Efficient Signature Generation by Smart Cards 20103112 Suk Ki Kim 20103114 Sunyeong Kim.

Slides:



Advertisements
Similar presentations
Public Key Cryptosystem
Advertisements

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Abdullah Sheneamer CS591-F2010 Project of semester Presentation University of Colorado, Colorado Springs Dr. Edward RSA Problem and Inside PK Cryptography.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Attacks on Digital Signature Algorithm: RSA
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Algorithms 4/17/2017 M. Chatterjee.
Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Cryptography and Network Security Chapter 13
Lecture 6: Public Key Cryptography
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Bob can sign a message using a digital signature generation algorithm
1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz
(Multimedia University) Ji-Jian Chin Swee-Huay Heng Bok-Min Goi
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Topic 22: Digital Schemes (2)
Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 一個新的代理簽章法 A New Proxy Signature Scheme 作 者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡 報 告者 : 郭淑娟.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Prepared by Dr. Lamiaa Elshenawy
A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
Zero Knowledge Proofs Matthew Pouliotte Anthony Pringle Cryptography November 22, 2005 “A proof is whatever convinces me.” -~ Shimon Even.
Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,
Cryptography and Network Security Chapter 13
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Digital Signatures…!.
One Time Signature.
Zero-Knowledge Proofs
Cryptology Design Fundamentals
Presentation transcript:

Efficient Signature Generation by Smart Cards Suk Ki Kim Sunyeong Kim

 1. Introduction  2. What is the problem in RSA  3. ESG Feature  4. Key Authentication Center  5. Introduce existing Chaum  6. Minimizing the Number of Communication Bits  7. Comparison Chaum and ESG  8. Signature Generation / Verification  9. Efficiency  10. Hash Function h  11. Performance Analyze  12. Preprocessing Contents

 Writer : C.P.Schnorr (Universitat Frankfurt)  This paper presents an efficient algorithm for generating public-key signatures which is particularly suited for interactions between smart cards and terminals.  This paper presents a new public-key signature scheme and a corresponding authentication scheme that are based on discrete logarithms. 1. Introduction

2. What is the problem in RSA 1.Computation amount is message dependent! 2.Require many modular multiplications

 1. minimizes the message-dependent amount of computation.  2. signature generation can be done during the idle time of the processor.  3. The length of signatures is about 212 bits, it is less than half of the length of RSA signatures. 3. ESG Feature

 Key Authentication Center(KAC) Chooses Primes p and q such that, with order q, A one-way hash function h: Its own private and public key The KAC publishes p,q,, h and its public key. 4. Key Authentication Center

KAC User Name, Address, ID number, Etc Register request KAC verifies its identity Generates an identification number I and generates a Signatures S for the pair (I,v) consisting of I and the user’s public key v. A user generates by himself a private key s which is a random number in {1,2,…,q}. The corresponding public key v is the number

5. Introduce existing chaum A picks a random number and computes I,v,S,x Verifies the signatures S and sends a random number e y := r + se(mod q) y Prover AVerifier B The Authentication protocol

 A fraudulent A’ can cheat by guessing the correct e  The probability of success for this attack is 5. Introduce existing chaum

6. Minimizing the Number of Communication Bits A picks a random number and computes I,v,S Verifies the signatures S and sends a random number e y := r + se(mod q) y Prover AVerifier B The Authentication protocol h(x) Check that h(x) =

7. Comparison Chaum and ESG I,v,S,x e y I,v,S e y h(x), A one-way hash function h:

8. Signature Generation / Verification I, v, (S) e : t bits, y : 140 bits I, s, v, (S) Pick random r Check I, v, (S) Check that α, q, p, h Message m Signature GenerationSignature Verification

9. Efficiency  Signature Generation Preprocessing Compute se (mod q) (from e = r + se (moe q))  Signature Verification

10. Hash Function h  Possible Attack I Given a Message m find a signature for m collision-free for x Uniform with respect to x Uniformly distributed : 2 t step for attacking

10. Hash Function h (cont’d)  Possible Attack II Chosen message attack. Sign an unsigned message m of your choice. One-way in the argument m If not, the probability of attack success = 1 depend on 140 bits of x

10. Hash Function h (cont’d)  About Message m Not necessary collision-free H(x,m) = h(x, m’) Signature for m’ = x’ Can’t use to sign m

11. Performance Analyze New Scheme t=27 Fiat- Shamir k=9, t=8 RSAGQ Signature generation (without preprocessing) Preprocessing Signature verification 22844>2180 Number of multiplications

12. Preprocessing  During idle time  An exponentiation of a random number  (x i,r i ) Initialize by KAC Use random combination pair

12. Preprocessing Algorithm  Each smart cards have own algorithm  Example algorithm Initiation. Load r i,x i for i = 1, …,k, ν := 1 1. pick a random permutation a of {1,…,k} 2. r := r ν +2r ν -1 (mod q), x := x ν x ν -1 2 (mod p), u := r, z := x 3. for i = k,…,1 do {u := r a(i) + 2u (mod q), z := x a(i) z 2 (mod p) 4. r ν := u, x ν := z, ν := ν +1 (mod k), go to 1 for the nest round Finally,, (Quasi-independent form the old pairs.)

 Chaum, D.,Evertse, J.H. and van de Graaf, J, “An Improved Protocol For Demonstrating Possession of Discrete Logarithms and Some Generalizations”, Advanced in Cryptology, EUROCRYPT’ 87. Lecture Notes in Computer Science 304 (1988). Pp  Kevin S.M., “The Discrete Logarithm Problem”, Proceedings of Symposia in Applied Mathematics Volume 42, 1990  H. Cohen, “A Course in Computational Algebraic Number Theory”, Springer, Reference

Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.