Cryptography Reference
In-Depth Information
Extract : Given public identity ID {0,1}*, compute the public key Q ID = H 1 (ID)
and the secret S ID = sQ ID .
Let ID i be a user's identity and S ID i be the private key associated with ID i
for i  = 1,…, n . Let L = { ID i : 1 ≤ i n } be the set of identities. The real signer's
identity ID k is listed in L .
Signing : Given signer's private key S ID k and a message m M
Initializatio n: Choose randomly an element A G 1 and compute c k +1 = H ( L || m || e
( A, P )).
Forward ring sequence generation : For i = k + 1,…, n - 1, 0, 1,…, k - 1, choose
randomly T i G 1 and compute c i +1 = H ( L || m || e ( T i , P ) e ( c i H 1 ( ID i ), P pub )
Forming the ring : Compute =- k
TAc S .
k
k
ID
Output the ring signature : The resulting signature for m and L is the ( n + 1)-
tuple ( c 0 , T 0 , T 1 ,…, T n -1 ) : (
cTT
,
,
,...,
T ).
001
n
-
1
Verification : Given ( c 0 , T 0 , T 1 ,…, T n -1 , m , and L , compute c i +1 = H ( L || m || e ( T i , P )
e ( c i H 1 ( ID i ), P pub ) for i = 0, 1,…, n − 1. Accept if c n = c 0 and reject otherwise.
4.3.4.8 Hess's Signature from Pairing
Hess's signature from pairing is done as follows (Hess 2003).
Set-up : Choose Î q
s Z and set P pub = sP . The master key is s and the global
public key is P pub . Let H 1 :{0,1}* G 1 be a map-to-point hash function and
*
´ be another hash function.
H
:{0,1}*
G
Z
2
q
Extract : Given a public identity ID {0,1}*, compute the public identity Q ID =
H 1 ( ID ) and the secret key S ID = sQ ID .
Sign : Given a secret key S ID and a message m {0,1}*, the signer chooses an arbi-
trary P 1 G 1 , random Î q
kZ , and computes
(, k
=
rePP
(4.36)
= (,)
vHmr
(4.37)
=+ 1
u S
P
(4.38)
ID
The signature is then the pair δ *
(,)
uv
G
Z .
q
Verify : Given a public key Q ID , a message m , and a signature ( u, v ), the verifier
computes
Search WWH ::




Custom Search