Digital signature for Diff ie-Hellman public keys without using a one-way function
نویسندگان
چکیده
Introduction: A one-way function is needed in any digital signature scheme. Without using a secure one-way function, a digital signature can be easily forged [l, 21. There are some well-known oneway hash functions, such as the MD4, MD5, SHA, etc. There exists a major difference of security assumptions between digital signature schemes and one-way functions. The security assumptions of most signature schemes are based on some well-known computational problems, such as the discrete logarithm problem, the factoring problem, etc. However, the security of most one-way hash functions is based on the complexity of analysing an iterated simple function. Since most computational problems are wellknown and easy to understand, the security of most signature schemes can withstand quite a long period of time. However, a one-way function may seem very difficult to analyse at the beginning; but it may turn out to be vulnerable to some special attacks later. Thus, in general, the lifetime of one-way functions is shorter than that of signature schemes. For example, recent advancement of cryptanalysis research has found that MD5 is ‘at the edge’ of risking successful cryptanalytic attack [3]. There are two motivations of proposing signature schemes without using a one-way function. First, instead of relying overall security on the weaker assumption between the signature scheme and the one-way function, the security of our proposed schemes is based on the discrete logarithm problem. Secondly, the overall security can be easily understood and analysed. Diffie and Hellman [4] proposed the well-known public-key distribution scheme based on the discrete logarithm problem in 1976 to enable two parties to establish a common secret session key based on their exchanged public keys. But their original scheme can only share one common secret key and did not provide authentication for the exchanged public keys. Since them, several key exchange protocols [5, 61 to allow two parties to share multiple secret session keys have been proposed based on the DiffieHellman public-key technique. In general, these protocols utilise a digital signature for each distributed public key to provide authentication. Since Diffie-Hellman’s public key is obtained by computing an exponential function over GFb) and the exponential function itself is a well-known one-way function, we propose signature schemes without using any additional one-way function for signing Diffie-Hellman public keys. In addition, since the DiffieHellman public key is a random number, our proposed schemes are not suitable for signing any given message.
منابع مشابه
Two remarks on public key cryptology
In 1996, Adam Back floated the idea of a public key cryptosystem with a series of public keys pi and secret keys si that stand in the usual relationship with each other but for which there are updating functions fi and gi such that pi+1 = fi(pi) and si+1 = gi(si) [2]. In this way a single root public key p0 could be certified, and thereafter the key owner could regularly calculate si+1 and dest...
متن کاملEfficient ID-Based Signature Scheme using Pairings
An ID-based cryptographic scheme enables the user to public keys without exchanging public key certificates. In these schemes, users can generate their public and private keys using their identity. The positive application of bilinear pairings over elliptic curves makes the system easy and efficient in providing security. In this paper, we propose an ID-based signature scheme using bilinear pai...
متن کاملAuthenticated Diffie–Hellman key agreement protocol using a single cryptographic assumption
In modern communication systems, a popular way of providing authentication in an authenticated Diffie–Hellman key agreement protocol is to sign the result of a one-way hash function (such as MD5) of a Diffie–Hellman public key. The security of such a protocol is based on the weakest of all the cryptographic assumptions of the algorithms involved: Diffie–Hellman key distribution, digital signatu...
متن کاملImproved Identity-Based Signcryption
Identity-based cryptography is form of public-key cryptography that does not require users to pre-compute key pairs and obtain certificates for their public keys. Instead, public keys can be arbitrary identifiers such as email addresses. This means that the corresponding private keys are derived, at any time, by a trusted private key generator. The idea of signcryption is to provide a method to...
متن کاملShort Signatures from Weaker Assumptions
We provide constructions of (m, 1)-programmable hash functions (PHFs) for m ≥ 2. Mimicking certain programmability properties of random oracles, PHFs can, e.g., be plugged into the generic constructions by Hofheinz and Kiltz (J. Cryptol. 2011) to yield digital signature schemes from the strong RSA and strong q-Diffie-Hellman assumptions. As another application of PHFs, we propose new and effici...
متن کامل