Information Technology Reference
In-Depth Information
are dealing with 3 parameters; thus, the approximate number of operations is
almost 15 flops per message. Also, there is one hash computation of the message.
The modular exponentiation would not be expensive if we relax the security
condition and set short key sizes.
The performance also has to do with the size of the message
m
and the key
to compute the value
c
. We already assumed short keys without losing security
robustness. So the signing and verification process should be fast.
The overall signature size is of 160 bits according to SHA-1 message digest
and 160 bits for the value
σ
.
4.4 Security Analysis
The scheme provides all-in-one security services. It provides privacy, authenti-
cation, integrity and non-repudiation. Yet, under certain conditions shown, it is
ecient compared to the services and to other schemes. For eciency purposes,
we relax the security condition and use short keys, and the security objectives
are still pertained.
The system is mainly a combination of primitive cryptographic components,
and the security of the overall signcryption scheme depends on the security of
the underlining components, namely the
1. public-key cryptosystem,
2. intractable hashing function
H
,
3. threshold Shamir secret sharing,
For each item above, consider the following:
1. The choice of selecting a specific public-key cryptosystem was not declared in
so far as the selected cryptosystem is secure. This property gives the system
more design flexibility. RSA and ElGamal-type cryptosystems are examples
of such cryptographic algorithms. However, for the sake of eciency, and
also considering the security, we may relax some security properties of the
underlining structures. In particular, we relax the security properties of the
asymmetric key system and choose a very short key for the purpose of pro-
viding non-repudiation service. This is valid because the underlining scheme
from which the signature is derived are secure. The public-key cryptosystem
is also used to encrypt the message message
m
to
c
.
2. The security of the one-way function. We strongly emphasize the selection of
a collision-resistant one-way hash function
H
which takes an arbitrary size
}
. SHA-1 is proven
to be a secure message digest algorithm. It generates 160 bits of message
digest, which makes it secure enough against well-known attacks.
3. The security of Shamir secret sharing. The security of Shamir secret sharing
is discussed in [12]. There, the assumptions and requirements for security
of the system are listed. The main concern of the security is related to the
perfectness of secret sharing method. In general, the system is perfect when
string and generates a string of size
l
:
H
:
{
0
,
1
}
∗
→{
0
,
1
