Cryptography Reference
In-Depth Information
To check publicly whether the share of a player is acceptable, each player chooses
a random
R
G
1
and computes
w
1
=
e
(
P
,
R
),
w
2
=
e
(
U
,
R
) and
=
hHeUd ePQ ww
(( ,
),(
,
),
,
)
(4.57)
ID
pub
ID
12
i
=+ Î
and joins the tuple (
w
1
,
w
2
,
h
,
V
) to
its share. The other players can check that
Then player
i
computes
VR d
G
ID
1
i
()
i
h
=
ePV
(, )
ePReP
(, )(
,
Q
)
(4.58)
pub
ID
h
=
eU V
(,)
eU R eU d
(,)(,
)
(4.59)
ID
i
If this test fails, player
i
is a dishonest player.
4.3.7.2 ID-Based (
t
,
n
) Threshold Decryption
The ID-based (
t
,
n
) threshold decryption of Baek and Zheng (2004) works as follows.
where
P
pub
=
sP
and
Î
q
Key-Gen
:
=
12
PP
(, ,,,, , , , ,
GG qePH H H H P
,
xZ
1 2 3 4
pub
is the master key of PKG.
Extract
: Given an identity
ID
, compute
Q
ID
=
H
3
(
ID
),
D
ID
=
xQ
ID
and return
D
ID
.
Private Key Distribution
: Given a private key
D
ID
,
n
decryption shares and a
threshold parameter,
t
≤
n
, pick randomly
-
Î
*
RR
,
,...,
R
G
and compute
12
t
1
1
2
Fu
()
=++++
D
uR
uR
u R
(4.60)
ID
1
2
t
--
1
t
1
y e SP
, 1 ≤
i
≤
n
, and send
(
S
i
,
y
i
) secretly to server
T
i
, 1 ≤
i
≤
n
.
T
i
then keeps
S
i
secret while it publishes
y
i
.
for
ÎÈ
u
{0}
N
. Compute
S
i
=
F
(
i
),
y
i
=
e
(
S
i
,
P
)
=
(,)
i
i
Encrypt
: Given a plain text
m
{0, 1}
l
, identity
ID
,
1. Choose
Î
q
rZ
at random and set
U
=
rP
.
2. Compute
Q
ID
=
H
3
(
ID
),
d
=
e
(
Q
ID
,
P
pub
), and
k
=
d
r
.
3. Compute
=Å
VHkm
,
W
=
rH
2
(
U
,
V
),
=
1
()
WrHUV
.
2
(,)
4. Set the cipher text to be
C
= (
U
,
V
,
W
).
Decrypt Share Generation
: Given a cipher text
C
= (
U
,
V
,
W
), decryption server
T
i
, with secret key
S
i
, compute
H
2
=
H
2
(
U
,
V
) and check if
e
(
P
,
W
) =
e
(
U
,
H
2
). If
the test holds, then compute
ke SUke QUye QP
=
(
,
),
=
(
,
),
=
(
,
),
λ
=
Hkky
(
,
,
) and
LQ S
(4.61)
= +
λ
i
i
i
i
i
i
i
4
i
i
i
i
i
i
Search WWH ::
Custom Search