Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature

Jing Xu, Zhenfeng Zhang, and Dengguo Feng

Form eprint

Presented by 魏聲尊

Outline

• Introduction

• Definition

• (t,n) threshold proxy Signature Scheme

• Conclusion

Introduction

• Proxy signature allow original signature to delegate his singing capability to another user

• ID Base :public key can derive via a public algorithm

Introduction

• (t,n) threshold proxy signature scheme:

• Applications: e-cash, mobile agent, mobile communication etc.

Original user

Proxy group of n member

>=t

Definition

• Security Requirement of ID-Base Threshold Proxy Signature– Distinguishability– Secrecy– Proxy Protected– Unforgeability– Nonrepudiation

• The bilinear pairing: G be a cyclic additive group generated by P, order = q

(prime), V be a multiplicative group of same order.Let be a pairing which satisfies the following condition:

1.Bilinearity: ,That is , . 2.Non-degeneracy: ,such that 3.Computability: ,there is an efficient algorith

m to compute

Definition

RQeRPeRQPe ,ˆ,ˆ,ˆ GRQP ,,

RQeQPeRQPe ,ˆ,ˆ,ˆ

GQP , 1,ˆ QPe

GQP ,

VGGe :ˆ

QPe ,ˆ

• Param-generation

• Key-generation

• Secret-share-generation

• Proxy-share-generation

• Proxy-signature-generation

• Proxy-signature-verification

Proposed (t,n) threshold proxy Signature Scheme


• Param-generation– Pick a random master key and set – Choose hash functions– original signer be the proxy group of n proxy signer

• Key-generation:– Compute and associated private key

for original signer and proxy signers

sPPsub GHH *

21 1,0:,

0P nPPPPS ,,, 21

GIDHQ iIDi 1

GsQdii IDID

*qZs


• Secret-share-generation– Each randomly chooses a (t-1)-degree

polynomial

with random coefficients and publish – sends to , can validate it by checking

the equality

– compute his secret share and publish

PSPi

0

1

1i

t

t

lili axaxf

*qil Za PaA ilil

iP jfi jP jP

ik

t

k

ki AjPjf

1

0

iP

n

k ki ifr1

PrU ii


• Proxy-share-generation: Let be the warrant.

in PS gets their own proxy singing key share as follow:

– 1. first randomly choose and computes

Let .Then he compute

The signature on is . Finally, sends and

to each – 2. verify the signature by

if is accept , compute as his own proxy secret

m

iP

0P*qZr PrU

UmIDHH ,,02 HrdV 0

m VU ,0P m

PSPi VU ,

iP HUeQPeVPe pub ,ˆ),(ˆ,ˆ 0 iP Vn

ds ii

1


• Proxy-share-generation:– 3. randomly chooses a (t-1)-degree polynomial

with random coefficients and publishes can be got by each proxy signer as

Furthermore, sends to

– 4. can validate it by . compute his proxy

singing key share and publish

iP

i

t

t

lili sxbxg

1

1

Gbil ilil bPeB ,ˆ0iB

H

nUeQ

nPeIDHPesPe subisubi

1,ˆ

1,ˆ,ˆ,ˆ 0

iP jgi jP

iP

1

0

,ˆt

k

ijkj

k

BigPeiP

n

k ki igskp1

iskpPe ,ˆ


• Proxy-signature-generation: Let be the actual proxy signature 1. Lagrange interpolation formula to compute ,Let

2. Each compute his own proxy signature share by compute and 3.designated clerk validate by

if it accept, computes The proxy signature of m is Proxy-signature-verification verify proxy signature by

tPPPD ,, 21i

t

i iUU

1

iPHrskpV iii iii VU ,

i HUeskpPeVPe iii ,ˆ,ˆ,ˆ i

t

i iVV

1

tj

iji ij

j,,2,1 UmHH ,2

VUmUm ,,,,

VUmUm ,,,,

HUeHUeQPeVPen

iisub ,ˆ,ˆ,ˆ,ˆ

0


VU , VUmUm ,,,,

>=t

HUeHUeQPeVPen

iisub ,ˆ,ˆ,ˆ,ˆ

0

Original signer

n proxy signer

Designer clerk

Conclusion

• Security– Distinguishability: warrant and the public keys of the origina

l signer and the proxy signer must in occur in the verification equation of threshold proxy scheme

– Secrecy: because of the ID-Base signature scheme, any party private key

must be kept secret. – Proxy Protected: the original signer does know private key– Unforgeability: without the private key , no one can forge th

e proxy– singer to create and pass the verificatio

n – Nonrepudiation: the valid proxy signature contain the warrant

The first ID-Base threshold proxy signature scheme

m

idiP

idiP i

m

id

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Documents