Cryptography Reference
In-Depth Information
To check publicly whether the share of a player is acceptable, each player chooses
a random R G 1 and computes w 1 = e ( P , R ), w 2 = e ( U , R ) and
=
hHeUd ePQ ww
(( ,
),(
,
),
,
)
(4.57)
ID
pub
ID
12
i
=+ Î and joins the tuple ( w 1 , w 2 , h , V ) to
its share. The other players can check that
Then player i computes
VR d
G
ID
1
i
()
i
h
=
ePV
(, )
ePReP
(, )(
,
Q
)
(4.58)
pub
ID
h
=
eU V
(,)
eU R eU d
(,)(,
)
(4.59)
ID
i
If this test fails, player i is a dishonest player.
4.3.7.2 ID-Based ( t , n ) Threshold Decryption
The ID-based ( t , n ) threshold decryption of Baek and Zheng (2004) works as follows.
where P pub = sP and Î q
Key-Gen : = 12
PP
(, ,,,, , , , ,
GG qePH H H H P
,
xZ
1 2 3 4
pub
is the master key of PKG.
Extract : Given an identity ID , compute Q ID = H 3 ( ID ), D ID = xQ ID and return D ID .
Private Key Distribution : Given a private key D ID , n decryption shares and a
threshold parameter, t n , pick randomly
- Î *
RR
,
,...,
R
G and compute
12
t
1
1
2
Fu
()
=++++
D
uR
uR
u R
(4.60)
ID
1
2
t
--
1
t
1
y e SP , 1 ≤ i n , and send
( S i , y i ) secretly to server T i , 1 ≤ i n . T i then keeps S i secret while it publishes y i .
for ÎÈ
u
{0}
N . Compute S i = F ( i ), y i = e ( S i , P ) = (,)
i
i
Encrypt : Given a plain text m {0, 1} l , identity ID ,
1. Choose Î q
rZ at random and set U = rP .
2. Compute Q ID = H 3 ( ID ), d = e ( Q ID , P pub ), and k = d r .
3. Compute
VHkm , W = rH 2 ( U , V ), =
1 ()
WrHUV .
2 (,)
4. Set the cipher text to be C = ( U , V , W ).
Decrypt Share Generation : Given a cipher text C = ( U , V , W ), decryption server
T i , with secret key S i , compute H 2 = H 2 ( U , V ) and check if e ( P , W ) = e ( U , H 2 ). If
the test holds, then compute
ke SUke QUye QP
=
(
,
),
=
(
,
),
=
(
,
),
λ
=
Hkky
(
,
,
) and
LQ S (4.61)
= +
λ
i
i
i
i
i
i
i
4
i
i
i
i
i
i
Search WWH ::




Custom Search