Journal of Communications and Networks

  • 제12권3호
  • /
  • Pages.201-208
  • /
  • 2010
  • /
  • 1229-2370(pISSN)
  • /
  • 1976-5541(eISSN)
한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지

Metered Signatures: How to Restrict the Signing Capability

  • 투고 : 2008.08.14
  • 심사 : 2009.01.31
  • 발행 : 2010.06.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

We propose a new notion of metered signatures. Metered signature is an extension of k-times signatures in which a signer can generate only k signatures. However, the restriction of metered signatures can be more elaborate: It can be used k-times every day or to preserve the order of signed messages in some applications. Any violation of this regulation reveals a secret key or the signature on a predetermined message. The applications includes proxy signatures, limited free downloads, and the rating web site. We give two instances of metered signatures: One is based on the computational Diffie-Hellman problem (CDHP) using a bilinear map and the other is based on the RSA problem. In both schemes, the signature and certificate size and the verification cost are constant with respect to k. Further, we show that the proposed metered signatures admit batch verification of many signatures almost at one verification cost with small security loss.

키워드

참고문헌

  1. D. Boneh and M. Franklin, "Identity-based encryption from the Weil pairing," SIAM J. Comput., vol. 32, no. 3, 2003, pp. 586–615. A preliminary version appeared in Proc. Advesces in Cryptology–Crypto 2001, LNCS, vol. 2139, Springer-Verlag, 2001, pp. 213–229.
  2. M. Bellare, J. Garay, and T. Rabin, "Fast batch verification for modular exponentiation and digital signatures," in Proc. Advances in Cryptology– Eurocrypt'98, LNCS, vol. 1403, Sringer-Verlag, 1998, pp. 236–250.
  3. D. Boneh, B. Lynn, and H. Shacham, "Short signature from the Weil pairing," J. Cryptology, vol. 17, no. 4, pp. 297–319, 2004. The extended abstract appeared in Proc. Advances in Cryptology–Asiacrypt 2001, LNCS vol. 2248, Springer-Verlag, 2001, pp. 514–531.
  4. C. Boyd and C. Pavlovski, "Attacking and repairing batch verification schemes," in Proc. Advances in Cryptology–Asiacrypt 2000, LNCS, vol. 1976, Springer-Verlag, 2000, pp. 58–71.
  5. groups," in Proc. Public Key Cryptography–PKC 2003, LNCS, vol. 2567, Springer-Verlag, 2003, pp. 18–30.
  6. T. Eng and T. Okamoto, "Single-term divisible coins," in Proc. Advances in Cryptology–Eurocrypt'94 LNCS, vol. 950, Springer-Verlag, 1995, pp. 306–319.
  7. A. Fiat, "Batch RSA," J. Cryptology, vol. 10, no. 2, pp. 75–88, Springer- Verlag, 1997. A preliminary version appeared in Advances in Cryptology– Crypto'89, LNCS vol. 435, Springer-Verlag, 1989, pp. 175–185.
  8. L. Guillou and J. Quisquater, "A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory," in Proc. Adcances in Cryptology–Eurocrypt'88, LNCS, vol. 330, Springer- Verlag, 1988, pp. 123–128.
  9. J. Hwang, H. Kim, D. Lee, and J. Lim, "Digital signature schemes with restriction on signing capability," in Proc. Information Security and Privacy–ACISP 2003, LNCS, vol. 2727, pp. 324–335, Springer-Verlag, 2003.
  10. A. Joux and K. Nguyen, "Separating decision Diffie-Hellman from computational Diffie-Hellman in cryptographic groups," J. Cryptology, vol. 16, no. 4, pp. 239–247, Springer-Verlag, 2003. https://doi.org/10.1007/s00145-003-0052-4
  11. R. Merkle, "A certified digital signature," in Proc. Advences in Cryptology–Crypto'89, LNCS, vol. 435, Springer-Verlag, 1990, pp. 218– 238.
  12. Shamus Software Ltd. Miracl: Multiprecision integer and rational arithmetic c/c++ library. [Online]. Available: http://indigo.ie/∼mscott/
  13. L. Nguyen and R. Safavi-Naini, "Dynamic k-times anonymous authentication," in Proc. ACNS 2005, LNCS, vol. 3531, Springer-Verlag, 2005, pp. 318–333.
  14. T. Okamoto and K. Ohta, "Disposable zero-knowledge authentication and their applications to untraceable electronic cash," in Proc. Advences in Cryptology–Crypto'89, LNCS, vol. 435, Springer-Verlag, 1990, pp.481– 496.
  15. M. Rabin, Foundations of Secure Computations, Academic Press, pp. 155– 168, 1978.
  16. R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," in Proc. Commun. ACM, vol. 21, no. 2, 1978, pp. 120–126. https://doi.org/10.1145/359340.359342
  17. I. Teranishi, J. Furukawa, and K. Sako, "k-times anonymous authentication," in Proc. Advances in Cryptology–Asiacrypt 2004, LNCS, vol. 3329, Springer-Verlag, 2004, pp. 308–322.
  18. I. Teranishi and K. Sako, "k-times anonymous authentication with a constant proving cost," in Proc. PKC 2006, LNCS, vol. 3958, Springer-Verlag 2006, pp. 525–542
  19. H. Yoon, J. Cheon, and Y. Kim, "Batch verifications with ID-based signatures," in Proc. ICISC 2004, LNCS vol. 3506, Springer-Verlag, 2004, pp. 233–248.