Cryptography Reference
In-Depth Information
Signature Verification
: The verifier verifies the signature as follows:
• Compute
h
=
H
2
(
ID
,
m
,
R
,
Y
) and
c
=
H
1
(
ID
||
R
).
• Check whether the equality
?
=+ +
=+ +
=++
=+
=
zP
Y h R cP
yP h rP cxP
Py hr cx
Py hs
zP
(
)
0
(
)
(
(
))
(
( ))
(5.1)
holds true or not to determine the validity of the signature.
Although BNN-IBS is a non-pairing-based approach, it is still not efficient in terms
of the signature size because it includes two points
R
and
Y
and an integer element.
Hence, it would take at least two IEEE 802.15.4 packets to carry this signature scheme.
A variant of BNN-IBS—
v
BNN-IBS—has been proposed by Cao et al. (2008), which
reduces the signature size when compared to BNN-IBS.
v
BNN-IBS is reviewed in
Section 5.3.3.1.
5.3.3.1
v
BNN-IBS
The
Setup
and
Key-Extraction
processes are similar to the processes mentioned in
BNN-IBS.
Signature Generation
: The signer generates the signature
s
as follows:
• Choose at random
y
Z
p
and compute
Y
=
yP
.
• Compute
z
=
y
+
hs
, where
h
=
H
2
(
ID
,
m
,
R
,
Y
).
Rhz
Hence,
m
and the
,, .
Then, the sender's signature on message
m
is the tuple
tuple are sent to the receiver.
Signature Verification
: Given
Rhz
ID
, and the message
m
, the receiver computes
c
=
H
1
(
ID
||
R
) and verifies the signature as shown below:
,, ,
?
=
- +
hHIDmRzPhR cP
(,
,
,
(
)
(5.2)
2
0
In comparison to BNN-IBS,
v
BNN-IBS generates a signature with a smaller size
when compared to BNN-IBS while achieving the same computational complexity. As
a result, this scheme is easily applicable in multiuser broadcast authentication in WSN.
Search WWH ::
Custom Search