Cryptography Reference
In-Depth Information
4.3.4.2 ID-Based Blind Signature Scheme
Set-up
: Let
G
1
,
G
2
be two groups of order
q
, where
G
1
is an additive group and
G
2
is a multiplicative group. Let
e
be the bilinear map that exists between
G
1
and
G
2
such that e:
G
1
×
G
2
G
2
. Let
H
1
be the cryptographic hash function.
Key-Gen
: The signer picks
Î
q
xZ
such that
P
0
=
xP
, where
P
G
1
.
Signature
:
(
Blinding process
): Let
m
M
and the user picks
Î
q
rZ
and computes
¢
=
MrHm
1
()
(4.23)
¢
(
Signing process
): The signer simply signs the message
M
as shown below:
σ
¢
=
xM
¢
(4.24)
(
Unblinding process
): The user then computes the signature
-
¢
σσ
=
1
r
(4.25)
and sends (
m
,
).
Verification
: Given the public parameter
P
0
and the message
m
, the verification
process is done as shown below:
=
σ
eP H m
(, ( )
eP
(,)
(4.26)
01
0
4.3.4.3 Bilinear Ring Signature
The bilinear ring signature is structured as follows (Boneh et al. 2003).
Set-up
: This signature scheme assumes a bilinear map and the Co-GDH set-up.
Let
G
1
,
G
2
, and
G
T
be multiplicative groups of order
q
such that
e
:
G
1
×
G
2
G
T
and having a computable isomorphism
ψ
*
:
GG
. Let
H
:{0,1}
G
.
1
2
3
2
Let there be
n
users belonging to a set
U
and each user has a unique public/
private key pair. A ring signature is constructed using the public keys of all the
n
users. However, the verifier can only conclude that any one of the
n
users' private
key was used in generating the digital signature. Hence, this property of the ring
signature is known as
signer ambiguity.
Key-Gen
: Let
Î
q
kZ
be the secret and
=
1
k
vg
be the public parameter, where
=
. Then let
=
2
=
ψ
Gg
Gg
and
g
()
g
.
1
1
2
2
Search WWH ::
Custom Search