View
35
Download
7
Category
Preview:
DESCRIPTION
Provably secure randomized blind signature scheme based on bilinear pairing. Source: Computers and Mathematics with Applications Author: Chun-I Fan , Wei-Zhe Sun, Vincent Shi-Ming Huang Presenter: 林志鴻. Outline. Introduction Preliminaries Randomized blind signature - PowerPoint PPT Presentation
Citation preview
1
Provably secure randomized blind signature scheme based on bilinear pairing
Source: Computers and Mathematics with Applications
Author: Chun-I Fan , Wei-Zhe Sun, Vincent Shi-Ming Huang
Presenter: 林志鴻
2
Outline
Introduction Preliminaries Randomized blind signature Performance and security Analysis Conclusion
3
Introduction
User Signer
+ 盲因子 =(1) (2) +
=
(3) -盲因子 =
4
Introduction(cont.)
Usage of Blind Signature Anonymous electronic voting Untraceable electronic cash system
Security properties of Blind Signature Unlinkability Unforgeability randomization
5
Unlinkability
Signer
A
B
A? or B?
6
Blind signature with randomization
分成六個演算法 KeyGen(k) → (SK, PK) Blind(m, r, u) → α Sign(α,y, SK) → t Unblind(t, r) → s RandMix(u, y) → c ; σ=signature-message Verify(σ,PK) → {0,1}
Verify((Unblind (Sign (Blind (m, r, u),y,SK),r),m, RandMix(u, y) ),PK)=1
7
Outline
Introduction Preliminaries Randomized blind signature Performance and security Analysis Conclusion
8
Preliminaries
Bilinear Pairing GDH Groups
9
Bilinear Pairing
e : G1 × G1 → G2
Bilinearity Non-degeneracy Computability
10
GDH Groups
對於一個循環群 G CDH problem ︰
對 a,b Zq∈ 給定 (P,aP,bP) ∈ G 計算 abP DDH problem ︰
對 a,b,c Zq ∈ 給定 (P,aP,bP,cP) ∈ G 判斷 c=ab
若存在一多項式時間演算法 A 可解決 DDH問題但不存在任何演算法可解決 CDH 問題則此循環群 G 稱為 GDH Groups
11
Outline
Introduction Preliminaries Randomized blind signature Performance and security Analysis Conclusion
12
Randomized blind signature
Initialization phase Blinding phase Signing phase Unblinding phase Verification phase
13
Randomized blind signature (cont.)
Initialization phase
1. 輸入秘密參數 k 產生兩個 order q 的循環群G1,G2 ,P 為 G1生成元 , e: G1× G1→G2
2. 簽章者選取兩個私鑰 x1,x2 Zq∈ * 產生相對應的公鑰 Pub1 = x1P, Pub2 = x2P ,H:{0,1}*→G1
*
params = (q, H,G1,G2,e,P, Pub1, Pub2)
14
Randomized blind signature (cont.)
Blinding phase1. 當使用者發送簽章要求時,簽章者隨機選取
y Z∈ p* 傳送 ρ= yP 給使用者
2. 使用者準備明文 m 並隨機選取 u,r1,r2 Z∈ p* ,設
定隨機參數 C = u ρ
3. 計算盲訊息α1 = r1H(m || C) + r2Pα2 = r1u (mod q)
4. 傳送 (α1, α2 ) 給簽章者
15
Randomized blind signature (cont.)
Signing phase 簽章者計算 T = x1α1 + x2yα2P並回傳給使用者
Unblinding phase使用者計算 S = r1
-1(T – r2Pub1)此時簽章 -訊息組為 (S,m,C)
Verification phase驗證式子 e(S, P) = e(H(m || C), Pub1)e(C, Pub2)
Pub1 = x1P, Pub2 = x2Pρ= yP ,C = u ρα1 = r1H(m || C) + r2Pα2 = r1u (mod q)
16
Randomized blind signature (cont.)
整體流程
17
Outline
Introduction Preliminaries Randomized blind signature Performance and security Analysis Conclusion
18
Performance and security Analysis
[11]A. Boldyreva[12]H. Elkamchouchi, Y. Abouelseoud[13]Y. Yu, S. Zheng, Y. Yang[14] [15]F. Zhang, K. Kim
19
Outline
Introduction Preliminaries Randomized blind signature Performance and security Analysis Conclusion
20
Conclusion
本文提出了一個提供具有隨機屬性的 pairing-based 盲簽章並正式的證明此簽章具有 unlinkability, unforgeability, 和 randomization properties 。
本文提出的方法為第一個可證明安全的隨機化盲簽章
Recommended