Cryptography Reference
In-Depth Information
Extract
: Given public identity
ID
{0,1}*, compute the public key
Q
ID
=
H
1
(ID)
and the secret
S
ID
=
sQ
ID
.
Let
ID
i
be a user's identity and
S
ID
i
be the private key associated with
ID
i
for
i
= 1,…,
n
. Let
L
= {
ID
i
: 1 ≤
i
≤
n
} be the set of identities. The real signer's
identity
ID
k
is listed in
L
.
Signing
: Given signer's private key
S
ID
k
and a message
m
M
Initializatio
n: Choose randomly an element
A
G
1
and compute
c
k
+1
=
H
(
L
||
m
||
e
(
A, P
)).
Forward ring sequence generation
: For
i
=
k
+ 1,…,
n
- 1, 0, 1,…,
k
- 1, choose
randomly
T
i
G
1
and compute
c
i
+1
=
H
(
L
||
m
||
e
(
T
i
,
P
)
e
(
c
i
H
1
(
ID
i
),
P
pub
)
Forming the ring
: Compute
=-
k
TAc S
.
k
k
ID
Output the ring signature
: The resulting signature for
m
and
L
is the (
n
+ 1)-
tuple (
c
0
,
T
0
,
T
1
,…,
T
n
-1
) : (
cTT
,
,
,...,
T
).
001
n
-
1
Verification
: Given (
c
0
,
T
0
,
T
1
,…,
T
n
-1
,
m
, and
L
, compute
c
i
+1
=
H
(
L
||
m
||
e
(
T
i
,
P
)
e
(
c
i
H
1
(
ID
i
),
P
pub
) for
i
= 0, 1,…,
n
− 1. Accept if
c
n
=
c
0
and reject otherwise.
4.3.4.8 Hess's Signature from Pairing
Hess's signature from pairing is done as follows (Hess 2003).
Set-up
: Choose
Î
q
s Z
and set
P
pub
=
sP
. The master key is
s
and the global
public key is
P
pub
. Let
H
1
:{0,1}*
G
1
be a map-to-point hash function and
*
´
be another hash function.
H
:{0,1}*
G
Z
2
q
Extract
: Given a public identity
ID
{0,1}*, compute the public identity
Q
ID
=
H
1
(
ID
) and the secret key
S
ID
=
sQ
ID
.
Sign
: Given a secret key
S
ID
and a message
m
{0,1}*, the signer chooses an arbi-
trary
P
1
G
1
, random
Î
q
kZ
, and computes
(,
k
=
rePP
(4.36)
=
(,)
vHmr
(4.37)
=+
1
u S
P
(4.38)
ID
The signature is then the pair
δ
*
(,)
uv
G
Z
.
q
Verify
: Given a public key
Q
ID
, a message
m
, and a signature (
u, v
), the verifier
computes
Search WWH ::
Custom Search