A novel and efficient unlinkable secret handshakes scheme
description
Transcript of A novel and efficient unlinkable secret handshakes scheme
![Page 1: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/1.jpg)
A novel and efficient unlinkable secret handshakes scheme
Author: Hai Huang and Zhenfu Cao (PR China)
Source: IEEE Comm. Letters 13 (5) (2009)Presenter: Yu-Chi Chen
![Page 2: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/2.jpg)
Outline
• Introduction• Huang and Cao’s scheme• Conclusions
![Page 3: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/3.jpg)
Introduction
• A secret handshakes scheme– affiliation-hiding authentication– firstly introduced by Balfanz et al.– For example, two FBI agents, Alice and Bob, want
to discover and communicates with other agents, but they don’t want to reveal their affiliations to non-agents.
![Page 4: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/4.jpg)
Introduction
• An unlinkable secret handshakes scheme – provide unlinkability– an adversary cannot link any two different
instances of same party.• Given C, to guess C is AB, A’B’, or other.
(blind signature)• unlinkability has been widely considered in many
applications.
![Page 5: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/5.jpg)
Introduction
• Jarecki et al.’s scheme– an unlinkable secret handshakes scheme– not efficient, but secure at present
• Huang and Cao presented an unlinkable secret handshakes scheme– novel and efficient– Simple, so it can be published in IEEE-CL.
![Page 6: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/6.jpg)
Outline
• Introduction• Huang and Cao’s scheme• Conclusions
![Page 7: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/7.jpg)
Bilinear pairing
• Referred to as “bilinear maps”• e: G1 × G2→G3
• G1, G2: (+, q)• G3: (×, q)
![Page 8: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/8.jpg)
Bilinear pairing
• Properties:– Computation: given P1 (P2) in G1 (G2), we can
obtain e(P1, P2) in G3
– Bilinear: given xP1 and bP2, where a, b in Zq, then e(aP1, bP2) = e(P1, P2)ab
– Non-degenerate: P1 (P2) is a generator of G1 (G2), then e(P1, P2) ≠ 1. (or e(P1, P2) is a generator of G3)
![Page 9: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/9.jpg)
Huang and Cao’s scheme
This figure is copied from IEEE Comm. Letters 13 (9) (2009), page 731
![Page 10: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/10.jpg)
Conclusions
• Huang and Cao analyzed this scheme can provide authenticated key exchange security, affiliation-hiding, and unlinkability.
• The scheme is more efficient than Jarecki et al.’s.
![Page 11: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/11.jpg)
On the security of a novel and efficient unlinkable secret
handshakes schemeAuthor: Renwang Su (PR China)
Source: IEEE Comm. Letters 13 (9) (2009)
![Page 12: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/12.jpg)
• Su found Huang and Cao’s scheme is not secure.– Cannot provide authenticated key exchange
security.
![Page 13: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/13.jpg)
This figure is copied from IEEE Comm. Letters 13 (9) (2009), page 731
![Page 14: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/14.jpg)
Security analysis of an unlinkable secret handshakes
schemeAuthor: T.-Y. Youn and Y.-H. Park (Korea)
Source: IEEE Comm. Letters 14 (1) (2009)
![Page 15: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/15.jpg)
• Youn and Park also found Huang and Cao’s scheme is not secure.– Cannot provide authenticated key exchange
security and affiliation-hiding.
![Page 16: A novel and efficient unlinkable secret handshakes scheme](https://reader035.fdocuments.us/reader035/viewer/2022062501/568162c0550346895dd351c2/html5/thumbnails/16.jpg)
Receiving vB, then try find PK where vB=H1(KA, (PK, EA, EB), resp)