Cryptography Reference
In-Depth Information
S
y
is
y
's secret and
S
is the secret point of
y
's and
z
's common ancestor.
y
l
Qs
=
P
, where
s
is the secret chosen by
y
's ancestor at level
i
.
y
y
0
y
i
i
Decrypt
: Let
=
UV
be the cipher text. User
z
decrypts
C
as
CUU
,
,...,
,
0
l
+
1
n
shown below:
æ
ö
÷
ç
÷
ç
÷
ç
÷
ç
÷
ç
eU S
(,
)
÷
ç
÷
VH
Å
0
z
=
M
(4.20)
ç
÷
2
ç
÷
n
÷
ç
÷
ç
eQ
(
,
U
)
÷
ç
÷
zi
( )
-
i
ç
÷
ç
è
ø
=+
il
1
4.3.4 Identity-Based Authentication Schemes
Digital signatures are one of the building blocks of cryptography that provide authenti-
cation, integrity, and nonrepudiation. The signer signs a message using his private key
and a verifier verifies the signature using the signer's public key for the corresponding
private key. In a traditional PKI-based architecture, the digital certificate binds the
public key with its identity. However, Shamir's proposal eliminates the use of digi-
tal certificates by using the identity itself as a public key. Hence, ID-based signature
schemes provide a simple architecture for verifying digital signatures.
4.3.4.1 BLS Short Signature Scheme
The BLS signature scheme (Boneh et al. 2004) makes use of a hash function
H
1
and an
asymmetric pairing
´
1
eG G
G
. Let
Î
1
GP
and
Î
2
GP
.
1
2
1
2
Key-Gen
: Computes
P
pub
=
xP
2
, where
x
Z
p
is the private key. Let (
P
2
,
P
pub
)
PP
.
Signing
: Given a message
m
M
, the signature
is calculated as
=
xH
1
(
m
)
G
1
(4.21)
In this case, the signature is a single element in
G
1
.
Verify
: Given a signature
and
Q
=
H
1
(
m
), we verify the message
m
M
if the
following condition holds:
eP eQP
(, )
σ
=
( ,
)
(4.22)
2
pub
If the above condition holds, the signature is valid; otherwise it is invalid.
Search WWH ::
Custom Search