Download presentation
Presentation is loading. Please wait.
1
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards and Interfaces, Vol. 27, No. 4, pp. 407- 413, 2005. Presented by 廖冠捷 (2005/04/08)
2
2 Introduction RSA based multisignature e i *d i =1 mod (n i ) s i = s i-1 d i mod n i (message must be reblocked) ID-based multisignature scheme No reblocking No predetermined order of signing
3
3 ID-based multisignature scheme Initial phase Key Authentication Center (KAC) p, q: two distinct large primes (keeping secret) N = p · q: public value E (1<E< (N), gcd( (N), E)=1): public key of KAC D = E -1 mod N: private key of KAC
4
4 ID-based multisignature scheme Key generation phase ID i (1<ID i <N): User U i ’s identity KAC compute U i ’s private key as follows d i =ID i ·D ID i mod (N) KAC publishes ID i and returns d i to U i in a secret manner.
5
5 ID-based multisignature scheme Signing phase Assume that authorized user U 1, U 2, …, U m will collectively sign on document M U i generate the signature S i such that S i =S i-1 di mod N, where S 0 =M Then multisignature
6
6 ID-based multisignature scheme Verification phase Compute so that Check whether
7
7 Security analysis Secrecy The security of the KAC’s private key D Resistance against collaboration attacks Several users may reveal their private key in order to attempt deriving the private keys of other users.
8
8 Conclusions The public key certification can be simplified It does not require reblocking of signed message It is not necessary to enforce predetermined order of signing
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.