Beruflich Dokumente
Kultur Dokumente
I.
I NTRODUCTION
49
1)
2)
3)
4)
Fig. 1.
Fig. 2.
C. Proposed Protocol
In this section, we describe our VLR group signature
scheme used in the anoymous authentication system for wireless networks as shown in Fig. 2. Our motivation of proposed
VLR group signature is to reduce the size of signature and
omit some procedures in Registration phase and Authentication
phase of previous VLR group signature scheme [3].
The detail procedure of the scheme is as follows:
Setup: the GM selects secret key gmsk = (), tracing
key tsk = (s) and group public key gpk = (g1 , h,
h11 , ..., h1t , S, g2 , w, h21 , ..., h2t ) for j [1, t], where t is user
r
r
revocation token, h1j = g1j , h2j = g2j and w = g2 . While
g1 and g2 are generators of the bilinear groups G1 and G2 . In
addition, S = hs , where h is another generator of G1 .
Join: user selects his secret key xi R Zp randomly. Then,
1/(+xi )
GM acts as Key Issuer Manager computes Ai = g1
and sends Ai to the user. Here, the user has his secret key
R6 = h
/U , R7 = S /V . Then, the verifier checks if c
1 , ..., R
7)
is equal to c = Hash(M, T1 , T2 , T3 , f1 , f2 , U, V, R
1)
2)
3)
4)
5)
1)
2)
3)
1)
52
2)
3)
4)
5)
6)
7)
8)
9)
xi
e(h, g2 ) ,
e(T1 ,w) = e(T1 , g2 ) e(h, w)
+xi
T2 = f1
, T3 = h1j , f1 = g1r , f2 = g2r , U =
xi +u
h
, V = S u }(M ).
Pick blinding factors: r , r , rx , r , rr , ru R Zp .
Compute:
R1 = e(T1 , g2 )rx e(h, w)r e(h, g2 )r , R2 =
r
r +r
f1 x , R3 = h1j , R4 = g1rr , R5 = g2rr , R6 =
hrx +ru , R7 = S ru .
Compute a challenge c R Zp as: c = Hash(M, T1 ,
T2 , T3 , f1 , f2 , U, V, R1 , ..., R7 ).
Compute responses:
sx = rx + cxi , s = r + c, s = r + c, s =
r + c, sr = rr + cr, su = ru + cu Zp .
Output the group signature:
= (T1 , T2 , T3 , f1 , f2 , U, V, c, s , s , sx , s , sr , su ).
1, R
2, R
3, R
4, R
5, R
6, R
7 as:
Re-derive R
)c
(
1 = e(T1 , g2 )sx e(h, w)s e(h, g2 )s e(g1 ,g2 )
,
R
e(T1 ,w)
2)
3)
3 = hs /T c , R
4 = g sr /f c ,
2 = f s +sx /T c , R
R
1
2
3
1
1
1j
6 = hsx +su /U c , R
7 = S su /V c .
5 = g sr /f c , R
R
2
2
Re-derive the challenge c R Zp as:
1 , ..., R
7 ). If
c = Hash(M, T1 , T2 , T3 , f1 , f2 , U, V, R
Phase 4: Tracing.
The input of this algorithm are gpk, the traced signature ,
message M , and the tracing secret key tsk. The Tracing
Manager traces and identifies the signer as follows:
1)
2)
3)
TABLE I.
E QUIPMENTS SPECIFICATION
Specification
of
Sensor Node /
Gateway Node
gcc-4.6.4-5,
openssl-1.0.1k
Linux Raspberrypi
4.1.17-v7+
Raspberry pi 2
model B embedded
system ARM Cortex
rev 5 v71 Proccessor
900MHz
1 GB
TP-Link
TL-WN722N
150Mbps
IEEE802.11b/g/n
Software
O/S
CPU
RAM
NIC
TABLE II.
Fig. 3.
Data Center
User
gcc-4.3.5,
openssl-0.9.8o
Debian Linux
kernel-2.6.32
gcc-4.4.5,
openssl-0.9.8o
Debian Linux
kernel-2.6.32
Intel Core i7
2.60GHz
Intel Core i7
1.80GHz
4 GB
2 GB
Broadcom
BCM43xx 1.0
(5.106.98.100.17)
Scheme
[3]
Proposed
Scheme
TABLE III.
C OMPARISON OF COMPUTATION TIME OF K EYGEN , S IGN ,
V ERIFY AND O PEN ALGORITHMS IN THE GATEWAY NODE AND DATA
CENTER .
Time
of
KeyGen
Sign
Verify
Open
TABLE IV.
85.139
155.378
214.531
6.420
11.295
38.719
42.792
1.505
Time of
Sign
Verify
Open
58.382
62.838
1.565
51.998
54.701
1.525
ACKNOWLEDGMENT
C ONCLUSION
54