Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity-based deniable authentication protocol

Published byCori Wells Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity-based deniable authentication protocol"— Presentation transcript:

1 Identity-based deniable authentication protocol
Source: ELECTRONICS LETTERS 3rd March2005 Vol. 41 No.5 Author: Y.Shi and J.Li Presenter: 蕭芥釧 資訊碩一 M

2 Outline Introduction Bilinear pairings Proposed scheme
Protocol analysis conclusion

3 Introduction (1/4) Deniable authentication protocol: Application
The receiver can verify the source of the message as the traditional authentication protocol. The receiver cannot prove the source of the message to the third party. Application Electronic voting systems.

4 Introduction (2/4) Fan et al. proposed a simple deniable authentication protocol based on the Diffie-Hellman key distribution protocol. An intruder masquerades as a receiver to a sender and persuades a sender to initiate a protocol with him. This protocol adopts certificates to defeat the attack of the person-in-the-middle Shao has pointed out that Fan’s scheme can suffer from the impersonate attack

5 Introduction (3/4) Shao proposed a non-interactive deniable authentication protocol based on the generalised E1 Gamal signature scheme Shao’s scheme still requires heavy use of certificates

6 Introduction (4/4) In this paper, we propose a new non- interactive deniable authentication protocol based on identity cryptography Only the intended receiver can identify the source of a given message It is suitable for offline authentication in some applications such as

7 Bilinear pairings A modified bilinear pairing is a map
e^: G1 ╳ G1 → G2 with the following properties:

8 Proposed scheme (1/4) The concept of identity-based cryptography was first proposed by Shamir It is a form of public key cryptography The public key can be an arbitrary string Boneh and Franklin proposed an efficient identity-based encryption (IBE) based on bilinear pairings IBE scheme needs a trusted key generation centre (KGC)

9 The KGC chooses the following system parameters

10 Proposed scheme (2/4) The KGC keeps the master key s secretly and publishes the public parameter (G1, G2, eˆ, P, PKGC, H1, H). Given a user’s identity ID, the KGC generates a pair of the user’s identity- based keys (QID, SID) as follows QID = H1 (ID) SID = sQID KGC issues the private key SID to the user via a secure channel.

11 Proposed scheme (3/4) In our scheme, we adopt a secure signature scheme such as Hess’s identity-based signature scheme. We represent its signature and verification functions for a message m with a pair of keys (QID, SID) by δ = Sign(m, SID ) and Verify(δ,QID ,m) = true

12 Proposed scheme (4/4)

13 Protocol analysis (1/3) Lemma 1: the protocol authentication the source of the message Proof: Ks = e^(rQR, PKGC) = e^(SR,U) = KR If someone proves (U,δ,MAC,M) to R, he must be S. Even though an intruder gets the messages U, QR and PKGC he cannot get the key K The key K is as difficult as solving the BDH problem

14 Protocol analysis (2/3) Lemma 2: The protocol is deniable Proof:
After receiving (U,δ,MAC,M), R can identify with his private key SR R cannot prove the source of the message to a third party.

15 Protocol analysis (3/3) Lemma 3: The protocol can withstand impersonate attacks Proof: Assume that the third party obtains the message M and its authenticator (U,δ,MAC) If he can verify the authenticator, he must find K’= K. It is impossible to do it under the BDH problem.

16 Conclusions The authors have developed a new deniable authentication protocol based on identity cryptography that has no need for certificates. this scheme is secure since no one can impersonate the intended receiver under the security assumption of the BDH problem This scheme is non-interactive and suitable for offline authentication.

Download ppt "Identity-based deniable authentication protocol"

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.

11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.
1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.

1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
An Introduction to Identity-based Cryptography

An Introduction to Identity-based Cryptography
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
An Efficient Identity-based Cryptosystem for

An Efficient Identity-based Cryptosystem for
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Similar presentations

Ads by Google