Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:"— Presentation transcript:

1 Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From: ACNS 2007, LNCS 4521,pp.270-287,2007 Reporter: 張延詮 2011/12/6 1

2 OUTLINE Introduction Scheme Conclusion 2

3 Introduction Unlinkable Secret Handshakes an Unlinkable Secret Handshake scheme is a perfectly private authentication method in the PKI setting: One can establish authenticated communication with parties that possess the credentials required by one’s policy,and at the same time one’s affiliation and identity remain perfectly secret to everyone except of the parties to whom one wants to authenticate. EX: FBI- 3

4 Introduction Unlinkable Secret Handshakes Definition PKI (Public Key Infrastructure) In a traditional public key cryptography (PKC), a user Alice signs a message using her private key. A verifier Bob verifies the signature using Alice's public key. However, the public key is just merely a random string and it does not provide authentication of the signer by itself. 4

5 Introduction Unlinkable Secret Handshakes Definition PKI ( Public Key Infrastructure) This problem can be solved by incorporating a certifcate generated by a trusted party called the Certifcate Authority (CA) that provides an unforgeable signature and trusted link between the public key and the identity of the signer. The hierarchical framework is called the public key infrastructure (PKI), which is responsible to issue and manage the certifcate (chain). In this case,prior to the verification of a signature, Bob needs to obtain Alice's certifcate in advance and verify the validity of her certifcate. If it is valid, Bob extracts the corresponding public key which is then used to verify the signature. In the point of view of a verifier, it takes two verifcation steps for independent signatures. 5

6 Introduction Unlinkable Secret Handshakes affiliation hiding- Unlinkability- policy hiding- 6

7 Introduction Unlinkable Secret Handshakes Definition policy hiding EXAMPLE : Bob is a bank offering certain special-rate loans and Alice would like to know whether she is eligible for such a loan before she applies. Alice has a digital driver license certificate issued by the state authority; the certificate contains her birth-date, address, and other attribute data. Alice has also an income certificate issued by her employer documenting her salary and the starting date of her employment. Bob determines whether Alice is eligible for a special- rate loan based on Alice’s attribute information. For example, Bob may require that one of the following two conditions holds: 7

8 Introduction Unlinkable Secret Handshakes Definition policy hiding For example, Bob may require that one of the following two conditions holds: (1) Alice is over 30 years old, has an income of no less than $43K, and has been in the current job for over six months; (2) Alice is over 25 years old, has an income of no less than $45K, and has been in the current job for at least one year. Bob is willing to reveal that his loan-approval policy uses the applicant’s birth-date, current salary, and the length of the current employment; however, Bob considers the detail of his policy to be commercial secret and does not want to reveal it to others 8

9 Introduction Key-Private Group Key Management is a stateful version of the publickey broadcast encryption 9

10 Introduction Key-Private Group Key Management In a Public-Key GKM scheme we consider a group of players administered by a group manager, who creates a public (encryption) key, issues private (decryption) keys to the group members, and can revoke any member by broadcasting a revocation information, which is used to update both the public and the private keys. 10

11 OUTLINE Introduction Scheme Conclusion 11

12 Scheme Unlinkable Handshakes from Key-Private Group Key Management H : {0, 1} ∗ → {0, 1}k is a hash function modeled as random oracle in the security analysis. Each player’s inputs in the protocol is a triple (SK,TPK, resp/init). SK is that player’s GKM key. TPK is the public key. resp/init is the player’s role in the protocol. (initial/response) PKGroup(TPK) identifies the group of the public key. 12

13 Scheme SKGroup(SK) = PKGroup(TPK) 13

14 OUTLINE Introduction Scheme Conclusion 14

15 Conclusion The main ingredient in our solution is a construction of a key-private publickey group key management [PKGKM], which is a stateful version of the publickey broadcast encryption. 15

Download ppt "Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:"

Similar presentations

What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.

Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Similar presentations

Ads by Google