DOI QR코드

DOI QR Code

중재자를 이용한 ID기반 전자서명과 키 업데이팅 전자서명 기법

Mediated ID based signature scheme and key updating signature scheme

  • 발행 : 2007.10.31

초록

공개키기반구조에서 공개키 인증서의 효율적 폐지방법은 가장 중요한 연구 분야 중 하나이다. 2001년 Boneh et al.는 RSA 기반 암호시스템에서 사용자의 공개키 인증서를 즉각적으로 폐지할 수 있는 mediated RSA 기법을 제안하였다. 기본 mediated RSA 구조는 Security Mediator(SEM)이라는 중재자를 이용하는 것으로, 사용자가 메시지에 서명 혹은 복호화 연산을 수행하기 위해서는 중재자로부터 토큰을 먼저 얻어야만 한다. 즉, 사용자의 공개키 인증서가 유효하지 않으면 중재자인 SEM은 토큰발행을 중지함으로써 즉각적으로 사용자의 서명 능력 혹은 복호화 능력을 폐지시킬 수 있게 된다. 최근 Libert와 Quisquater는 mediated RSA의 SEM 구조를 이용한 즉각적인 폐지기법이 Boneh-Franklin의 ID 기반 암호기법과 GDH그룹에 기반한 전자서명에도 적용될 수 있다는 것을 보였다. 이 논문에서는 먼저 안전한 ID기반 전자서명(IBS)에 SEM의 구조가 적용된 중재자를 이용한 ID기반 전자서명기법, mIBS를 제안한다. 제안한 기법은 여러 서명값들을 한 번에 검증할 수 있는 배치검증 성질을 유지하게 된다. 또한, Libert와 Quisquater가 제안한 GDH그룹에 기반한 전자서명기법은 개인키의 노출 시 이전 서명값에 대한 위조가 가능하게 되는 순방향 안전성이 보장되지 않는다. 이에, 제안된 mIBS에 기반하여 중재자 기반의 키 업데이팅 전자서명 기법인 mKUS를 설계함으로써 순방향 안전성을 제공하였다.

Revocation is one of the main difficulties faced in implementing Public Key Infrastructures(PHs). Boneh, Ding and Tsudik first introduced a mediated cryptography for obtaining immediate revocation of RSA keys used in PKIs. Their method is based on the idea that each user's private key can be split into two random shares, one of which is given to the user and the other to an online security mediator(SEM). Thus any signature or decryption must be performed as a cooperation between a user and his/her associated SEM and revocation is achieved by instructing the mediator SEM to stop cooperating the user. Recently, Libert and Quisquater showed that the fast revocation method using a SEcurity Mediator(SEM) in a mRSA can be applied to the Boneh-Franklin identify based encryption and GDH signature schemes. In this paper we propose a mediated identity based signature(mIBS) with batch verification which apply the SEM architecture to an identity based signature. Libert's GDH siganture scheme is not forward secure even though forward security is an important and desirable feature for signature schemes. We propose an efficient key udating mediated signature scheme, mKUS based on mIBS and analyze its security and efficiency.

키워드

참고문헌

  1. D.Boneh, X.Di ng, G. Tsudik, and C.M.W ong. 'A method for fast revocation of public key certificates and security capabilities.' In 10th USENIX Security Symposium, Washington, D.C. , Aug. 2001
  2. D. Boneh and M. Franklin. 'Identity Based Encryption From the Weil Pairing,' In Advances in Cryptology-Proceedings of Crypto '01, volume 2139 of Lecture Notes in Computer Science, pages 213-229. Springer, 2001 https://doi.org/10.1007/3-540-44647-8
  3. D. Boneh, B. Lynn, and H. Shacham. 'Short signatures from the Weil pairing.' In Advances in Cryptology-Proceedings of Asiaerypt'01. volume 2248 of Lecture Notes in Computer Science, pages 514-532. Springer, 2001 https://doi.org/10.1007/3-540-45682-1
  4. H. Yoon, J. H. Cheon, and Y. Kim. 'Batch verifications with ID-based signatures.' In Information Security and Cryptology - ICISC 2004, pp. 233 - 248, 2005 https://doi.org/10.1007/b137120
  5. X. Ding and G. Tsudik. 'Simple Identity-Based Cryptography with Mediated RSA.' In Proceedings of CT-RSA '03, Lecture Notes in Computer Science. Springer, 2003 https://doi.org/10.1007/3-540-36563-X
  6. B. Libert, J.-J. Quisquater, 'Efficient revocation and threshold pairing based cryptosystems,' Symposium on Principles of Distributed Computing-PODC'2003, 2003 https://doi.org/10.1145/872035.872059
  7. R. Anderson, 'Invited lecture at the acm conference on computer and communication security (CCS'97),' 1997
  8. Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. 'Key-insulated public key cryptosysterns.' In Lars Knudsen, editor, Advances in Cryptology, EUROCRYPT 2002, Lecture Notes in Computer Science. Springer-Verlag, 28 April May 2002
  9. Gene Itkis and Leonid Reyzin. 'Intrusion-resilient signatures, or towards obsoletion of certificate revocation,' In Moti Yung, editor, Advances in CryptologylCRYPTO 2002, Lecture Notes in Computer Science. Springer-Verlag, 18-22 August 2002
  10. G. Tsudik, 'Weak Forward Security in Mediated RSA,' Security in Computer Networks Conference (SCN'02), September 2002 https://doi.org/10.1007/3-540-36413-7
  11. J. Katz and M. Yung. 'Threshold Cryptosystems Based on Factoring.' In Advances in Cryptology - proceedings of Asiacrypt 2002, Lecture Notes in Computer Science. Springer, 2002 https://doi.org/10.1007/3-540-36178-2
  12. A. Boldyreva. 'Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-group signature scheme.' In Proceedings of PKC03, Lecture Notes in Computer Science. Springer, 2003 https://doi.org/10.1007/3-540-36288-6
  13. M. Bellare and A. Palacio, 'Protecting against key exposure: strong keyinsulated encryption with optimal threshold,' Cryptology ePrint archive 2002/064, http://eprint.iacr.org/, 2002
  14. Dae Hyun Yum and Pil Joong Lee, 'Efficient Key Updating Signature Schemes based on IBS,' Cryptography and Coding 2003, pp. 167-182, 2003 https://doi.org/10.1007/b93924
  15. Noel McCullagh, 'Efficient Batch Verification of Signature Schemes based on Bilinear Maps,' Cryptology ePrint archive 2004/088, http://eprint.iacr.org/complete/,2004.9