A novel and efficient unlinkable secret handshakes scheme

Author: Hai Huang and Zhenfu Cao

Source: IEEE Comm. Letters 13 (5) (2009)

Presenter: Yu-Chi Chen

Outline

• Introduction• Huang and Cao’s scheme• Conclusions

Introduction

• A secret handshakes– affiliation-hiding authentication– firstly introduced by Balfanz et al.– For example, two FBI agents, Alice and Bob, want

to discover and communicates with other agents, but they don’t want to reveal their affiliations to non-agents.

Introduction

• An unlinkable secret handshakes – provide unlinkability– an adversary cannot link any two different

instances of same party.• Given C, to guess C is AB, A’B’, or other.• unlinkability has been widely considered in many

applications.

Introduction

• Jarecki et al.’s scheme– an unlinkable secret handshakes – not efficient

• Huang and Cao presented an unlinkable secret handshake scheme– novel and efficient– Simple, so it can be published in IEEE-CL.

Outline

• Introduction• Huang and Cao’s scheme• Conclusions

Huang and Cao’s scheme

This figure is copied from IEEE Comm. Letters 13 (9) (2009), page 731

Conclusions

• Huang and Cao analyzed this scheme can provide authenticated key exchange security, affiliation-hiding, and unlinkability.

• The scheme is more efficient than Jarecki et al.’s.

On the security of a novel and efficient unlinkable secret

handshakes schemeAuthor: Renwang Su

Source: IEEE Comm. Letters 13 (9) (2009)

• Su found Huang and Cao’s scheme is not secure.– Cannot provide authenticated key exchange

security.

This figure is copied from IEEE Comm. Letters 13 (9) (2009), page 731

Security analysis of an unlinkable secret handshakes

schemeAuthor: T.-Y. Youn and Y.-H. Park

Source: IEEE Comm. Letters 14 (1) (2009)

• Youn and Park also found Huang and Cao’s scheme is not secure.– Cannot provide authenticated key exchange

security and affiliation-hiding.

Receiving vB, then try find PK where vB=H1(KA, (PK, EA, EB), resp)