Cryptography Reference
In-Depth Information
consumption in generating On . Hence, the nodes only need to carry out a small num-
ber of energy-efficient computations. The final broadcast message includes m M , T s ,
ID i , and signature On .
Online Signature Verification : When a sensor node receives a broadcast message, its
first task is to check the time stamp to avoid any kind of a replay attack. Upon veri-
fying the freshness of the time stamp, it runs the Online Signature Verification algo-
rithm. This algorithm takes m M , ID i , On , and PP , and returns valid (1) or invalid
(0). If required, the node could rebroadcast the message with its signature and a new
time stamp.
5.3.3 BNN-IBS Scheme
Bellare et al. (2004) proposed the first ECC-based IBS scheme called BNN-IBS, with
provable security. The implementation is as follows:
Preliminaries : Let E be an elliptic curve defined over a prime finite field F q and denoted
as E / F q . Let E ( F q ) denote the group of points formed by E / F q , which includes the point
at infinity . Hence, E ( F q ) = {( x , y ): x , y F q ; ( x , y ) E / F q )} { }.
Setup : Given the security parameter
x Î , the following steps are carried out by the
p
PKG.
*
*
2 :{0,1}
H .
• Specify E / F q the elliptic curve E , where P E ( F q ) is a point of order p and G is a
group generated by P . Let the system public key P 0 = xP PP .
• The public parameters include
´ and
• Let
H
:{0,1}
G
Z
1
1
p
p
PP
=
EFPpPHH
/,
,
,
,
,
.
q
012
Key Extraction : Given an end-user's identity (ordinary node's identity) ID , the PKG
(sink node) validates the identity and generates the private key based on the Schnorr
signature scheme (Schnorr 1991):
• Choose at random r Z p and compute R = rP .
• Use system secret key x to compute s = r + cx , where c = H 1 ( ID || R ).
The pair ( R , s ) is sent to the end user via a secure channel.
Signature Generation : The signer generates the signature as follows:
• Choose at random y Z p and compute Y = yP .
• Compute z = y + hs , where h = H 2 ( ID , m , R , Y ).
RY z
,, .
Then, the sender's signature on message m is the tuple
Hence, m and the
tuple are sent to the receiver.
Search WWH ::




Custom Search