Beruflich Dokumente
Kultur Dokumente
KEYWORDS
Collaborative Workflow Platform, Trapdoor Hash
Function, Online/Offline Signature
INTRODUCTION
Recently, the concept of cloud computing has become well known and has been applied to various applications. Cloud service models can be
briefly classified into three types: Infrastructure
as a Service (IaaS), Platform as a Service (PaaS),
and Software as a Service (SaaS). In this paper,
250
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
correct.
2
PRELIMINARIES
2.1
251
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
(1)
- CollidedString(T KC , m0 , r1 ) c1 . The
collided string algorithm takes as input the
cooperators trapdoor key T KC , the collided string m0 , and the random value r1 selected in Hash algorithm. It then outputs a
collision c1 .
- GenCollision(c1 , T KO , m, r2 ) c2 . The
collision generation algorithm takes as input the owners trapdoor key T KO , the original message m used in Hash algorithm,
and the random value r2 selected in Hash
algorithm. It then generates a collision c2
such that
Hash(m, r1 , r2 ) = Hash(m0 , c1 , c2 )
2.3
252
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
= N H(a, b1 ), a A, b1 B
h1
hi
= N H(hi1 , bi ), bi B
ACC = hn
N H(ACC, c) = ACC
3
(3)
(4)
In order to solve the problems, we design a onecollision bi-trapdoor hash function. We then propose a digital signature scheme using the onecollision bi-trapdoor hash function for a collaborative platform.
CollidedString(x, m0 , R1 , r1 ) c1
3.1
GenCollision(y, m, R2 , r2 ) c2
mod q (5)
mod q (6)
The correctness is shown as the following derivation, where all operations are performed under modulo p.
HashX (m0 kR1 , g, c1 , g, c2 )
0
= X H(m kR1 ) g c1 g c2
0
= X H(m kR1 ) g c1 g c2
0
0
= (g x )H(m kR1 ) g xH(m kR1 )+r1 g yH(mkR2 )+r2
0
0
= g xH(m kR1 )+xH(m kR1 )+r1 yH(mkR2 )+r2
= g yH(mkR2 )+r1 +r2
= HashY (mkR2 , K1 , r10 , K2 , r20 )
(7)
Batch((m1,1 , R1,1,1 , c1,1,1 , c1,1,2 , h1,1 ),
. . . , (mi,j , Ri,j,1 , ci,j,1 , ci,j,2 , hi,j ), . . . ,
(mM,nM , RM,nM ,1 , cM,nM ,1 , cM,nM ,2 , hM,nM ))
0/1
Given bi-trapdoor hash tuples and check
values (m1,1 , R1,1,1 , c1,1,1 , c1,1,2 , h1,1 ), . . . ,
(mi,j , Ri,j,1 , ci,j,1 , ci,j,2 , hi,j ), . . . ,
(mM,nM , RM,nM ,1 , cM,nM ,1 , cM,nM ,2 , hM,nM )
for i [1, M ] and j [1, ni ] where M is
total number of users and ni is total number
of the bi-trapdoor hash tuples of user i. N
253
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
Pni
i=1 Xi
j=1
g
QM Qni vi,j
i=1 j=1 hi,j (mod p)
(8)
There is a special property, base conversion, of
our bi-trapdoor hash function. If a bi-trapdoor
hash value is computed under the public hash key
Y , we call the base of a hash value Y . For this
property, a collision will show the identity of cooperator. Equation (7) shows the base conversion
from Y to X.
3.2
corresponding signature to the challenger; otherwise, the platform will return null. The Verification phase will be started when the challenger
obtains the signature of a specific revision and intends to verify its validity. If the result of verification is true, the challenger will confirm the identity of the editor of the revision. Finally, when all
cooperators finish modifications, the leader will
run the Finish phase with the platform to check
whether all revisions are correct. We present the
details of each phase as follows.
Notation
y
Y
x
X
T HY
W
F
(sk, pk)
NH
A
H
m
T
M
ni
Meaning
the secret trapdoor key of the
collaborative platform
the public hash key of the
collaborative platform
the secret trapdoor key of a user
the public hash key of a user
the one-collision bi-trapdoor hash function
with Y
the warrant including the file name and the
identities of the user and the platform
a secure signature scheme,
F = (SKeyGen, SSign, SV erif y)
the platforms secret key and public key of F
Nybergs one-way accumulated hash function
the security parameter of N H
a cryptographic one-way hash function
the message of the modification
a timestamp of the modification
the total number of users
the number of revisions of user i
Initialization phase:
The collaborative platform selects a
secure signature scheme denoted by
F = (SKeyGen, SSign, SV erif y), such
as Schnorr signature scheme [14]. The
platform then runs SKeyGen to obtain the
key pair (sk, pk). It also runs the KeyGen
algorithm of the one-collision bi-trapdoor
hash function to generate its secret trapdoor
key y and public key Y . The platform
then publishes (SV erif y, pk, Y ) and keeps
(sk, y) secret.
Key Generation phase:
When a user registers on the collaborative
254
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
c1 = CollidedString(x, m kT, R1 , r1 )
= xH(m kT kR1 ) + r1 mod q.
(9)
Upon receiving the collision c1 from the
user, the collaborative platform performs the
following steps.
1. Check
if
R1
is
equal
to
c1 H(m kT kR1 )
g X
mod p.
If false,
the platform rejects this collision c1
and asks the user a new collision until
the check is successful.
2. Run the GenCollision algorithm in
the one-collision bi-trapdoor hash
function with the platforms secret
trapdoor key y, the warrant W , r2 , and
R2 used in the offline phase. The collision generated by the platform will be
c2 = GenCollision(y, W, R2 , r2 )
= yH(W kR2 ) + r2 mod q.
(10)
3. Prepare Nybergs one-way accumulators for each user. If the user Ui first
produces the signature with the platform, the platform will choose a random A -bit value Ki for Ui and compute Zi = N H(Ki , m ). If the accumulator Zi of the user Ui has been
generated, the platform updates Zi =
N H(Zi , m ).
4. The signature of m is m =
{m , T, R1 , c1 , c2 , W } where W is
generated in the offline phase.
Verification phase:
If the verifier V receives a signature m =
{m , T, R1 , c1 , c2 , W } and intends to check
its validity, she/he performs the following
steps.
1. Run SV erif ypk (hW , W, SW ) to check
whether hW and the warrant W are
correct. If false, V gets the information that the signature m is invalid
and then aborts the verification.
2. Compute
hm
=
T HX (m kT kR1 , g, c1 , g, c2 ).
The
base of the one-collision bi-trapdoor
hash function can be known from the
warrant W . Then, check whether hm
is equal to hW . If true, V confirms that
the signature m is valid.
255
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
[10]
[9]
[7]
[8]
[6]
[11]
Offline cost
User
Platform
2Te + 1Tm + 2Th 2Te + 1Tm + 2Th
481.8Tm
481.8Tm
3Te + 2Tm + 2Th 3Te + 2Tm + 2Th
722.8Tm
722.8Tm
3Te + 2Tm + 2Th 3Te + 2Tm + 2Th
722.8Tm
722.8Tm
4Te + 2Tm + 3Th 4Te + 2Tm + 3Th
963.2Tm
963.2Tm
3Te + 3Tm
3Te + 3Tm
723Tm
723Tm
3Te + Tm + Th
3Te + 3Tm + 1Th
721.4Tm
723.4Tm
Te : the cost of a modular exponentiation
Tm : the cost of a modular multiplication
Th : the cost of a basic hash operation
Ours
Online cost
User
Platform
Te + Tm + 2Th
4Te + 2Tm + 3Th
241.8Tm
963.2Tm
Te + Tm + 2Th
5Te + 3Tm + 3Th
241.8Tm
1204.2Tm
2Te + 2Tm + 2Th 6Te + 4Tm + 4Th
482.8Tm
1445.6Tm
2Te + 3Tm + 2Th 5Te + 5Tm + 5Th
483.8Tm
1207Tm
Tm + Th
3Te + 5Tm + 3Th
1.4Tm
726.2Tm
Te + Th
2Te + Th
240.4Tm
480.4Tm
Tm + Th
2Te + 2Tm + Th
1.4Tm
482.4Tm
i
all
2. Run
Batch((m1,1 , T1,1 , R1,1,1 , c1,1,1 , c1,1,2 , h01,1 ),
. . . , (mi,j , Ti,j , Ri,j,1 , ci,j,1 , ci,j,2 , h0i,j ), . . . ,
(mM,nM , TM,nM , RM,nM ,1 , cM,nM ,1 ,
cM,nM ,2 , h0M,nM )) for i [1, M ] and
j [1, ni ] to check the validity of
one-collision bi-trapdoor hash tuples.
3. If the result is true, the leader can confirm that all revisions are correct. Otherwise, the leader finds every incorrect
pair (mi ,j , Ti ,j , Ri ,j ,1 , ci ,j ,1 ,
ci ,j ,2 , h0i ,j ) where i [1, M ] and
j [1, ni ] by individual verification.
4. The
leader
runs
0
0
0
SV erif ypk (hi ,j , Wi ,j , SW 0 ).
i ,j
If true, the leader can confirm that the
revision mi ,j is invalid. Otherwise,
the leader can confirm that the check
value h0i ,j from user i is incorrect.
256
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
SECURITY ANALYSIS
Signature Length
2 (2|n| + 2|q|)
= 4736 bits
2 (3|q| + |p|)
= 3008 bits
2 (3|q| + 2|p|)
= 5056 bits
2 (2|q| + 3|p|)
= 6784 bits
2 (N + K + E )
= 4320 bits
|n|
= 1024 bits
3|q| + 2|p|
= 2528 bits
PERFORMANCE
257
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
sion of a file and sends the signature to the platform. After receiving the signature, the platform
verifies it and then signs on this signature. For
[7][8][9][10], one can present an online/offline
signature scheme by combining a trapdoor hash
function with the hash-sign-switch paradigm proposed by Shamir et al. [10]. We assume that
the signature scheme used in hash-sign-switch
paradigm is Schnorr signature scheme.
We show the performance in Table 2 and Table
3. According to [15][16][17], we can know that
Te 240Tm and Th 0.4Tm .
6
CONCLUSIONS
258
Proceedings of The Fourth International Conference on Informatics & Applications, Takamatsu, Japan, 2015
[14] C.P. Schnorr. Efficient identification and signatures for smart cards. Advances in CryptologyCRYPTO89 Proceedings, 435:239-252, 1990.
[15] K. Lauter. The advantages of elliptic curve cryptography for wireless security. IEEE Wireless
Communications, 11(1):62-67, 2004.
[16] Z. Li, J. Higgins, and M. Clement. Performance of finite field arithmetic in an elliptic curve
cryptosystem. In Proceedings of 9th International
Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, pages 249-256, 2001.
[17] Alfred J. Menezes, Scott A. Vanstone, and Paul
C. Van Oorschot. Handbook of Applied Cryptography. CRC Press, Inc. Boca Raton, 2001.
259