Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Jyh-haw Yeh Boise State University ICIKM 2013.

Published byGinger Harris Modified over 9 years ago

Similar presentations

Presentation on theme: "By Jyh-haw Yeh Boise State University ICIKM 2013."— Presentation transcript:

1 By Jyh-haw Yeh Boise State University ICIKM 2013

2 Identity-based Public Key Cryptosystems (IDPKC) How do you know the other party’s public key is a valid one? Traditional PKC requires a certificate authority (CA) to issue a public key certificate. With the certificate, the key can be verified. IDPKC: all public keys are generated based on the owner’s identity. Thus, no CA required.

3 IDPKC from Pairings Setup: A PKG (public key generator) Additive group, order, a generator Multiplicative group, order A bilinear map System private key s, system public key

4 Bilinear Pairings Background Bilinearity: Non-degeneracy: Computability: it’s efficient to compute

5 IDPKC from Pairings Key Generation: for each user Public key, private key Both keys are points in

6 IDPKC from Pairings Signature Generation: to sign a message Pick a random number Compute, where is the x-coordinate of the point The signature is

7 IDPKC from Pairings Signature Verification: Verify signature on a message Use the following equation

8 Potential Security Vulnerability Traditionally cryptographic hash function is defined as Easy forwarding computation Pre-image resistance: given a, it’s hard to compute the pre-image Second pre-image resistance: given, it’s hard to find another such that Collision resistance: it’s hard to find any pair of and such that

9 Potential Security Vulnerability The hash function used to generate the public key in IDPKC,, might be implemented incorrectly if only based on the traditional definition.

10 Potential Security Vulnerability For example, the implementer can construct as follows: Use a traditional hash function Let It can be proven that since satisfies the four hash function properties, also satisfies the four hash properties. Using such in IDPKC to generate public keys is not secure.

11 Potential Security Vulnerability Adversary can derive private key by first computing Since can derive private key by computing

12 Contribution of the Paper Points out the potential security vulnerability of common IDPKC using pairings. To avoid the vulnerability, the paper defines another property for the hash function used in IDPKC to generate the public key. Ratio resistance: Given any two public keys, it’s hard to find the ratio such that

Download ppt "By Jyh-haw Yeh Boise State University ICIKM 2013."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Advanced Security Constructions and Key Management Class 16.

Advanced Security Constructions and Key Management Class 16.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Cryptographic Security CS5204 – Operating Systems1.

Cryptographic Security CS5204 – Operating Systems1.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,

RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by.

Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p Present by.

Similar presentations

Ads by Google