1-out-of-2 Signature Mirosław Kutyłowski 1 and 1-out-of-2 Signature Jun Shao 2 What’s 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 Definitions of 1-out-of-2 signature 1 Institute of Mathematics and Computer Science Our proposal Wrocław University of Technology Extension 2 College of Computer and Information Engineering Zhejiang Gongshang University 2011-3-22
Table of Content 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 What’s 1-out-of-2 Signature 1 What’s 1-out-of-2 Signature 2 Definitions of 1-out-of-2 signature Definitions of 1-out-of-2 signature 3 Our proposal Our proposal Extension Extension 4
Signature with delegation capability 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 In digital signature, when the signer is absent, he/she will What’s 1-out-of-2 delegate his/her signing rights to a proxy. Signature Definitions of 1-out-of-2 signature Our proposal Extension
Signature with delegation capability 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 In digital signature, when the signer is absent, he/she will What’s 1-out-of-2 delegate his/her signing rights to a proxy. Signature Proxy signature Definitions of 1-out-of-2 signature Our proposal Extension
Signature with delegation capability 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 In digital signature, when the signer is absent, he/she will What’s 1-out-of-2 delegate his/her signing rights to a proxy. Signature Proxy signature Definitions of 1-out-of-2 signature Proxy re-signature Our proposal Extension
Signature with delegation capability 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 In digital signature, when the signer is absent, he/she will What’s 1-out-of-2 delegate his/her signing rights to a proxy. Signature Proxy signature Definitions of 1-out-of-2 signature Proxy re-signature Our proposal Mediated signature Extension
Signature with delegation capability 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 In digital signature, when the signer is absent, he/she will What’s 1-out-of-2 delegate his/her signing rights to a proxy. Signature Proxy signature Definitions of 1-out-of-2 In a proxy signature scheme, the original signer signature delegates his/her signing rights to a proxy, who can sign Our proposal messages on behalf of the original signer afterwards. Extension
Signature with delegation capability 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 In digital signature, when the signer is absent, he/she will What’s delegate his/her signing rights to a proxy. 1-out-of-2 Signature Proxy signature Definitions of Proxy re-signature 1-out-of-2 signature In a proxy re-signature scheme, a proxy can transform a Our proposal signature of the delegatee to another signature of the Extension delegator on the same message.
Signature with delegation capability 1-out-of-2 Signature Mirosław Kutyłowski 1 and In digital signature, when the signer is absent, he/she will Jun Shao 2 delegate his/her signing rights to a proxy. What’s Proxy signature 1-out-of-2 Signature Proxy re-signature Definitions of 1-out-of-2 Mediated signature signature In a mediated signature scheme, an on-line Our proposal semi-trusted mediator (SEM) should involve in every Extension signing process to help the original signer to generate the signature.
Scenario 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 In some cases, the signer just wanna give the proxy the What’s limited delegation, which satisfies that 1-out-of-2 Signature The proxy can generate the signature on only one Definitions of 1-out-of-2 message from two given messages. signature The signature generated by the proxy is Our proposal indistinguishable from the one by the signer. Extension
Scenario 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 Proxy signature ✖ What’s 1-out-of-2 Distinguishable Signature Definitions of 1-out-of-2 signature Our proposal Extension
Scenario 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 Proxy signature ✖ What’s 1-out-of-2 Distinguishable Signature Proxy re-signature ✖ Definitions of 1-out-of-2 Public key is changed signature Our proposal Extension
Scenario 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 Proxy signature ✖ What’s 1-out-of-2 Distinguishable Signature Proxy re-signature ✖ Definitions of 1-out-of-2 Public key is changed signature Mediated signature ✖ Our proposal Extension The proxy is always involved
Functionality of 1-out-of-2 signature 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 1-out-of-2 signature is a kind of signature with delegation capability. What’s 1-out-of-2 Signature Definitions of 1-out-of-2 signature Our proposal Extension
Functionality of 1-out-of-2 signature 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 1-out-of-2 signature is a kind of signature with delegation capability. In particular, What’s 1-out-of-2 Signature The proxy can transform one of two given partial Definitions of signatures of the signer into one full signature. 1-out-of-2 signature Our proposal Extension
Functionality of 1-out-of-2 signature 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 1-out-of-2 signature is a kind of signature with delegation capability. In particular, What’s 1-out-of-2 Signature The proxy can transform one of two given partial Definitions of signatures of the signer into one full signature. 1-out-of-2 signature The proxy can transform only one of the two given Our proposal partial signatures; otherwise, the secret key of the Extension proxy will be revealed.
Definition 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 SKeyGen ( 1 k ) → ( pk S , sk S ) . What’s PKeyGen ( 1 k ) → ( pk P , sk P ) . 1-out-of-2 Signature PreSign ( sk S , pk P , ( m 0 , m 1 )) → (( σ 0 , m 0 ) , ( σ 1 , m 1 )) . Definitions of 1-out-of-2 Trans ( σ 0 , σ 1 , sk P ) → σ ′ b , ( b ∈ { 0 , 1 } ) . signature Our proposal Verify (( σ ′ , m ) , pk S ) → 1 or 0. Extension Reveal (( σ 0 , σ 1 ) , ( σ ′ 0 , σ ′ 1 ) , pk P ) → sk P .
Security Model—Existential Unforgeability 1-out-of-2 Signature Mirosław Kutyłowski 1 and Setup ( pk S , sk S ) , ( pk P , sk P ) . Jun Shao 2 Queries Secret key oracle O Psk . What’s Partial signature generation oracle O ps . 1-out-of-2 Full signature generation oracle O t . Signature Definitions of Forgery The adversary outputs a full signature ( σ ∗ , m ∗ ) . 1-out-of-2 signature Our proposal Verify (( σ ∗ , m ∗ ) , pk S ) → 1. Extension ( ∗ , m ∗ ) has not been queried to O t . m ∗ has not been queried to O ps or O Psk has not been queried.
Security Model—Confidentiality 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 Setup Identical to that in the game for Existential What’s Unforgeability. 1-out-of-2 Signature Secret key oracle O Ssk . Queries Definitions of Partial signature generation oracle O ps . 1-out-of-2 signature Full signature generation oracle O t . Our proposal Output The adversary wins if he/she outputs the Extension proxy’s secret key sk P .
Our proposal—one-time signature method 1-out-of-2 Signature It works in a finite cyclic group G = < g > with prime order Mirosław p . Kutyłowski 1 and SKeyGen : X = g x ∈ G , x ∈ Z ∗ Jun Shao 2 p . PKeyGen : Y = g y ∈ G , y ∈ Z ∗ p . What’s 1-out-of-2 PreSign : ( x , Y , m 0 , m 1 ) Signature The proxy sends A = g a to the signer, where a is a Definitions of 1-out-of-2 random number from Z ∗ p . signature On receiving A , the signer computes two partial Our proposal signatures on m 0 , m 1 as follows. For ( b ′ = 0 , 1 ) Extension ( Y H 1 ( Y || A || b ′ ) · A ) · g r b ′ , R b ′ = S b ′ = r b ′ + H 2 ( m b ′ || R b ′ ) · x mod p , where r b ′ , ( b ′ = 0 , 1 ) are random numbers from Z ∗ p . The signer sends ( R b ′ , S b ′ , b ′ ) , ( b ′ = 0 , 1 ) to the proxy.
Our proposal 1-out-of-2 Signature Mirosław Kutyłowski 1 Trans : On input ( R b ′ , S b ′ , m b ′ ) , ( b ′ = 0 , 1 ) , a , y , it and Jun Shao 2 outputs ( R ′ b , S ′ b , b ) , ( b ∈ { 0 , 1 } ) : R ′ b = R b , S ′ b = S b + ( y · H 1 ( Y || g a || b ) + a ) mod p . What’s 1-out-of-2 Verify : On input ( R ′ , S ′ , m ) , X , it outputs 1 if Signature g S ′ = R ′ · X H 2 ( m || R ′ ) holds; otherwise, it outputs 0. Definitions of 1-out-of-2 Reveal : On input ( R b ′ , S b ′ , b ′ ) , ( b ′ = 0 , 1 ) , signature Our proposal b ′ , b ′ ) , ( b ′ = 0 , 1 ) , A , Y , it outputs y . ( R ′ b ′ , S ′ Extension � S ′ 0 − S 0 = y · H 1 ( Y || A || 0 ) + a mod p , S ′ 1 − S 1 = y · H 1 ( Y || A || 1 ) + a mod p .
Security analysis 1-out-of-2 Signature Mirosław Kutyłowski 1 and Jun Shao 2 What’s Theorem 1-out-of-2 Signature The above proposal is existentially unforgeable and Definitions of 1-out-of-2 confidential in the random oracle model based on the DL signature assumption. Our proposal Extension
Recommend
More recommend