Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India
About DA-IICT and Our Group DA-IICT is a private university, located in capital of Gujarat state in India. DA-IICT offers undergraduate and postgraduate Contents programs in Information and Communication Technology. Background Identity-based Cryptosystem Identity-based Signature Conclusion
About DA-IICT and Our Group Cyber Security Research Group in DA-IICT: http://security.daiict.ac.in Contents Background Identity-based Cryptosystem Identity-based Signature Conclusion
Outline Contents Background 1 Background Identity-based Cryptosystem Identity-based Identity-based Cryptosystem 2 Signature Conclusion Identity-based Signature 3 Conclusion 4
Authentication What is Authentication? Contents Authentication is a process of confirming the Background Identity-based (i) identity of an entity (entity authentication); and/or Cryptosystem Identity-based (ii) legitimacy of a document (data origin authentication). Signature Conclusion
Authentication Techniques Password based Contents Symmetric key Keyed Hash Background crypto Identity-based Token based Cryptosystem Identity-based Signature Authentication Conclusion Proxy Signature Public key Digital Multi-signature crypto Signature Ring Signature
Cryptosystem Contents Background Identity-based Cryptosystem Identity-based A Cryptosystem is a 3-tuple (Key Generation, Encryption, Signature Decryption) algorithm defined as: Conclusion
Cryptosystem Contents Background A Cryptosystem is a 3-tuple (Key Generation, Encryption, Identity-based Cryptosystem Decryption) algorithm defined as: Identity-based Signature Key Generation Conclusion INPUT: a security parameter. OUTPUT: key(s) and public parameters.
Cryptosystem Contents A Cryptosystem is a 3-tuple (Key Generation, Encryption, Background Decryption) algorithm defined as: Identity-based Cryptosystem Key Generation Identity-based INPUT: a security parameter. Signature Conclusion OUTPUT: key(s) and public parameters. Encryption INPUT: key, message, public parameters. OUTPUT: ciphertext.
Cryptosystem A Cryptosystem is a 3-tuple (Key Generation, Encryption, Decryption) algorithm defined as: Contents Key Generation Background Identity-based INPUT: a security parameter. Cryptosystem OUTPUT: key(s) and public parameters. Identity-based Signature Conclusion Encryption INPUT: key, message, public parameters. OUTPUT: ciphertext. Decryption INPUT: key, ciphertext, public parameters. OUTPUT: message.
Cryptosystem A Cryptosystem is a 3-tuple (Key Generation, Encryption, Decryption) algorithm defined as: Contents Key Generation Background INPUT: a security parameter. Identity-based Cryptosystem OUTPUT: key(s) and public parameters. Identity-based Signature Conclusion Encryption INPUT: key, message, public parameters. OUTPUT: ciphertext. Decryption INPUT: key, ciphertext, public parameters. OUTPUT: message. Domain: Key space; Message space; Ciphertext space
Cryptosystem (contd.) Symmetric key cryptosystem : One key is used for encryption and decryption. Contents Limitation : Secret key distribution. Background Identity-based Cryptosystem Asymmetric key cryptosystem : Two keys are used for Identity-based Signature encryption (public key) and decryption (private key) Conclusion Limitation : Public key management.
Identity-based Cryptosystem Public key is the user’s identity or derived from the user’s identity (e.g. email). Contents User identity acts as the public key. Background Aim is to eliminate infrastructure for public key Identity-based Cryptosystem certification. Identity-based Signature Conclusion A. Shamir. Identity-based cryptosystems and signature schemes.In Proc. of Advances in Cryptology-CRYPTO’84, LNCS 196, Springer-Verlag, pp. 47-53, 1984. IEEE Standard for identity-based cryptographic techniques using pairings - 1363.3 (2013).
Interesting Properties of Elliptic Curve Let y 2 = x 3 + ax + b be an elliptic curve that forms an elliptic curve group, where a , b ∈ F q for a large prime q . Contents Background Identity-based Cryptosystem Identity-based Signature Conclusion
Bilinear Pairing Let G 1 be an additive group of order a prime q , P be a generator of G 1 , and G 2 be a multiplicative group of order Contents prime q . Background A bilinear pairing is a map e : G 1 × G 1 → G 2 that satisfies the Identity-based Cryptosystem following properties. Identity-based Signature Conclusion Properties of Bilinear Pairing 1) e ( aP , bQ ) = e ( P , Q ) ab , for all P , Q ∈ G 1 and a , b ∈ Z ∗ q . 2) There exist P , Q ∈ G 1 such that e ( P , Q ) � = 1. 3) There exists an efficient algorithm to compute e ( P , Q ).
Computational Hardness Assumptions Elliptic curve discrete logarithm problem Given P , Q (= xP ), finding x is computationally infeasible. Contents Background Computational Diffie-Hellman problem Identity-based Cryptosystem Given P , aP , bP , finding abP is computationally infeasible. Identity-based Signature Conclusion There are many other variants...
Pairing-based Authenticated Key Exchange+ Scenario: Mobile communications Contents Background Identity-based Cryptosystem Identity-based Signature Conclusion
Pairing-based Authenticated Key Exchange+ Scenario: Wireless Sensor Networks Contents Background Identity-based Cryptosystem Identity-based Signature Conclusion
Identity-based Signature(IDS) Scheme Contents Background Identity-based Cryptosystem Identity-based Signature IDS is defined by the 4-tuple (Setup, KeyGen, Sign, Verify) Conclusion
Identity-based Signature(IDS) Scheme Contents Background Identity-based IDS is defined by the 4-tuple (Setup, KeyGen, Sign, Verify) Cryptosystem Identity-based System keys ← Setup( 1 k ) Signature Conclusion Inputs a security parameter k ; Outputs system secret and public keys.
Identity-based Signature(IDS) Scheme Contents IDS is defined by the 4-tuple (Setup, KeyGen, Sign, Verify) Background Identity-based Cryptosystem System keys ← Setup( 1 k ) Identity-based Inputs a security parameter k ; Outputs system secret and Signature public keys. Conclusion User private key ← KeyGen(user ID, system keys) Inputs user ID; Outputs user private key.
Identity-based Signature(IDS) Scheme IDS is defined by the 4-tuple (Setup, KeyGen, Sign, Verify) Contents Background System keys ← Setup( 1 k ) Identity-based Cryptosystem Inputs a security parameter k ; Outputs system secret and Identity-based public keys. Signature Conclusion User private key ← KeyGen(user ID, system keys) Inputs user ID; Outputs user private key. σ ← Sign( m , user private key, public parameter) Inputs message m and user private key; Outputs signature σ .
Identity-based Signature(IDS) Scheme IDS is defined by the 4-tuple (Setup, KeyGen, Sign, Verify) System keys ← Setup( 1 k ) Contents Inputs a security parameter k ; Outputs system secret and Background public keys. Identity-based Cryptosystem Identity-based User private key ← KeyGen(user ID, system keys) Signature Conclusion Inputs user ID; Outputs user private key. σ ← Sign( m , user private key, public parameter) Inputs message m and user private key; Outputs signature σ . Accept/Reject ← Verify(user ID, m , σ , public parameter) Inputs signature σ , message m , user ID, public parameters; Outputs Accept or Reject.
Identity-based Signature Scheme (Setup, KeyGen, Sign, Verify) System keys ← Setup( 1 k ) Contents G 1 is an additive group of order prime q ; G 2 is a multiplicative group of order prime q ; Background P is a generator of G 1 ; Identity-based Cryptosystem e : G 1 × G 1 → G 2 is a bilinear map; Identity-based H , h are cryptographic hash function. Signature The system selects s ∈ Z ∗ q as the master secret key and computes Conclusion its public key PK KGC = s · P . The KGC publishes the public parameters params = < G 1 , G 2 , P , e , H , h , q , PK KGC > . s master secret 1 k Setup params : public parameters < G 1 , G 2 , P , e , H , h , q , PK KGC >
Identity-based Signature Scheme (Setup, KeyGen, Sign, Verify) SK U ← KeyGen( params , s , ID U ) KGC generates user private key SK U = s . PK U , Contents where user public key PK U = H ( ID U ). Background Identity-based Cryptosystem Identity-based params Signature SK U = s · PK U Conclusion s KeyGen user private key ID U KGC sends the private key SK U to the user securely.
Problems in user private key generation KGC generates user private key and sends it to the user securely. Contents Background Identity-based Cryptosystem (1) User’s private key is known to the KGC Identity-based ⇒ Key-escrow problem . Signature Conclusion (2) Sending user private key requires secure channel .
Recommend
More recommend