Information Technology Reference
In-Depth Information
generates four random numbers
a
0
,b
0
,c
0
,d
0
∈
Z
r
To do this,
T
as its private
key and determines the shared public key for
G
by computing
P
=
α
a
0
·
β
b
0
(mod
n
)
(2)
Q
=
β
c
0
·
α
d
0
(mod
n
)
From (2), we have
P
α
a
0
(
α
s
)
b
0
α
a
0
+
s·b
0
≡
(mod
n
)
≡
(mod
n
)
,
(
α
s
)
c
0
α
d
0
α
s·c
0
+
d
0
Q
≡
(mod
n
)
≡
(mod
n
)
.
Hence,
P, Q
∈
S
r
, that is, there exist integers
h, k
∈
Z
r
such that
h
=(
a
0
+
s
·
b
0
)(mod
r
)
(3)
k
=(
s
·
c
0
+
d
0
)(mod
r
)
In order to guarantee that
cannot impersonate any user of
G
,aninteractive
session between each user
U
i
and
T
T
is necessary to determine the private key of
U
i
,1
≤
i
≤
t
. Hence, the following interactive protocol is developed:
1.
U
i
generates two secret integers
b
i
,d
i
∈
Z
r
at random and sends to
T
the
values of
α
b
i
,α
d
i
, in a secure way for protecting both secret integers.
2.
T
computes
A
i
=
α
h
(
α
b
i
)
−s
(mod
n
)=
α
a
i
,
·
C
i
=
α
k
(
α
d
i
)
−
1
(mod
n
)=
β
c
i
.
·
can compute
A
i
,C
i
since it knows
h, k, α
b
i
,and
α
d
i
, but it
From (3),
T
cannot compute
a
i
,c
i
T
because it cannot solve the SDLP. Then
sends to
U
i
the values of
A
i
,C
i
by using a secure channel.
3. The private key of
U
i
is the set (
b
i
,d
i
,A
i
,C
i
). Note that for
U
i
is also im-
possible to compute the values of
a
i
,c
i
.
Remark.
Note that
knows two values of the
U
i
's private,
A
i
,C
i
, but it is
impossible for it to know the rest of that key. Moreover, for both
U
i
and
T
it is
impossible to compute the values
a
i
,c
i
because they are protected by the SDLP.
Key verification.
For verifying the pre-key of
T
T
, each members of the signer
group,
U
i
,1
≤
i
≤
t
, must check
α
≡
1(mod
n
)
,
α
r
≡
1(mod
n
)
.
t
, must verify that his private key corre-
sponds to the shared public key, i.e., must check if it holds:
P
Moreover, each signer,
U
i
,1
≤
i
≤
β
b
i
≡
A
i
·
(mod
n
)
,
(4)
α
d
i
Q
≡
C
i
·
(mod
n
)
.
(5)
In fact:
β
b
i
α
a
i
β
b
i
=
α
a
i
+
s·b
i
=
α
h
=
P,
A
i
·
(mod
n
)
≡
·
α
d
i
β
c
i
α
d
i
=
α
s·c
i
+
d
i
=
α
k
=
Q.
C
i
·
(mod
n
)
≡
·
Search WWH ::
Custom Search