Certificateless Threshold Ring Signature1012
Download
Report
Transcript Certificateless Threshold Ring Signature1012
Certificateless Threshold
Ring Signature
Source: Information Sciences 179(2009) 3685-3696
Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang
Presenter: Chun-Yen Lee
Outline
Introduction
Definition
Proposed scheme
Introduction
Ring signature
Public Key
Introduction
Secret Key
Ring signature
Public Key
Introduction
Secret Key
Ring signature
Public Key
Introduction
Secret Key
Ring signature
Introduction
2001 Rivest et al.
2002 Bresson et al.
Ring signature
extended the notion of ring signature to threshold
setting
2003 Al-Riyami and Paterson
certificateless public key cryptography
Outline
Introduction
Definition
Proposed scheme
Definition
SetUp
MasterKeyGen
PartialKeyGen
UserKeyGen
Sign
Verify
Definition
SetUp
System parameters (param)
MaterKeyGen
master public key (mpk)
master secret key (msk)
Master Public Key
Definition
Master Secret Key
PartialKeyGen
params
ID
user partial key (psk)
UserKeyGen
params
ID
user secret key (usk)
user public key (upk)
Public Key
Definition
Secret Key
Sign
verify
Public Key
Definition
Secret Key
Sign
verify
Outline
Introduction
Definition
Proposed scheme
An efficient 1-out-of-n certificateless
ring signature
SetUp
Input: 1k , k N
Output: param (1k , G1 , G2 , q, g , H1 , H 2 )
MasterKeyGen
Input: param
Randomly pick a master secret key msk R Z q
msk
mpk
g
Master public key
An efficient 1-out-of-n certificateless
ring signature
PartialKeyGen
Input (param, msk, ID)
psk ID H1 ( ID) msk
UserKeyGen
Input (param, mpk, ID)
Randomly pick a user secret key usk ID R Z q
usk ID
user public key upk ID g
An efficient 1-out-of-n certificateless
ring signature
Sign
Randomly pick
c
Input (param, mpk, R, S, m)
R L {upk ; i L}
i
S { psk ID , usk ID }, ID L
r11 , rr22
RR Z qq . For i L \{ID }, randomly pick ci R Z q
Compute
H 2 ( param, mpk , R, m, g r1 iL \{ID } upkici , e( g r2 , g )iL \{ID } e( H1 (i ), mpk )ci )
An efficient 1-out-of-n certificateless
ring signature
Compute
cID c iL \{ ID } ci (mod q)
Compute
c
r
s r1 cID uskID (mod q), and W g 2 / pskIDID
The signature is ( s,W , iL {ci })
An efficient 1-out-of-n certificateless
ring signature
( s,W , iL {ci })
Verify
Input (param, mpk, R, 1, S, m, σ)
if
ci
ci
s
c
H
param
,
mpk
,
R
,
m
,
g
upk
,
e
(
W
,
g
)
e
(
H
(
i
),
mpk
)
i
2
i
1
(mod q)
iL
iL
iL