Download - Fuzzy Identity Based Signature
![Page 1: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/1.jpg)
Fuzzy Identity Based Signature
Based on P Yang et al 2008
Kittipat Virochsiri
![Page 2: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/2.jpg)
Introduction
• What is it?• Applications
![Page 3: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/3.jpg)
An Identity Based Signature scheme
With some error tolerance A signature issued by a user with identity can
be verified by another user with identity If and are within a certain distance judged by
some metric
What is it?
![Page 4: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/4.jpg)
Attribute-based signature Biometric identity based signature
Applications
![Page 5: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/5.jpg)
Preliminaries
• Bilinear Pairing• Computational Diffie-Hellman
• Threshold Secret Sharing Schemes
![Page 6: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/6.jpg)
Let and be multiplicative groups of the same
prime order Bilinear pairing is a map with following
properties: Bilinear: , where and Non-degeneracy: Computability: It is efficient to compute for all
Bilinear pairing
![Page 7: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/7.jpg)
Computational Diffie-Hellman (CDH)
Challenger
Adversary
(g , A=ga ,B=gb )
gab∈𝔾
![Page 8: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/8.jpg)
An adversary has at least advantage if: The computational (t,) - DH assumption holds
if no polynomial-time adversary has at least advantage in solving the game
CDH Assumption
![Page 9: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/9.jpg)
Threshold Secret Sharing Scheme
![Page 10: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/10.jpg)
Let:
be a finite field with elements be the secret
Assign every player with a unique field element
Set of players , where can recover secret using
Threshold Secret Sharing Scheme
![Page 11: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/11.jpg)
Fuzzy Identity Based Signature (FIBS)
schemeConsisted of 4 steps:• Setup• Extract• Sign• Verify
![Page 12: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/12.jpg)
FIBS schemes
Setup
Extract
Sign
Verify
1k
mk
params
ID
D ID
M
𝜎
ID ′
0/1
![Page 13: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/13.jpg)
Security Model
Unforgeable Fuzzy Identity Based Signature against Chosen-Message Attack (UF-FIBS-CMA)
![Page 14: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/14.jpg)
Security Model
Adversary
Setup
params𝛼
Signing
Oracle
Private Key Oracle
𝛾 i,|𝛾 i∩𝛼
∗ |<d
K𝛾 i
(M i ,𝛼 )
𝜎 i
for
![Page 15: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/15.jpg)
’s success probability is
The fuzzy identity based signature scheme FIBS is said to be UF-FIBS-CMA secure if is negligible in the security parameter
Definition
![Page 16: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/16.jpg)
The Scheme
![Page 17: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/17.jpg)
0/1invalid/validID ′𝜔 ′
𝜎
D ID
S
K 𝜔
ID𝜔
mkMK
params
1k
PP
n,d
FIBS schemes
Setup
Extract
Sign
Verify
M
![Page 18: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/18.jpg)
and are groups of the prime order Bilinear pairing is a generator of Identities are sets of elements of
Building Blocks
![Page 19: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/19.jpg)
Choose Choose uniformly random from Let be the set
Select a random integer Select a random vector Public parameters Master key
Setup
![Page 20: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/20.jpg)
Choose a random degree polynomial such
that Return
is a random number from defined for all
Extract
![Page 21: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/21.jpg)
A bit string Select a random for Output
Sign
![Page 22: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/22.jpg)
where Choose an arbitrary -element subset of Verify
Verify
![Page 23: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/23.jpg)
Correctness check
![Page 24: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/24.jpg)
Security Proof
![Page 25: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/25.jpg)
Security Game
Adversary
Setup
params𝛼∗
Signing
Oracle
Private Key Oracle
𝛾 ,|𝛾∩
𝛼∗ |<d
K𝛾
(M ,𝛼∗ )
𝜎
for
(g ,ga , gb ) gabSimulator
![Page 26: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/26.jpg)
Let be an adversary that makes at most
signature queries and produces a successful forgery against the scheme with probability in time
Then there exists an algorithm that solves the CDH problem in with probability in time
Theorem
![Page 27: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/27.jpg)
Select a random identity Choose
A random number Random numbers in the interval Random exponents
Setup
![Page 28: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/28.jpg)
Let and Choose
A random degree polynomial An degree polynomial such that if and only if
for from to
Setup
![Page 29: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/29.jpg)
Answer private key query on identity
Define , ,
and
Private Key Oracle
![Page 30: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/30.jpg)
Define private key for For
and are chosen randomly in For
Private Key Oracle
![Page 31: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/31.jpg)
Define degree polynomial as Let For , it can be shown that
Private Key Oracle
![Page 32: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/32.jpg)
Answer signature query on identity for some
If , then the simulator aborts Select a random set
Signing Oracle
![Page 33: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/33.jpg)
For
is chosen randomly in For
Signing Oracle
![Page 34: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/34.jpg)
Pick random , for Compute
Signing Oracle
![Page 35: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/35.jpg)
For , it can be shown that
Signing Oracle
![Page 36: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/36.jpg)
Output a valid forgery on for identity
If or , then aborts.
Producing Forgery
![Page 37: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/37.jpg)
For some
Producing Forgery
![Page 38: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/38.jpg)
Select a random set such that and Compute
Producing Forgery
![Page 39: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/39.jpg)
could solve the CDH instance by outputting
The probability is
Solving CDH
![Page 40: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/40.jpg)
Issues
• Privacy• Capture and replay
![Page 41: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/41.jpg)
No anonymity for signer
Privacy
![Page 42: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/42.jpg)
Only secure when forgery of identity can be
detected
Capture and replay
![Page 43: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/43.jpg)
Conclusion
![Page 44: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/44.jpg)
Allows identity to issue a signature that
identity can verify Provided that and are within some distance
Unforgeable against adaptively chosen message attack
Conclusion
![Page 45: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/45.jpg)
Thank you
Question?
![Page 46: Fuzzy Identity Based Signature](https://reader036.vdocuments.net/reader036/viewer/2022062520/568161ab550346895dd168da/html5/thumbnails/46.jpg)
1. Dan Boneh and Matthew K. Franklin. Identity-based encryption from the
weil pairing. In CRYPTO ’01: Proceedings of the 21st Annual International Cryptography Conference on Advance in Cryptology, page 213-229, London, UK, 2001. Springer-Verlag.
2. Jin Li and Kwangjo Kim. Attribute-based ring signature. Cryptology ePrint Archive, Report 2008/394, 2008.
3. Amit Sahai and Brent Waters. Fuzzy Identity-Based encryption. In Advance in Cryptography – EUROCRYPT 2005, page 457-473. 2005.
4. Siamak F Shahandashti and Reihaneh Safavi-Naini. Threshold attribute-based signatures and their application to anonymous credential systems. Cryptology ePrint Archive, Report 2009/126, 2009.
5. Brent Waters. Efficient Identity-Based encryption without random oracles. In Advance in Cryptography – EUROCRYPT 2005, page 114-127. 2005.
6. Piyi Yang, Zhenfu Cao, and Xiaolei Dong. Fuzzy identity based signature. Cryptology ePrint Archive, Report 2008/002, 2008.
References