Information Technology Reference
In-Depth Information
input :
pseudonym
P
,privateexponent
d
output:
UID ||
OK
/
NOK
(1)
retrieve
EID
and
n
form
P
(2)
compute
UID
=D
d
(
EID
)
// retrieve the UID
(3)
return
UID
||
OK
Fig. 5.
Disclosure of a Unique Pseudonym (1)
1. When disclosing his pseudonym, the user sends a modified value of his private
exponent
d
such that
UID
=D
d
(
EID
)and
UID
=
UID
.
2. Another User (with identifier
UID
) who knows the identifier of a specific
user (
UID
) generates a pseudonym
P
=E
e
(
UID
||
Data
||
PAD
)
||
e
||
n
in order
to impersonate the user with
UID
.
5.1
Disclosure of a False Identity
If somebody reveals a private key
d
(and the primes
p
and
q
building the modulus
n
=
p
q
) to a verifier in order to disclose his pseudonym, this private key cannot
be manipulated (forged) so that the verifier retrieves an identity different from
the identity used to generate the pseudonym. This is simply given by the fact,
that exactly one value of
d
fulfills the requirement
e
·
·
d
≡
1(mod
ϕ
(
n
)), with
ϕ
(
n
)=(
p
1).
Note:
This is contrary to the variant that employs symmetric encryption,
where the key may be changed (attack based on a plaintext-ciphertext-pair) in
order to retrieve a different identity.
−
1)(
q
−
The complete procedure for disclosure of a pseudonym is given in the algo-
rithm stated in figure 6. The algorithm runs on the inputs
P
,
d
,
p
and
q
and
returns the user identifier
UID
if all checks concerning the correctness of
d
have
been passed.
input :
pseudonym
P
,privateexponent
d
, primes
p
and
q
output:
UID ||
OK
/
NOK
(1) retrieve
EID
,
e
and
n
form
P
(2)
if
(
p · q
=
n
)
then
// check the primes
(3)
return
0
||
NOK
(4)
if
(
e · d ≡
1 (mod
ϕ
(
n
)))
then
// check the public exponent
(5)
return
0
||
NOK
(6)
compute
UID
=D
d
(
EID
)
// retrieve the UID
(7)
return
UID ||
OK
Fig. 6.
Disclosure of a Unique Pseudonym (2)