Coded Modulation and the Arrival of Signcryption Yuliang Zheng University of North Carolina at Charlotte [email protected]Enhancing Crypto-Primitives with Techniques from Coding Theory NATO Advanced Research Workshop 6-9 Oct. 2008, Veliko Tarnovo, Bulgaria
Enhancing Crypto-Primitives with Techniques from Coding Theory NATO Advanced Research Workshop 6-9 Oct. 2008, Veliko Tarnovo, Bulgaria. Coded Modulation and the Arrival of Signcryption. Yuliang Zheng University of North Carolina at Charlotte [email protected]. Outline. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Coded Modulation and the Arrival of Signcryption
Yuliang ZhengUniversity of North Carolina at Charlotte
x mod p r = H(m, ya, yb, T) s = x/(r+xa) mod q k=G(T) c=Ek(m) Output (c, r, s)
Unsigncryption by Bob Compute
k=G(T) m=Dk(c) Check if
r = H(m, ya, yb, T) Output m if yes, and
Reject otherwise
pgyT bxsra mod)(
m (c, r, s) (c, r, s) m
Cost of Signcryption (based on Discrete Logarithm)
25
mencrypted usinga private key cipher with k
communication overhead
sig
EXP=1+1.17
Why 1.17 exponentiations?
26
pgy
pgy
pgy
qurv
qxsu
vua
xsrxsa
xsra
b
bb
b
mod)(
mod)(
mod)(
,Then
,mod
,mod
Let
This can be done in a smart way,costing only 1.17 exponentiationson average !D. Knuth,Seminumerical Algorithms,Vol. 2 of The Art of Computer Programming,2nd edition, Addison-Wesley,Exercise 27, Pages 465 & 637.
DL Signcryption v.s. sign-then-encrypt
27
0
1000
2000
3000
4000
5000
6000
7000
8000
1024 2048 4096 8190
RSA sign-encSchnorr + ELGamalDL Signcryption
|p|=|n|
# of multiplications (the smaller the better)
DL Signcryption v.s. sign-then-encrypt
28
0
5000
10000
15000
20000
25000
1024 2048 4096 8190
RSA sign-encSchnorr + ElGamalDL Signcryption
comm. Overhead ((# of bits, the smaller the better)
The end result
29
С един куршум - два заека(With one bullet - two rabbits)
Other developments
Extensions: pairing, factorization, …… Add “bells and whistles”
Multi-recipients, proxy, blind, threshold, ring, ID based, ……
Authenticated encryption (Authencryption) Co-design of shared key authentication and
encryption
30
Public or Private key
Authenticity Non-repudiation
Internationalstandards
Signcryption Public key Yes Yes On the way
Authencryption Private key Yes No On the way
Beyond coded modulationand signcryption ?
There is no crypto equivalent of “Shannon’s capacity limit” Good ? Or Bad ?