New embedded S
Download 1.14 Mb.
|
- Navigate this page:
- 6.5.3.1ElGamal - Message Encryption
- 6.5.3.2Massey-Omura (Shamir’s no-key protocol) - Message Encryption
- 6.5.3.3KMOV - Message Encryption
- 6.5.3.4Demytko - Message Encryption
- 6.5.3.5Proxy blind signature scheme
- 6.5.3.5.1Proposed Protocol
- 6.5.3.5.2Proxy blind multi-signature scheme
- 6.5.3.5.3Security properties
6.5.3ProtocolsA number of protocols can be defined over elliptic curves. This document will refer to the most widespread: Elliptic Curve Digital Signature Algorithm (ECDSA) [ansi962][fips186][ieee][rfc], Elliptic Curve Diffie-Hellman (ECDH) [ansi963][ieee][rfc], Elliptic Curve Menesez-Qu-Vanstone (ECMQV) [ansi963][ieee], Elliptic Curve Integrated Encryption Standard (ECIES). ECDH is an analogue of the common Diffie-Hellman key exchange, with the same purpose. The pseudocode that describes ECDH algorithm is the following:
The ECDSA algorithm is a digital sign algorithm analogue to the common DSA algorithm: this signature scheme is a standard that is recognized from NIST and IEEE. The pseudocode that describes ECDSA algorithm is the following: INPUT: domain parameters, message to sign m OUTPUT: SIGN PROCEDURE:
VERIFICATION PROCEDURE:
DEMONSTRATION: This protocol is secure if ECDLP is untreatable and the hash function is strong; the parameter k is called per message secret and must be generated and destroyed immediately after: if k was known it would be easy to derive the private key. 6.5.3.1ElGamal - Message EncryptionElGamal is an encryption protocol based on DLP. Thus ECDH problem is equivalent to solving the problem of decrypting simple encryption scheme ciphertexts. Since ECDH is equivalent to EC El Gamal, we immediately can infer the equivalence of the problem of decrypting EC EL Gamal ciphertexts and decrypting simple encryption scheme ciphertexts. If Alice wants to send Bob a message  encrypted with ElGamal, Bob has to set up a public key as follows. He picks an elliptic curve  defined over a finite field  such that the DLP is hard for the group E(). He chooses a point  on such that the order of is (divisible by) a large prime. He picks a random integer s and computes  . Bob’s public key then is  , his private key is the integer s.
Table - The ElGamal public key cryptosystem.
This works because 6.5.3.2Massey-Omura (Shamir’s no-key protocol) - Message EncryptionThe following cryptosystem was described in an unpublished mansucript of Shamir; it is also called Massey-Omura, and was first discovered by M. Williamson but not published since he was working at the GCHQ (a British Intelligence service) at the time. Table explains the protocol, which is clearly based on the difficulty of the discrete log problem. The advantage of Shamir’s no-key protocol is the fact that no keys are involved; the main disadvantage is that for sending one message, Alice has to send two ciphertexts, and wait for Bob’s ciphertext to arrive. Here Alice and Bob agree on an elliptic curve
In fact, 6.5.3.3KMOV - Message EncryptionThis protocol, which was suggested by Koyama, Maurer, Okamoto & Vanstone, works as follows. Alice picks primes  and forms the RSA-key  . It is easy to see that  for all primes  and elliptic curves  over  . Her public encryption key is a random integer  chosen coprime to  , and her private decryption key  is computed via  . Although  is not a group, it is still true that  for (almost) all points on .
For sending a message  to Alice, Bob computes  and computes  on the elliptic curve  ; then he sends the pair  to Alice, who decrypts it by computing  on  and recovers the original message by dropping the last 10 bits.
6.5.3.4Demytko - Message EncryptionLet  be an elliptic curve over , and let denote a quadratic nonresidue  . Then the cubic  can be brought into Weierstrass form by multiplying through with  ands setting  : this gives  . The elliptic curve  is called a quadratic twist of .
It is an easy exercise to show that if  , then  . Moreover, if  is not the -coordinate of a point on , then it is the -coordinate of a point on . For a point  , let  denote the -coordinate of the point  .
Now Alice chooses an RSA-modulus and an elliptic curve defined over  . She also finds quadratic nonresidues  and  , and defines the quadratic twists  , and  . Let be an integer coprime to the groups orders of these four curves (i.e., coprime to  and  ). In order to encrypt a message  , she first computes  and  ; if both symbols are positive, then is the -coordinate of some point  .  and  , then is the -coordinate of some point  etc. Bob now computes  and sends  to Alice. For decrypting the message, Alice sets
where 6.5.3.5Proxy blind signature schemeThe blind signature scheme is a protocol for obtaining a signature from a signer, but the signer can neither learn the messages nor see the signatures the recipients obtain afterwards. In proxy signature scheme, the original signer delegates his signing capacity to a proxy signer who can sign a message submitted on behalf of the original signer. A verifier can validate its correctness and can distinguish between a normal signature and a proxy signature. In multi-proxy signature scheme, an original signer is allowed to authorize a group of proxy members to generate the multi signature on behalf of the original signer. A proxy blind signature scheme is a digital signature scheme that ensures the properties of proxy signature and blind signature. In a proxy blind signature, an original signer delegates his signing capacity to proxy signer. A proxy blind signature scheme is a special form of blind signature which allows a designated person called proxy signer to sign on behalf of two or more original signers without knowing the content of the message or document. It combines the advantages of proxy signature, blind signature and multi-signature.
Most of the proxy blind signature schemes were developed based on the mathematical hard problems integer factorization (IFP) and simple discrete logarithm (DLP) which take sub-exponential time to solve. Alghazzawi et al. [7] describe a simple proxy blind signature scheme based on Elliptic Curve Discrete Logarithm Problem (ECDLP), which is solved in fully-exponential time. The algorithms for solving the ECDLP become infeasible much more rapidly as the problem size increases more than those algorithms for the IFP and DLP. Thus, ECC offers security equivalent to RSA and DSA while using far smaller key sizes. The benefits of this higher-strength per-bit include higher speeds, lower power consumption, bandwidth savings, storage efficiencies, and smaller certificates. This can be implemented in low power and small processor mobile devices such as smart card, PDA etc. which work in low power and small processor. 6.5.3.5.1Proposed ProtocolThe protocol involves three entities:
It is described as follows. Proxy Phase
The original signer S selects random integer k in the interval  . Computes  and  . Where  is regarded as an integer between 0 and q–1, then computes  and computes  .
The original signer S sends  to the proxy signer  and make  public.
After receiving the secret key pairs , the proxy signer checks the validity of the secret key pairs with the following equation.
 (1)
Signing Phase
 (2)
 (3)
 (4)
and verifier V sends e to the proxy signer Ps.
 (5)
and sends it to V.
The tuples  is the proxy blind signature.
Verification Phase The verifier V computes the following equation.  (7)
and verifies the validity of proxy blind signature 6.5.3.5.2Proxy blind multi-signature schemeKar [6] describes an efficient proxy blind multi-signature scheme. It satisfies the security properties of both proxy and blind signature scheme. In the proposed scheme the security is based on the difficulty of breaking the one-way hash function and the elliptic curve discrete logarithm problem (ECDLP). Signatures can only be generated during valid delegation period. A trusted third party called certificate authority is utilized to ensure that. 6.5.3.5.3Security propertiesThe security properties for a secure blind multi-signature scheme are as follows:
Directory: images images -> Pelan pentaksiran kursus images -> Military callsign list as of dec 2010 images -> For Date: 02/01/2013 Friday Call Number Time Call Reason Action 13-768 0008 motor vehicle stop warning Issued images -> Creating Buy-In – Building Relationships images -> Deadline: Saturday, March 12th, 2016 images -> News items from Raising Our Voices images -> Last year four of the best Afrikaans Christian singers joined forces to tour Down Under with the production ‘Manne wat Glo’ images -> World-renowned vocal ensemble sweet honey in the rock images -> Peoples Voice Café History images -> Simon Mckeown Artist C. V. DaDaFest International Artist of the Year 2010 Download 1.14 Mb. Share with your friends:
| |||||||||||||||
randomly and calculates 
randomly and calculates 
(they are called ephemeral keys)
: in particular the shared secret is the x – coordinate of the point just obtained.
randomly
back to the beginning
has been used an hash function
; if 
back to the beginning
otherwise reject
and 
; If 
reject
accept, otherwise reject.
. If Alice uses the same “random” integer 
, and if Eve knows the plaintext 
is hard. They compute the group order 
and use a method for embedding messages as points 
with 
and sends 
to Alice
since 
etc.
. Then she computes 
and decrypts the message via 
.
and computes 
and sends it to the verifier V.
and computes the following
(6)
.