Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Published byDarleen Reynolds Modified over 9 years ago

Similar presentations

Presentation on theme: "1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou."— Presentation transcript:

1 1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou

2 2 Outline Introduction Hwang-Chen Scheme Our proposed scheme Secure analysis Performance evaluation Conclusions

3 3 Introduction Multi-proxy multi-signature scheme A proxy group can generate a proxy signature on behalf of the original signer group.

4 4 Introduction In Hwang-Chen scheme, the original group and proxy group can cooperate to generate a proxy certificate. Only all the proxy signers can cooperate to sign a message on behalf of the original group. Our improved scheme to be proposed is better than their scheme in terms of computational complexity and communication cost.

5 5 Hwang-Chen Scheme Three phases: Proxy Certificate Generate Phase. Multi-Proxy Multi-Signature Generation Phase. Multi-Proxy Multi-Signature Verification phase.

6 6 Hwang-Chen Scheme p: a large prime. q: a large prime factor of p − 1. g: a generator in Z p with order q. h( · ): a one-way hash function. m w : a warrant. U i : original singer, for i=1, 2, …, n 1. x U i : original singer’s private key. y U i : original singer’s public key, y U i = g x U i mod p. P j : proxy singer, for j=1, 2, …, n 2. x P j : proxy singer’s private key. y P j : proxy singer’s public key, y P j = g x P j mod p. G O : original group of n 1 original signers, G O = {U 1, U 2, …, U n 1 } G P : proxy group of n 2 proxy signers, G P = {P 1, P 2, …, P n 2 }

7 7 Proxy Certificate Generate Phase Step 1: Step 2: Each U i and P j calculates K as Step 3: Each U i selects a random number Calculates Each P j selects a random number Calculates Broadcasts to n 1 -1 original signers and n 2 proxy signers Broadcasts to n 1 original signers and n 2 -1 proxy signers Each U i computes Each P j computes Broadcasts to n 1 +n 2 -1 signers Broadcasts to n 1 +n 2 -1 signers

8 8 Proxy Certificate Generate Phase Step 4: Upon receiving the and, each singer verifies by checking Step 5: If all equations hold, each P j computes The proxy certificate is (K, V ).

9 9 Multi-Proxy Multi-Signature Generation Phase Given a message M, G P wants to sign M on behalf of G O. Step 1: Step 2: Upon obtaining all ’ s, Each P j calculates Step 3: Each P j sends (m w, (K, V), M, (r j, s j )) to the clerk C. Each P j selects a random number Calculates Broadcasts to n 2 -1 proxy signers

10 10 Multi-Proxy Multi-Signature Generation Phase Step 4: Upon obtaining (m w, (K, V), M, (r j, s j )), C verifies the proxy certificate by checking Step 5: C computes If all of individual proxy signatures for M are valid, C calculates The multi-proxy multi-signature is (m w, (K, V), M, (R, S)). and verifies (r j, s j ) by checking

11 11 Multi-Proxy Multi-Signature Verification phase Any verifier can verify the validity of the multi-proxy multi-signature (m w, (K, V), M, (R, S)) by If it holds, the multi-proxy multi-signature (m w, (K, V), M, (R, S)) is valid. Step 1: From m w and (K, V), the verifier checks Step 2: Then, the verifier checks

12 12 Our proposed scheme p, q: two large primes. h( · ): a one-way hash function. m w : a warrant. U i : original singer, for i=1, 2, …, n 1. x U i : original singer’s private key. y U i : original singer’s public key, y U i = x U i -1 mod (p-1)(q-1). P j : proxy singer, for j=1, 2, …, n 2. x P j : proxy singer’s private key. y P j : proxy singer’s public key, y P j = y P j -1 mod (p-1)(q-1). G O : original group of n 1 original signers, G O = {U 1, U 2, …, U n 1 } G P : proxy group of n 2 proxy signers, G P = {P 1, P 2, …, P n 2 }

13 13 Proxy Certificate Generate Phase Step 1: Each U i or P j calculates v i or v n 1 +j following the signing order and sends it to U i+1 or P j+1, where v 0 =h(m w ) Before calculating these, U i or P j should check v i-1 or v n 1 +j-1. EachU i checks whether the following equation holds Each P i checks whether the following equation holds

14 14 Proxy Certificate Generate Phase Step 2: P n 2 broadcasts V=v n 2 to the n 1 original signers and other n 2 -1 proxy signers. Step 3: After receiving V, each U i checks each P j checks If all the above equations hold, the proxy certificate is V.

15 15 Multi-Proxy Multi-Signature Generation Phase Allows n 2 proxy signers to sing M on behalf of the original group. Step 1: Each P j calculates s j to follow the signing order where s 0 =h(M, V). Before calculating s j, P j should first check the validity of s j-1. EachP j checks whether the following equation holds

16 16 Multi-Proxy Multi-Signature Generation Phase Step 2: P n 2 sends m w,V, M and S=s n 2 to the clerk C. Step 3: Upon receiving (m w,V, M,S ), C checks the following equation holds The multi-proxy multi-signature is (m w,V, M,S ).

17 17 Multi-Proxy Multi-Signature Verification phase Any verifier can verify the validity of the multi-proxy multi-signature (m w, V, M, S)) by If it holds, the M is authenticated and the proxy signature (m w, V, M, S) is valid. Step 1: According m w, the verifier can get the public keys of original singer and proxy singer from CA. Step 2: From m w and V, the verifier can checks Step 3: The verifier checks the validity of the proxy signature of M by

18 18 Secure analysis Based on one-way hash function. Cryptographic assumption of factorization. Under the forgery attack, we can prevent by verification equation.

19 19 Performance evaluation T exp : The time for a modular exponentiation computation. T mul: The time for a modular multiplication computation. T inv : The time for a modular inverse computation. T h : The time for computing a one-way hash function h( · ). | x |: The bit-length of an integer x.

20 20 Performance evaluation

21 21 Conclusions We have proposed an improved version of the Hwang-Chen scheme. We show that the proposed scheme is more efficient than the Hwang-Chen scheme in terms of both computation complexity and communication cost.

22 22 Thank You

Download ppt "1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou."

Similar presentations

1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
A New Multi-Proxy Multi- Signature Scheme Source: National Computer Symposium, vol. F, Taiwan, pp. 19-26, 2001 Author: Shin-Jia Hwang and Chiu-Chin Chen.

A New Multi-Proxy Multi- Signature Scheme Source: National Computer Symposium, vol. F, Taiwan, pp , 2001 Author: Shin-Jia Hwang and Chiu-Chin Chen.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

Similar presentations

Ads by Google