Cryptography Reference
In-Depth Information
Signature Verification : The verifier verifies the signature as follows:
• Compute h = H 2 ( ID , m , R , Y ) and c = H 1 ( ID || R ).
• Check whether the equality
?
=+ +
=+ +
=++
=+
=
zP
Y h R cP
yP h rP cxP
Py hr cx
Py hs
zP
(
)
0
(
)
(
(
))
(
( ))
(5.1)
holds true or not to determine the validity of the signature.
Although BNN-IBS is a non-pairing-based approach, it is still not efficient in terms
of the signature size because it includes two points R and Y and an integer element.
Hence, it would take at least two IEEE 802.15.4 packets to carry this signature scheme.
A variant of BNN-IBS— v BNN-IBS—has been proposed by Cao et al. (2008), which
reduces the signature size when compared to BNN-IBS. v BNN-IBS is reviewed in
Section 5.3.3.1.
5.3.3.1 v BNN-IBS
The Setup and Key-Extraction processes are similar to the processes mentioned in
BNN-IBS.
Signature Generation : The signer generates the signature s as follows:
• Choose at random y Z p and compute Y = yP .
• Compute z = y + hs , where h = H 2 ( ID , m , R , Y ).
Rhz Hence, m and the
,, .
Then, the sender's signature on message m is the tuple
tuple are sent to the receiver.
Signature Verification : Given
Rhz ID , and the message m , the receiver computes
c  = H 1 ( ID || R ) and verifies the signature as shown below:
,, ,
?
=
- +
hHIDmRzPhR cP
(,
,
,
(
)
(5.2)
2
0
In comparison to BNN-IBS, v BNN-IBS generates a signature with a smaller size
when compared to BNN-IBS while achieving the same computational complexity. As
a result, this scheme is easily applicable in multiuser broadcast authentication in WSN.
Search WWH ::




Custom Search