Cryptography Reference
In-Depth Information
Decrypt Share Verification : Given a cipher text C = ( U , V , W ) and a decryption
share
δ
=
λ
=
(,,, , )
ik k y L , compute
Hkky . Check if
4 (,, )
i
i
i
i
i
i
i
i
i
eLU
(, )
eL P
(,)
i
=
i
=
k
,
y
(4.62)
i
i
λ
λ
k
y
i
i
i
i
If the above test holds, then i of server T i is an acceptable share. Given accept-
able shares ÎÍ
n , where St , D ID can be recovered as follows:
j Sj S
,
{1,...,
}
= å 0
DF
(0)
c
S
(4.63)
ID
j
j
jS
=
where the c 0 j are appropriate Lagrange coefficients.
Share Combining : Given a cipher text C = ( U , V , W ) and a set of decryption
shares
{ jjS n , where St , compute H 2 = H 2 ( U , V ) and check whether
e ( P , W ) = e (U, H 2 ). If C passes this test (i.e., C is a valid cipher text), compute
δ
ÎÍ {1,2,...,
}
= 0 j
c
j
and
k
k
mHk V . Output m .
1 ()
jS
Î
The correctness of the scheme is easy to verify since
æ
ö æ
ö
ç
÷
ç
÷

åå
÷
÷
c
c
ç
ç
0
0
r
=
=
÷
=
÷
=
k
j
eSU
(,)
j
e
ç
cSU
,
e
ç
cS rP
,
eD P (4.64)
(
,)
÷
÷
ç
ç
j
j
0
j
0
j
ID
÷
÷
ç
j
ç
j
ç
÷
ç
÷
è
ø è
ø
jS
Î
jS
Î
jS
Î
jS
Î
4.3.7.3 Sakai-Ohgishi-Kasahara Key Sharing Scheme
The idea of the Sakai-Ohgishi-Kasahara key sharing scheme (Sakai et al. 2000) is quite
simple. Suppose a PKG has a master key s , and it issues private keys to users of the form
sP y , where P y = H 1 ( ID y ) and ID y is the identit y of user y . Then users y and z have a shared
secret that only they may compute:
s
=
=
esP P
(,
) (,
eP P
)
eP sP
(,
)
(4.65)
y
z
y
z
y
z
They may use this shared secret to encrypt their communications. This key sharing
scheme is noninteractive and can be viewed as a type of “dual-identity-based encryp-
tion,” where the word “dual” indicates that the identities of both the sender and the
recipient are required as input into the encryption and decryption algorithms.
4.4 Summary
This chapter has introduced public key cryptography and looked at different architec-
tures of public key infrastructure (PKI). We then presented ID-based cryptography
Search WWH ::




Custom Search