An efficient threshold RSA digital signature scheme

Slides:

Advertisements

Similar presentations

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

Advertisements

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

A Pairing-Based Blind Signature

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures and Hash Functions. Digital Signatures.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

ASYMMETRIC CIPHERS.

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Bob can sign a message using a digital signature generation algorithm

The RSA Algorithm Rocky K. C. Chang, March

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Topic 22: Digital Schemes (2)

Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences.

1 一個新的代理簽章法 A New Proxy Signature Scheme 作者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡報告者 : 郭淑娟.

The Paillier Cryptosystem

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date： Reporter :Chien-Wen Huang 出處： 2008 Second International Conference on Future.

Elliptic Curve Cryptography

10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.

MSN lab1 A novel deniable authentication protocol using generalized ElGamal signature scheme Source: Information Sciences, vol. 177, pp , 2007.

Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.

CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.

Feige-Fiat-Shamir Zero Knowledge Proof Based on difficulty of computing square roots mod a composite n Given two large primes p, q and n=p * q, computing.

KNAPSACK公開金鑰密碼學 Algorithms FINITE DEFINITENESS INPUT/OUTPUT GENERALITY

Overview Modern public-key cryptosystems: RSA

Cryptographic Protocols Secret sharing, Threshold Security

Source: The Journal of Systems and Software, Vol. 73, 2004, pp.507–514

Reporter :Chien-Wen Huang

Proxy Blind Signature Scheme

Further Simplifications in Proactive RSA Signatures

Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy Source: Computer & Security,

Key Substitution Attacks on Some Provably Secure Signature Schemes

Author : Guilin Wang Source : Information Processing Letters

第四章數位簽章.

第四章數位簽章.

Information Security message M one-way hash fingerprint f = H(M)

Cryptanalysis on Mu–Varadharajan's e-voting schemes

A secure and traceable E-DRM system based on mobile device

Section 4.6: Digital Signatures

Public Key Encryption and Digital Signatures

Security of a Remote Users Authentication Scheme Using Smart Cards

Improving Lamport One-time Signature Scheme

A flexible date-attachment scheme on e-cash

Digital signatures.

Efficient Public-Key Distance Bounding

Information Security message M one-way hash fingerprint f = H(M)

Information Security message M one-way hash fingerprint f = H(M)

Efficient CRT-Based RSA Cryptosystems

Information Security message M one-way hash fingerprint f = H(M)

Threshold RSA Cryptography

El Gamal and Diffie Hellman

Lecture 6: Digital Signature

Date:2011/09/28 報告人：向峻霈出處: Ren-Chiun Wang Wen-Shenq Juang

El Gamal and Diffie Hellman

Security of Wang-Li Threshold Signature Scheme

Introduction to Cryptography

Cryptographic Protocols Secret Sharing, Threshold Security

Cryptography Lecture 26.

Cryptology Design Fundamentals

LAB 3: Digital Signature

Presentation transcript:

An efficient threshold RSA digital signature scheme Source：Applied Mathematics and Computation, Volume 166, Issue 1, 6 July 2005, Pages 25-34 Author：Qiu-Liang Xu, Tzer-Shyong Chen Speaker：李士勳 Date：2005,12,14

Outline Introduction Descriptions of the scheme Analysis of security and efficiency Conclusions

Introduction Resisting conspiracy attack (t,n) threshold signature scheme

Introduction 1991：Desmedt and Frankel fist proposed the threshold signature scheme 1994：Li et al. presented two (t,n) threshold signature schemes 1997：Michels and Horster proved them insecure 1998：Wang et al. presented two (t,n)

Descriptions of the scheme p and q are large primes

Descriptions of the scheme represent the set of all members in the system

Initialization phase Key Dealing Center(KDC) must establish four parameters RSA parameters Lagrange interpolation parameters Parameters used in modulus convention Parameters used in partial signature verification

RSA parameters p,q,n,e and d to generatethe group signature, where n=p*q, p and p are two safe primes, (n,e) is the public key, and d is the private key P,Q,N,E and D which is used by the signature generator(SG), where N=P*Q>n, P and Q are also two safe primes, (N,E) is the public key, and D is the private key

Lagrange interpolation parameters Select a large public prime r>n Select a random polynomial f(x), d=f(0)

Parameters used in modulus convention Consider a sample message , so that the order of in group is Compute Make public

Parameters used in partial signature verification Select randomly an element of order compute i=1,2,…,n and send publicly v and to the signature generator SG

Signature phase Chaum-Pedersen zero-knowledge protocol

Chaum-Pedersen zero-knowledge protocol One-way hash function H(), and a random number u, compute z=xc+u (z,c) proves , the verifier acepts the proof if and only if Clearly, when ,the proof holds

Signature phase denotes the t shareholders who participate in signing

Signature phase Select a random number Compute , Send to SG , , , , (m,s(m),S(m)) is the signature on message m

Signature phase If then (m,s(m),S(m)) is appetped as a valid signature

Analysis of security and efficiency The fist step of the initialization phase builds only the RSA cryptosystem, without providing any extra information The second step is to establish a (t,n) threshold system based on Lagrange interpolation The third and forth step is hard to slove the discrete logarithm problem

Conclusions Resisting conspiracy attack