Information Technology Reference
In-Depth Information
Before generating the private key of each signer,
T
generates its private key
and the shared public key as follows:
1.
T
determines its private key by generating four random integer numbers
a
0
,b
0
,c
0
,d
0
∈
Z
r
.
2.
T
obtains the common public key by computing
α
a
0
·
β
b
0
α
a
0
+
s·b
0
≡
α
h
,
P
≡
(mod
n
)
≡
Q ≡ α
c
0
β
d
0
α
c
0
+
s·d
0
α
k
.
·
(mod
n
)
≡
≡
where
h
≡
(
a
0
+
s
·
b
0
)(mod
r
)and
k
≡
(
c
0
+
s
·
d
0
)(mod
r
).
For avoiding
can impersonate any signer of
G
, an interactive session between
each user
U
i
and
T
T
is developed to compute
U
i
's private key,
i
=1
,...,t
:
1.
U
i
generates two secret integers
b
i
,d
i
∈
Z
r
at random and sends the values
of
α
b
i
,α
d
i
to
in a secure way, in order to protect both secret integers.
Note that
T
can determine
A
i
and
C
i
since it knows
h, k, α
b
i
,and
α
d
i
, but
it cannot compute
a
i
,c
i
because it cannot solve the SDLP. In short, each
party gets access to only 2 out of the 4 key parameters.
T
2.
T
computes
α
h
·
(
α
b
i
)
−s
α
a
i
,
A
i
≡
(mod
n
)
≡
α
k
·
(
α
d
i
)
−s
α
c
i
.
C
i
≡
(mod
n
)
≡
sends to
U
i
the values of
A
i
,C
i
by using a secure channel.
3. The private key of
U
i
is the set (
b
i
,d
i
,A
i
,C
i
). Remark that for
U
i
it is also
impossible to compute the values of
a
i
and
c
i
.
Then
T
2.2 Key Verification
To verify the correctness of
T
's key, each signer,
U
i
∈
G
,
i
=1
,...,t
,testsif
α
r
≡
α
≡
1(mod
n
)
,
1(mod
n
)
.
Moreover, each signer must verify that his private key corresponds to the public
key (
P, Q
) by checking the correctness of the following expressions:
β
b
i
β
d
i
P
≡
A
i
·
(mod
n
)
,
Q
≡
C
i
·
(mod
n
)
.
In fact, we have:
β
b
i
α
a
i
β
b
i
≡
α
a
i
+
s·b
i
≡
α
h
≡
A
i
·
(mod
n
)
≡
·
P,
β
d
i
α
c
i
β
d
i
≡
α
c
i
+
s·d
i
≡
α
k
≡
C
i
·
(mod
n
)
≡
·
Q.
Search WWH ::
Custom Search