Multiuse Unidirectional ForwardSecure Proxy Resignature Scheme - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Multiuse Unidirectional ForwardSecure Proxy Resignature Scheme

Description:

Blaze et al.s construction is bidirectional and multi-use. ... PK. SKj-1. SKj. SKj. M. Vrfy j,sig Accept. Reject. 11. Forward-Secure Proxy Re-signature ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 25
Provided by: jka979
Category:

less

Transcript and Presenter's Notes

Title: Multiuse Unidirectional ForwardSecure Proxy Resignature Scheme


1
Multi-use Unidirectional Forward-Secure Proxy
Re-signature Scheme
Workshop on Collaborative Security Technologies
(CoSec 2009)
  • N.R.Sunitha
  • Asst. Professor
  • Department of Computer Science Engg.
  • Siddaganga Institute of Technology, Tumkur,
    Karnataka

2
Overview
  • Abstract
  • Proxy Re-signature Scheme
  • Properties that can be expected from proxy
    re-signature schemes.
  • Forward-Secure signatures
  • Forward-Secure Proxy Re-signature Scheme
  • Multi-use Bi-directional Proxy Re-Signature
    Scheme
  • Multi-use Unidirectional Proxy Resignature Scheme
  • Applications in e-banking
  • Conclusion

3
Abstract
  • Blaze et al.s construction is bidirectional and
    multi-use.
  • In 2005 Ateniese and Hohenberger proposed two
    constructions based on bilinear maps.
  • They left as open challenges the design of
    multi-use unidirectional systems.
  • Benoit Libert and Damien Vergnaud have given one
    solution based on bilinear groups.
  • We propose another solution for multi-use
    unidirectional proxy re-signature scheme using
    the property of forward security.
  • With a minor change in resigning key, we can make
    the scheme to behave as a multi-use bidirectional
    scheme.

4
Proxy Re-signature Scheme
  • Here, a semi-trusted proxy acts as a translator
    between Alice and Bob to translate a signature
    from Alice into a signature from Bob on the same
    message.
  • The proxy, however, does not learn any signing
    key and cannot sign arbitrary messages on behalf
    of either Alice or Bob.

5
Properties thatcan be expected from Proxy
re-signature schemes
  • Unidirectional re-signature keys can only be
    used for delegation in one direction.
  • Multi-use a message can be re-signed a
    polynomial number of times.
  • Private Proxy re-signature keys can be kept
    secret by an honest proxy.
  • Transparent a user may not even know that a
    proxy exists.
  • Unlinkable a re-signature cannot be linked to
    the one from which it was generated.
  • Key optimal a user is only required to store a
    constant amount of secret data.
  • Non-interactive the delegatee does not act in
    the delegation process.
  • Non-transitive the proxy cannot re-delegate
    signing rights.
  • Temporary revoke the rights given to proxy.

6
Digital Signatures
  • Suppose I have a secret key, corresponding to
    some public key which I have been using for a
    long time and at some time an attacker breaks
    into my computer and learns the secret key.
  • It is clear that
  • Attacker will be able to forge all messages sent
    by me.
  • If the attacker recorded previously the
    signatures of messages sent by me, he will be
    able to forge even those signatures.
  • Thus Digital Signatures are vulnerable to
    leakage of secret key.

7
Solutions
  • We can change both public key secret key
  • This prevents future forgery of signatures.
  • This will not protect previously signed messages.
  • Previously signed messages will have to re-signed
    with new pair of keys which is not feasible
    !!!!!!!!!!.
  • Also changing keys frequently is not a feasible
    solution.

FORWARD SECURITY ADDRESSES THIS PROBLEM.
8
Forward Security
  • Time is divided into N periods
  • In any time period i secret key stored is
    dynamically updated using the secret key of
    previous time period (i-1) (SKi Upd(SKi-1)).
  • Public key remains fixed.
  • If the Upd function is one-way, exposure of SKi
    does not reveal SKi-1 (!)

SK0
SK1
SKi-1
SKi
SKN

SKi1


9
Forward Security
  • Forward-secure systems guarantee that exposure of
    secret key, Ski ,in any time period i does not
    affect security of the system for any time
    period t lt i
  • Thus the attacker will only be able to forge
    signatures sent after the secret key is exposed
    even if the sender of the message does not know
    when or whether the secret key is exposed or not.

10
Forward-Secure Signatures
Gen
Signer
SKj-1
Vrfy
Upd
Sign
11
Forward-Secure Proxy Re-signatureScheme
  • As digital signatures, proxy re-signatures are
    also vulnerable to leakage of re-signing key.
  • If the re-signing key is compromised, any one can
    become a proxy.
  • To prevent future forgery of re-signatures, both
    the delegator as well as the delegatee must
    change their public key and secret key pair and a
    new re-signing key computed. But this will not
    protect previously signed messages such messages
    will have to be re-signed with new pair of public
    key and secret key which is not feasible.
  • To address this problem, we use the concept of
    forward security for proxy re-signatures.

12
Multi-use Bi-directional Proxy Re-Signature Scheme
Key Generation Algorithm
13
Key Evolution
14
  • Rekey Generation

15
  • Signature Generation

16
  • Re-Sign We verify the signature before we

17
  • Signature Verification

18
Multi-use Unidirectional Proxy Resignature Scheme
  • The key generation, key evolution and
    signature generation algorithms are same as the
    ones used in Forward-Secure Multiuse
    Uni-directional Proxy Re-Signature Scheme.

19
Re-Signature Key Generation (ReKey) On in-
20
Re-Sign Algorithm
21
  • Signature Verification
  • As for verification, a signature ltj, (Y,Z)gt
    for the message M in time period j is accepted if

22
Applications in e-banking
  • Loan Sanctioning process
  • Frequently changing public keys
  • Accounts to be operated by a nominee
  • Transferrable e-cheques

23
Conclusion
  • We have proposed a solution for one of the open
    challenges for the design of multi-use
    unidirectional proxy re-signature systems.
  • We have come up with a forward-secure proxy
    resignature scheme.
  • Our scheme is a multi-use unidirectional scheme
    where the proxy is able to translate in only one
    direction and signatures can be re-translated
    several times.
  • With a minor change in resigning key, we can make
    the scheme to behave as a multi-use bidirectional
    scheme.
  • In view of the banking applications we have
    attempted to satisfy the following properties in
    our re-signature scheme private proxy,
    transparent, unlinkable, key optimal,
    interactive(as banking applications need),
    non-transitive and temporary.

24
Thank You
Write a Comment
User Comments (0)
About PowerShow.com