Cryptography Reference
In-Depth Information
Sign
: Given a secret key
x
and a message
m
M
, compute the signature:
æ
ö
÷
1
()
ç
=
ç
÷
S
P
(4.34)
÷
ç
÷
ç
+
è
Hm
x
ø
1
Verify
: Given a public key
P
pub
and a message
m
, the verification of the signature
is done as shown below:
+=
eH mP
(()
P
,
S
) (,
ePP
)
(4.35)
pub
4.3.4.6 ID-Based Blind Signature Scheme (Schnorr Type)
This signature scheme is as follows (Zhang and Kim 2002).
Set-up
: Let
H
1
: {0,1}
G
1
be a map-to-point hash function. Consider another
hash function
*
Z
. Choose
Î
q
´
H
:{0,1}
G
s
Z
and set
P
pub
=
sP
. The mas-
1
2
q
ter key is
s
and the global public key is
P
pub
.
Extract
: Given the signer's public identity,
ID
{0,1}*, compute the public key
Q
ID
=
H
1
(ID) and the private key
S
ID
=
sQ
ID
.
Blind Signature Issuing Protocol
: Given a signer's private key
S
ID
and a message
m
{0,1}*.
Initialization
: The signer randomly chooses a number
r
Z
q
, computes
R = rP
,
and sends
R
to the user as a commitment.
*
Î
as blinding factors and computes
Blinding
: The user randomly chooses
ab
,
q
c
=
H
(
m, e
(
bQ
ID
+
R
+
aP
,
P
pub
))
=
+ +
cHmebQ
(,(
R PP
.
,
)
ID
pub
Signing
: The signer sends back
S
, where
S
=
cS
ID
+
rP
pub
.
Unblinding
: The user computes
¢
=+
pub
SS P
and
¢
=-
c
c
b
and outputs
mS c
. Then
¢¢
¢¢
(, , )
(,)
Sc
is the blind signature of the message
m
.
¢
¢
)
c
-
¢
=
1
(,( , )(
Verification
: Accept if and only if
c
Hme SPe QP
,
.
ID
pub
4.3.4.7 ID-Based Ring Signature
For the Zhang and Kim ID-based ring signature, the protocol is as follows (Zhang and
Kim 2002).
Set-up
: Let
H
1
:{0,1}*
G
1
b e a m a p - t o - p o i n t h a s h f u n c t i o n a n d
*
H
:{0,1}*
q
*
q
Î
and set
P
pub
=
sP
. The master key is
s
be another hash function. Choose
s
and the global public key is
P
pub
.
Search WWH ::
Custom Search