An ID-based signature scheme based upon Rabin's public key cryptosystem
01 Oct 1991-pp 139-141
TL;DR: A novel identity-based signature scheme based on M.O. Rabin's (1979) algorithm is proposed, which can be used to sign a message by doing several multiplication operations and several addition operations.
Abstract: A novel identity-based signature scheme based on M.O. Rabin's (1979) algorithm is proposed. Senders can sign a message by doing several multiplication operations and several addition operations. The verifier can also easily check the authenticity of the message. From the viewpoint of computation time, the proposed scheme is more efficient than the existing schemes. >
Citations
More filters
Patent•
28 Feb 2001TL;DR: A proof data verification device sends authentication data to a proof data generation device, and if the verification is successful, the execution of program is allowed as mentioned in this paper. But the verification process is different from signature data generation.
Abstract: A burden caused by handling a large number of unique identifying information pieces such as authentication keys is to be lightened from both the user side and the protector side such as application creators. A proof data verification device sends authentication data to a proof data generation device. Signature data generation means and presignature data generation means in the proof data generation device cooperate with each other to generate proof data (a signature based on a discrete logarithm problem) from the received authentication data as well as held user unique identifying information and an access ticket, and send the proof data back to the proof data verification device. Verification means in the proof data verification device verify the signature, and if the verification is successful, the execution of program is allowed.
95 citations
TL;DR: It is revealed that the BLMQ digital signature scheme satisfies the property of existential unforgeable on adaptively chosen message and ID attack, and the efficiency of PS algorithm is lower, but it is secure under the standard model.
Abstract: Bilinear pairing, an essential tool to construct-efficient digital signatures, has applications in mobile devices and other applications. One particular research challenge is to design cross-platform security protocols (e.g. Windows, Linux, and other popular mobile operating systems) while achieving an optimal security-performance tradeoff. That is, how to choose the right digital signature algorithm, for example, on mobile devices while considering the limitations on both computation capacity and battery life. In this paper, we examine the security-performance tradeoff of four popular digital signature algorithms, namely: CC (proposed by Cha and Cheon in 2003), Hess (proposed by Hess in 2002), BLMQ (proposed by Barreto et al. in 2005), and PS (proposed by Paterson and Schuldt in 2006), on various platforms. We empirically evaluate their performance using experiments on Windows, Android, and Linux platforms, and find that BLMQ algorithm has the highest computational efficiency and communication efficiency. We also study their security properties under the random oracle model and assuming the intractability of the CDH problem, we reveal that the BLMQ digital signature scheme satisfies the property of existential unforgeable on adaptively chosen message and ID attack. The efficiency of PS algorithm is lower, but it is secure under the standard model.
2 citations
Cites background from "An ID-based signature scheme based ..."
...In 1984, Shamir [12] proposed the concept of the cryptosystem based on identity, which simplified key management [13], [14]....
[...]
TL;DR: To speed up radix-2 Montgomery modular multiplication process, a new Simplified SDA(SSDA) is designed, dedicated to multipliers based on Non-Adjacent-Form(NAF) methods, which can not only avoid the carry propagation at each addition operation of add-shift loop, but also reduce the addition rounds efficiently.
1 citations
02 Oct 1996
TL;DR: Integrated entity authentication schemes based on the identity numbers of users are proposed, which can be considered as a protection mechanism which prevents the forged entity to impersonate the legal entity or to fool other entities in a communication network.
Abstract: In this paper, integrated entity authentication schemes based on the identity numbers of users are proposed. Entity authentication can be considered as a protection mechanism which prevents the forged entity to impersonate the legal entity or to fool other entities in a communication network. Basically, enciphering methods may be applied for the purpose of authenticity. After two entities have authenticated each other mutually, by using two-way verifying procedures, the shared session key is generated. Moreover, authentication schemes from three aspects of public-key or private-key methods, public-key ID-based methods, and ID-based methods are also investigated. Offensive actions such as parallel session attacks, interleaving attacks, and middle person relay attacks, to the presented schemes are resisted. Further, computational and space complexities, transmission efficiency, and security level are also analyzed
1 citations
13 Oct 1993
TL;DR: Two attacks are given to show that the identity-based signature scheme proposed by C. C. Chang and C. H. Lin (1991) based upon Rabin's public key cryptosystem is not secure enough.
Abstract: Two attacks are given to show that the identity-based signature scheme proposed by C. C. Chang and C. H. Lin (1991) based upon Rabin's public key cryptosystem is not secure enough. One of the attacks is based on the conspiracy of two users in the system while the other can be performed by anyone alone. It is shown that, in this second attack, the scheme can be broken by anyone (not necessarily a user in the system) who has the ability to observe the communications between the signer and the receiver. >
1 citations
References
More filters
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
23 Aug 1985
TL;DR: In this article, the authors introduce a novel type of cryptographic scheme, which enables any pair of users to communicate securely and to verify each other's signatures without exchanging private or public keys, without keeping key directories, and without using the services of a third party.
Abstract: In this paper we introduce a novel type of cryptographic scheme, which enables any pair of users to communicate securely and to verify each other’s signatures without exchanging private or public keys, without keeping key directories, and without using the services of a third party. The scheme assumes the existence of trusted key generation centers, whose sole purpose is to give each user a personalized smart card when he first joins the network. The information embedded in this card enables the user to sign and encrypt the messages he sends and to decrypt and verify the messages he receives in a totally independent way, regardless of the identity of the other party. Previously issued cards do not have to be updated when new users join the network, and the various centers do not have to coordinate their activities or even to keep a user list. The centers can be closed after all the cards are issued, and the network can continue to function in a completely decentralized way for an indefinite period.
6,902 citations
01 Jan 1979
TL;DR: It is proved that for any given n, if the authors can invert the function y = E (x1) for even a small percentage of the values y then they can factor n, which seems to be the first proved result of this kind.
Abstract: We introduce a new class of public-key functions involving a number n = pq having two large prime factors. As usual, the key n is public, while p and q are the private key used by the issuer for production of signatures and function inversion. These functions can be used for all the applications involving public-key functions proposed by Diffie and Hellman, including digitalized signatures. We prove that for any given n, if we can invert the function y = E (x1) for even a small percentage of the values y then we can factor n. Thus, as long as factorization of large numbers remains practically intractable, for appropriate chosen keys not even a small percentage of signatures are forgeable. Breaking the RSA function is at most hard as factorization, but is not known to be equivalent to factorization even in the weak sense that ability to invert all function values entails ability to factor the key. Computation time for these functions, i.e. signature verification, is several hundred times faster than for the RSA scheme. Inversion time, using the private key, is comparable. The almost-everywhere intractability of signature-forgery for our functions (on the assumption that factoring is intractable) is of great practical significance and seems to be the first proved result of this kind.
1,292 citations