多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date： Reporter :Chien-Wen Huang 出處： 2008 Second International Conference on Future Generation Communication and Networking

多媒體網路安全實驗室 Outline Introduction 1 Bilinear Maps and Some Concepts 2 Anonymous ID Signature Scheme with Provable Identity 33 Analysis on the Scheme 44 Conclusion 35

多媒體網路安全實驗室 Introduction  ID-based Public Key Cryptography(ID-PKC)  was firstly proposed by Shamir in  users can communicate securely without -exchanging public key certificates, -keeping a public key directory,or using online service of a third party.  Blind signature scheme  was firstly proposed by Chaum in  protect the privacy of the user effectively.  Identity-based blind signature (IBBS)

多媒體網路安全實驗室 Introduction  Blind signature scheme involves a)blind message signature scheme  message m was blinded to m’.  verification: on the signature of m would be valid with no leak of m to signer. b)blind parameter signature scheme  sign(m) which is the signature of message m could be blinded to sign’(m).  The verification on (m, sign’(m)) would be valid.

多媒體網路安全實驗室 Bilinear Maps and Some Concepts  Concepts of Bilinear Maps  Let G 1 and G 2 be two cyclic groups of prime order q.  G 1 is additive group,G 2 is a multiplicative group. 1)Bilinear is bilinear if 2)Non-degenerate The map does not send all pairs in to the identity in 3)Computable An efficient algorithm to compute for any

多媒體網路安全實驗室 Bilinear Maps and Some Concepts  Some Difficult Problems 1.Discrete Logarithm Problem For any,find,which satisfy is difficult. 2.Decision Diffie-Hellman Problem(DDHP) For, decide whether is difficult. 3.Computational Diffie-Hellman Problem(GDHP) For, given to compute is difficult. 4.gap Diffie-Hellman Problem(GDH) easy to decided whether and hard to compute. (easy to resolve DDHP and hard to resolve CDHP -> is a GDH group)

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity based on ID-based blind parameter signature scheme and BLS short signature scheme. 1)System Parameters Setup G 1 is a GDH group,G 2 is a multiplicative cyclic group, is a prime, 2)System Initialize Choose,compute.choose and public system parameter is

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity 3)Generate Key Pair for Verifying Identity of User the real identity of user is ID,computes,and corresponding private key. 4)Generate Key Pair for signing Make use of as private key, Corresponding public key is 5)Generate Anonymous Identity of User a)User send (ID,U) to KGC. b)KGC chooses,computes,and.then send (U’, S’) to user. c)User computes,and is the blind parameter signature d)User computes his anonymous

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity 6)Verify Anonymous Identity of User When doubt appears, user submits the evidence information to KGC involves KGC computes,and following formula exist: If exists, then compute 7)Message Sign a)Maps m to G 1, b)Computes,so signature is 8)Signature Verification Receives signature and obtains user’s public key if the following formula exists:

多媒體網路安全實驗室 Analysis on the Scheme Theorem 1 Verification for anonymous identity satisfies correctness. Proof: Theorem 2 Signature Verification satisfies correctness. Proof:

多媒體網路安全實驗室 Analysis on the Scheme Theorem 3 This scheme satisfies blindness. Proof: 1.user’s anonymous ID’ comes from the blinded signature that generated by KGC. 2.When doubt appears, KGC can not get private key a from (ID,U’,S,ID’),even have. Theorem 4 This scheme satisfies anonymity of identity. Proof: Because,KGC can not get S, so he can’t compute the anonymous.

多媒體網路安全實驗室 Conclusion  Shortage: when doubt appears(the anonymous identity would be leaked to KGC),user can’t use it any longer. Applying another anonymous identity would increase user’s spending on some aspects.  Tomorrow work: resolve the invalidation problem on anonymous identity after identity verification.

多媒體網路安全實驗室