signature Scheme

Documents

Identity based Blind Signature Scheme based upon DLPethesis.nitrkl.ac.in/6459/1/E-54.pdf · Identity based Blind Signature Scheme based upon DLP Dissertation submitted in the partial

Fair Blind Signature Based Authentication for Super Peer P2P Network Authors: Xiaoliang Wang and Xingming Sun Source: 2009, Information Technology Journal,

RFID의 RFID의경량인증프로토콜과프로토콜과 …B1%E8%B1%A4%C1%B6.pdf · proxy signature, blind signature, multi signature, group signature Braid group PKC Cryptographic

A Pairing-Based Blind Signature E-Voting Scheme

Configure proxy settings: Change proxy settings Browser proxy

Designated-Verifier Chameleon Proxy Signaturedownloads.hindawi.com/journals/ijdsn/2009/671329.pdf · Designated-Verifier Chameleon Proxy Signature JIANHONG ZHANG, CHENG JI, and QIN

On the Security of One-Witness Blind Signature SchemesOn the Security of One-Witness Blind Signature Schemes Foteini Baldimtsi and Anna Lysyanskaya foteini,anna@cs.brown.edu Computer

Proxy signature scheme based on McEliece public key ...secmeeting.ihep.ac.cn/paper/Slides_Zhao_Chengcheng_ICDFI2012.pdf · 1. Introduction Computer forensics is the technology of

Secure Proxy Signature Schemes for Delegation of Signing Rights

E cient Round-Optimal Blind Signatures in the Standard ModelWe also construct e cient partially blind signature schemes and e cient blind signature schemes for a vector of messages

Designated Verifier Proxy Blind Signature Scheme for ...downloads.hindawi.com/journals/scn/2019/8583130.pdf · Unmanned Aerial Vehicle (UAV) is the aircra ... military applications

2013 - TrustedPartner · PDF fileincreasingly recognized by his signature headwear, ... Blind Willie Johnson and Charley Patton; ... clean-burning guitar licks

A Novel Blind Signature Scheme And Its Variation Based on ... · A Novel Blind Signature Scheme And Its Variation Based on Discrete Logarithm Problem A thesis submitted in partial

BlindLocation : Supporting User Location Privacy in Mobile Database Using Blind Signature

Blinds by PeterMeyer · Double Roller blinds - where one Basics fabric & one Signature Collection fabric is selected, the basics blind must be priced from Price Group 1 in the Signature

A Practical Multivariate Blind Signature Scheme · Mohamed Saied Emam Mohamed. 2/13 1 Blind Signatures 2 MQ Signatures Rainbow MQDSS 3 Multivariate Blind Signature Scheme Scheme Numbers

A New Certiﬁcateless Blind Signature Schemeisyou.info/jowua/papers/jowua-v5n1-6.pdf · A New Certiﬁcateless Blind Signature Scheme Sangeetha Jose , ... If the adversary makes

A Pairing-Based Blind Signature E-Voting Scheme. Outline Introduction Mathematical Background Digital Signatures The Proposed E-Voting Scheme Security

A Novel Blind Signature Scheme And Its Variation Based on …ethesis.nitrkl.ac.in/4115/1/IOCMLB_thesis.pdf · 2012-06-06 · We have proposed blind signature scheme and its variation

Implementation of an Efficient Blind Signature Scheme€¦ · scheme, in a blind signature scheme; a signer signs a message without knowing what the message contains. The blind signature