Certificateless Threshold Ring Signature1012

Download Report

Transcript Certificateless Threshold Ring Signature1012 

Certificateless Threshold
Ring Signature
Source: Information Sciences 179(2009) 3685-3696
Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang
Presenter: Chun-Yen Lee
Outline



Introduction
Definition
Proposed scheme
Introduction
Ring signature
Public Key
Introduction
Secret Key
Ring signature
Public Key
Introduction
Secret Key
Ring signature
Public Key
Introduction
Secret Key
Ring signature
Introduction

2001 Rivest et al.


2002 Bresson et al.


Ring signature
extended the notion of ring signature to threshold
setting
2003 Al-Riyami and Paterson

certificateless public key cryptography
Outline



Introduction
Definition
Proposed scheme
Definition






SetUp
MasterKeyGen
PartialKeyGen
UserKeyGen
Sign
Verify
Definition

SetUp


System parameters (param)
MaterKeyGen


master public key (mpk)
master secret key (msk)
Master Public Key
Definition

Master Secret Key
PartialKeyGen
params
ID
user partial key (psk)

UserKeyGen
params
ID
user secret key (usk)
user public key (upk)
Public Key
Definition
Secret Key
Sign
verify
Public Key
Definition
Secret Key
Sign
verify
Outline



Introduction
Definition
Proposed scheme
An efficient 1-out-of-n certificateless
ring signature

SetUp



Input: 1k , k  N
Output: param  (1k , G1 , G2 , q, g , H1 , H 2 )
MasterKeyGen



Input: param
Randomly pick a master secret key msk  R Z q
msk
mpk

g
Master public key
An efficient 1-out-of-n certificateless
ring signature


PartialKeyGen

Input (param, msk, ID)

psk ID  H1 ( ID) msk
UserKeyGen



Input (param, mpk, ID)
Randomly pick a user secret key usk ID  R Z q
usk ID
user public key upk ID  g
An efficient 1-out-of-n certificateless
ring signature

Sign


Randomly pick


c
Input (param, mpk, R, S, m)
 R  L  {upk ; i  L}
i

S  { psk ID , usk ID }, ID  L
r11 , rr22
RR Z qq . For i  L \{ID }, randomly pick ci  R Z q
Compute
H 2 ( param, mpk , R, m, g r1 iL \{ID } upkici , e( g r2 , g )iL \{ID } e( H1 (i ), mpk )ci )


An efficient 1-out-of-n certificateless
ring signature

Compute



cID  c   iL \{ ID } ci (mod q)

Compute
c
r
 s  r1  cID uskID (mod q), and W  g 2 / pskIDID



The signature is   ( s,W , iL {ci })
An efficient 1-out-of-n certificateless
ring signature
  ( s,W , iL {ci })

Verify

Input (param, mpk, R, 1, S, m, σ)

if

ci
ci 
s
c

H
param
,
mpk
,
R
,
m
,
g
upk
,
e
(
W
,
g
)
e
(
H
(
i
),
mpk
)



i
2
i
1
(mod q)
iL
iL
iL

