cryptanalysis on du-wen certificateless short signature scheme
DESCRIPTION
Cryptanalysis on Du-Wen Certificateless Short Signature Scheme. C.I. Fan, R.H. Hsu, and P.H. Ho Joint Workshop on Information Security Presenter: Yu-Chi Chen. Outline. Review of Hu et al.’s paper Review of Du and Wen’s CLS scheme Fan et al.’s improved CLS scheme Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/1.jpg)
Cryptanalysis on Du-Wen Certificateless Short Signature Scheme
C.I. Fan, R.H. Hsu, and P.H. Ho
Joint Workshop on Information Security
Presenter: Yu-Chi Chen
![Page 2: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/2.jpg)
Outline.
• Review of Hu et al.’s paper
• Review of Du and Wen’s CLS scheme
• Fan et al.’s improved CLS scheme
• Conclusion
![Page 3: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/3.jpg)
Review of Hu et al’s paper
• Hu et al.’s remedy: – The public key is inserted into the partial-private-
key.
![Page 4: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/4.jpg)
• Hu et al.’s remedy: – Achieving level-3 security.
– KGC does not know any user's secret value and cannot act as any user by generating a false partial private key without being detected.
![Page 5: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/5.jpg)
Outline.
• Review of Hu et al.’s paper
• Review of Du and Wen’s CLS scheme
• Fan et al.’s improved CLS scheme
• Conclusion
![Page 6: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/6.jpg)
Review of DW CLS scheme
• This scheme is presented by Chun-Yen Lee in 2009/12/29.– Title: Efficient and provably-secure certificateless
short signature scheme from bilinear pairings
– From: Computer Standards & Interfaces (IF:1.074 42/86)
– Author: Hongzhen Du, Qiaoyan Wen
![Page 7: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/7.jpg)
112/04/21 7
An efficient CLS scheme (1/9)
• This scheme– Setup:
– Partial-Private-Key-Extract:
– Set-Secret-Value:
– Set-Private-Key:
– Set-Public-Key:
– CL-Sign:
– CL-Verify:
![Page 8: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/8.jpg)
112/04/21 8
An efficient CLS scheme (2/9)
• Setup: KGC– security parameter l
– G1 and G2 (same prime order q>2l)
– P is a generator of group G1
– g = e(P,P)
– H1:{0, 1}*→Z*q, H2:{0, 1}*×G1 → Z*
q
![Page 9: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/9.jpg)
112/04/21 9
An efficient CLS scheme (3/9)
– s ∈ Z*q (system master key)
– Computes public key Ppub=sP ∈ G1
– KGC publishes the system list params:
{l, G1, G2 , e, q, P, g, Ppub , H1, H2}
![Page 10: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/10.jpg)
112/04/21 10
An efficient CLS scheme (4/9)
• Partial-Private-Key-Extract:
ID 1
IDID
Q H ID
1d P
Qs
KGC
user
Secure channel?
( , )ID pub IDe d P Q P g
pub IDT P Q P
dID
![Page 11: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/11.jpg)
112/04/21 11
An efficient CLS scheme (5/9)
• Set-Secret-Value:• r Z∈ *
q (secret value)
• Set-Private-Key:• (dID, r) (private key)
• Set-Public-Key:• pkID = r(Ppub+QIDP) = rT
![Page 12: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/12.jpg)
112/04/21 12
An efficient CLS scheme (6/9)
• CL-Sign:– m (0, 1)∈ *
• Sets h=H2(m, pkID)
• Computes 1 1
( )( )IDID
S d Pr h r h s Q
![Page 13: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/13.jpg)
112/04/21 13
An efficient CLS scheme(7/9)
• CL-Verify:– Computes h = H2(m, pkID)
– ( , , , , ) 1 ( , )ID IDVer params m ID pk S e S pk hT g
![Page 14: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/14.jpg)
112/04/21 14
An efficient CLS scheme(9/9)
![Page 15: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/15.jpg)
Outline.
• Review of Hu et al.’s paper
• Review of Du and Wen’s CLS scheme
• Fan et al.’s improved CLS scheme
• Conclusion
![Page 16: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/16.jpg)
Fan et al.’s improved CLS scheme
• Fan et al. base on DW scheme to propose an improved CLS scheme.
• This scheme does not require more computing than DW scheme, but it needs two components of the public key [pk, pk’].
![Page 17: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/17.jpg)
112/04/21 17
FHH scheme (1/9)
• This scheme as DW scheme– Setup:
– Partial-Private-Key-Extract:
– Set-Secret-Value:
– Set-Private-Key:
– Set-Public-Key:
– CL-Sign:
– CL-Verify:
![Page 18: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/18.jpg)
112/04/21 18
FHH scheme (2/9)
• Setup: KGC– security parameter l
– G1 and G2 (same prime order q>2l)
– P is a generator of group G1
– g = e(P,P)
– H1:{0, 1}*→Z*q, H2:{0, 1}*×G1 → Z*
q
![Page 19: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/19.jpg)
112/04/21 19
FHH scheme(3/9)
– s ∈ Z*q (system master key)
– Computes public key Ppub=sP ∈ G1
– KGC publishes the system list params:
{l, G1, G2 , e, q, P, g, Ppub , H1, H2}
![Page 20: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/20.jpg)
112/04/21 20
FHH scheme (4/9)
• Partial-Private-Key-Extract:
KGC
user
Secure channel
dID
PQpkHs
d
IDHQ
IDIDID
ID
)'(
1
)(
1
1
![Page 21: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/21.jpg)
112/04/21 21
FHH scheme (5/9)
• Set-Secret-Value:• r Z∈ *
q (secret value)
• Set-Private-Key:• (dID, r) (private key)
• Set-Public-Key:• pkID = r(Ppub+QIDP) = rT, pk’ID = rP
![Page 22: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/22.jpg)
112/04/21 22
FHH scheme (6/9)
• CL-Sign:– m (0, 1)∈ *
• Sets h=H2(m, pkID)
• Computes
PQpkHshr
dhr
SIDID
ID ))'()((
11
1
![Page 23: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/23.jpg)
112/04/21 23
FHH scheme (7/9)
• CL-Verify:– Computes h = H2(m, pkID)
–
gPpkHThpkpkHpkSe
SpkIDmparamsVer
IDIDIDID
)))'((')'(,(
1),,,,(
11
![Page 24: Cryptanalysis on Du-Wen Certificateless Short Signature Scheme](https://reader036.vdocument.in/reader036/viewer/2022062409/5681462a550346895db3379b/html5/thumbnails/24.jpg)
Outline.
• Review of Hu et al.’s paper
• Review of Du and Wen’s CLS scheme
• Fan et al.’s improved CLS scheme
• Conclusion