Cryptography Reference
In-Depth Information
Signing : Let m M and v 1 ,…, v n G 1 be the public keys. Let k be the private
key corresponding to the public key v s for some 1 ≤ s n . Let Î q
xZ such that
" xs . The sender will compute
1/
k
æ
ö ÷
ç
÷
ç
÷
ç
h
÷
ç
÷
σ
= ç
(4.27)
÷
ç
÷ ÷
s
ç
a
i
ψ ¹
(
v
i
÷
ç
÷
ç
ç è
÷
ø
is
x
where h = H 3 ( m ) and
σ
= 2
g
i
s . Let
; the output of the ring signature is
i
n
σσσ
=
Î
(
,...,
)
G
1
n
2
n
σσσ
=
Î
(
,...,
)
G
(4.28)
1
n
2
Verification : Given the message m M , public keys v 1 ,…, v n G 1 , and the ring
signature , we compute h = H 3 ( m ) and verify as shown below:
n
=
σ
eg h
(,)
ev
(, )
(4.29)
1
i
i
i
=
1
4.3.4.4 Noninteractive Deniable Ring Authentication
The notation of noninteractive deniable ring authentication allows a signer to sign a
message m on behalf of an ad-hoc collection of participants, and to convince a desig-
nated verifier V that this message is correct (Susilo and Mu 2003). Moreover, it is
required that the designated verifier V cannot convince any other third party that the
message m was indeed authenticated. For this purpose, chameleon hash functions are
used. A chameleon hash function is associated with a pair of public and private keys and
has the following properties.
1. Anyone who knows the public key can compute the associated hash function.
2. For people who do not have knowledge of the trapdoor (the secret key), the hash
function is collision-resistant, i.e., it is infeasible to find two inputs which are
mapped to the same output.
3. The trapdoor information holder can easily find collisions for every given input.
The following is an example of a chameleon hash based on the hardness of the dis-
crete log problem.
Î q
xZ is the private key of user V .
y = g x is the public key of user V .
Search WWH ::




Custom Search