Improving Lamport One-time Signature Scheme

Slides:

Advertisements

Similar presentations

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

Advertisements

Advanced Security Constructions and Key Management Class 16.

Digital Signatures and Hash Functions. Digital Signatures.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.

Chapter 2 Digital data Ola A. Younis. Elements of digital media Symbols : representation for something else. Example: a group of letters often serve as.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Efficient aggregation of encrypted data in Wireless Sensor Network Author: Einar Mykletun, Gene Tsudik Presented by Yi Cheng Lin Date: March 13, 2007.

Maths for Computer Graphics

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.

Algorithms. Introduction Before writing a program: –Have a thorough understanding of the problem –Carefully plan an approach for solving it While writing.

1 CIS 5371 Cryptography 9. Data Integrity Techniques.

A Double-Efficient Integrity Verification Scheme to Cloud Storage Data Deng Hongyao, Song Xiuli, Tao jingsong 2014 TELKOMNIKA Indonesian Journal of Electrical.

Binary Logic and Gates COE 202 Digital Logic Design Dr. Aiman El-Maleh

8. Data Integrity Techniques

The RSA Algorithm Rocky K. C. Chang, March

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

Normal Distribution MATH 102 Contemporary Math S. Rook.

Gridded Response Practice 3-5 NRMPS Math.

Topic 22: Digital Schemes (2)

Lossless Watermarking for Image Authentication: A New Framework and an Implementation IEEE TRANSACTIONS ON IMAGE PROCESSING APRIL 2006 C.M.Chen.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

1 一個新的代理簽章法 A New Proxy Signature Scheme 作者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡報告者 : 郭淑娟.

Computer Math CPS120 Introduction to Computer Science Lecture 4.

Elliptic Curve Cryptography

Prepared by Dr. Lamiaa Elshenawy

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.

Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:

Floating Point Numbers

Reporter :Chien-Wen Huang

Proxy Blind Signature Scheme

Key Substitution Attacks on Some Provably Secure Signature Schemes

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Graph Representations

A new ring signature scheme with signer-admission property

A secure and traceable E-DRM system based on mobile device

CSCE 715: Network Systems Security

An efficient threshold RSA digital signature scheme

Section 4.6: Digital Signatures

B. R. Chandavarkar CSE Dept., NITK Surathkal

Introduction Used for communication to verify

Chair Professor Chin-Chen Chang Feng Chia University

CS/ECE 578 Cyber-Security

Digital signatures.

Hash functions Open addressing

Digital Signature Schemes and the Random Oracle Model

TT-Join: Efficient Set Containment Join

Digital Signature Schemes and the Random Oracle Model

CS/ECE 478 Introduction to Network Security

Rivest, Shamir and Adleman

Lecture 6: Digital Signature

Introduction to Data Structures

Hashing Sections 10.2 – 10.3 Lecture 26 CS302 Data Structures

Lecture 4.1: Hash Functions: Introduction

CS 394B Introduction Marco Canini.

Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig

Protection and Security

Chapter -8 Digital Signatures

One Time Signature.

Lecture 4.1: Hash Functions, and Message Authentication Codes

Lecture 4: Hash Functions

Binary Logic and Gates COE 202 Digital Logic Design Dr. Aiman El-Maleh

Error Correction Coding

Digital Signature Standard (DSS)

Digital Signatures Network Security.

How to Use Charm Crypto Lib

LAB 3: Digital Signature

Presentation transcript:

Improving Lamport One-time Signature Scheme Ming-Hsin Chang, Yi-Shiung Yeh, Elsevier, Appl. Math. Comput., 2005 Presented by 盧奕吉

Outline Introduction Lamport’s Scheme Proposed Scheme Security & Performance Analysis Conclusion

Introduction One-time signature scheme is used to sign at most one message; otherwise the signature can be forged. has the property of efficient signature generation and verification. requires a large amount of storage space.

Lamport’s Scheme Lamport’s one-time signature scheme is comprised of 3 phases: Key generation phase Signing phase Verification phase

Key Generation Phase Select 2k elements randomly with 1 ≤ i ≤ k and j = 0,1. (k is the length of the message in base 2). Compute for all i,j.

Signing Phase To sign a k-bit message m = m1…mk, sig(m) = sig(m1…mk) = ( ). i.e., to sign a message m = 10…1, the signature becomes:

Verification Phase To verify the signature check if holds, where 1≤ i ≤ k.

Proposed Scheme Key Generation Select a number e and set . Derive the value L, which is the length of the message in base v. For each column i, randomly select e+1 elements, where 1 ≤ i ≤ L.

Proposed Scheme To sign a message m: Convert m to base v representation. For each digit of mi, further convert it to base 2 representation. sig(m) = sig(m1…mL) = where , such that the symbol x signifies the 2’s representation of mi.

Proposed Scheme To sign a message m, first select a value e, say 3, and set v = 2(e+1) = 16. Then convert m to base v, e.g., m = (3A…1)16 . Again convert each digit to base 2 representation, i.e., 3 = (0011)2, A = (1010)2 and 1 = (0001)2, etc.

Proposed Scheme Verification To verify the signature, simply check if the signature matches the corresponding z’s. If so, the signature is genuine.

Performance Analysis # of public key items Avg. # of signature terms Avg. # of verification Lamport’s Scheme 320 160 Proposed Scheme 80 *For message length of 160 bits

Security Analysis Security equals to the number of signature terms, in Lamport case, it equals to the number of bits. In the proposed scheme, the number of signature terms is halved, L*e/2.

Conclusion Although the proposed scheme’s performance is twice as fast as Lamport’s, its security, however, is sacrificed. Due to the particular nature of Lamport’s signature scheme, the performance growth will always be proportional to the security decrease.