A Signcryption Scheme Based on Secret Sharing Technique - Computer Network Security

Information Technology Reference

In-Depth Information

3.3 Security Analysis

Since the system is a combination of cryptographic components, the security of

the system depends on the security of the underlining components:

- Die-Hellman security is discussed in their celebrated paper [4]. In fact, the

security depends on the size of the key and the prime numbers.

- The security of the one-way function. We strongly emphasize the selection of

a collision-resistant one-way hash function H

which takes an arbitrary size

} . SHA-1 is proven

to be a secure message digest algorithm. It generates 160 bits of message

digest, which makes it secure enough against well-known attacks.

- The security of Shamir secret sharing. The security of Shamir secret sharing

is discussed in [12], were the assumptions and requirements for security of

the system are explained.

} ∗ →{

string and generates a string of size l : H :

{

0 , 1

Note that the hashed message is the result of the concatenation of the message

and the value α to assign the sender's tag on the message to prevent possible

replay attacks. Only the verifier who established the Di e-Hellman public-key

with client is able to generate the value α .

Obviously, the scheme does not provide non-repudiation service. The scheme

is a sort of tag message such as used with message authentication codes (MAC).

But for mutual authentication, it satisfies the task of mutual authentication.

3.4 Performance Analysis

The operations involved at the signing and verification phase are almost the

same:

- one cheap hash function on the message

- a number of flops (of multiplications and divisions of Lagrange interpolation

function)

- one modular exponentiation.

The overall signature size is of 160 bits according to SHA-1 hashing. Gen-

erating and extracting the secret key from the system requires a number of op-

erations including multiplications and divisions. Generally, the overall Lagrange

operations are of O ( n

2 ). Specifically, they include ( n + 1) multiplications for n

times. Also, a number of ( n + 1) of divisions are required. In our system, we

are dealing with 3 parameters; thus, the approximate number of operations is

almost 15 flops per message. Also, there is one hash computation of the message.

The modular exponentiation would not be expensive if we relax the security

condition and set short key sizes.

Search WWH ::

Custom Search

Home