50355471 2signcryption Complete 3

8/13/2019 50355471 2signcryption Complete 3

1/26

SIGNCRYPTION

Seminar ID: 181

A Technical Seminar Reportsubmitted in partial fulfillment of

the requirements for theDegree of Bachelor of Technology

Under Biju Patnaik Uniersity of Technology

By

Kishore Chandra Sahoo Roll # IT200710098

!ebruary" #$%%

Under the guidance of

Mrs. Sasmita Padh


2/26

!"TI!"$ I!STIT%T& ' SCI&!C& ( T&C)!$*+Pal,r )ills- erham/,r- rissa 71008- India

"STR"CT

Signcryption is a new cryptographic primitive which simultaneously provides both

confidentiality and authenticity. Previously, these two goals had been considered

separately, with encryption schemes providing confidentiality and signature schemes

providing authenticity. In cases where both were required, the encryption and

signature operations were simply sequentially composed.

In 1997, heng demonstrated that by combining both goals into a single primitive, it

is possible to achieve significant savings both in computational and communication

overhead. Since then, a wide variety of signcryption schemes have been proposed.

Signcryption is a new cryptographic primitive, which simultaneously provides both

confidentiality and authenticity. Previously, these two goals had been considered

separately, with encryption scheme provide confidentiality and digital signature

provides authenticity. In cases where both required, the encryption operations and

digital signature operations were simply sequentially composed. In 199!, heng

demonstrated that by combining both goals into a single primitive it is possible to

achieve significant savings both in computational and communication overhead. Since

a wide variety of signcryption schemes have been proposed. In this seminar we

discuss one algorithm for signcryption and advantages and disadvantages of

signcryption.

ii


3/26


4/26

T"$& ' C!T&!TS

AS!RAC! ...................................... ii

ACKNO"#ED$EMEN! ............................................................................................ i

!A#E O% CON!EN!S ............................................................................................ ii

#IS! O% %I$&RES .................................................................................................... i'

(. IN!ROD&C!ION ....................................................................................................)

1.1. )hy Signcryption* ..............................................................................................+

1.1.1 $ased on discrete algorithm problem, ..........................................................+

1.1. -sing S/ cryptosystem ..............................................................................+

*. SI$NCR+P!ION , HO" I! "ORKS .................................................................-.1 $asic /rchitecture ................................................................................................!

. Steps involved in -nsigncrypting a message ..................................................... 10

. SI$NCR+P!ION %ROM !RAPDOOR PERM&!A!ION .............................. (*

.1 %rapdoor Permutation 2amilies ..........................................................................1

.1.1 Synta3 ..........................................................................................................1

.1. Security ........................................................................................................1

. 4ryptography from %rapdoor Permutations ....................................................... 1

..1 &rawbac#s ................................................................................................... 15

.. /dvantage ....................................................................................................16

/. %EA!&RES AND SEC&RI!+ ASPEC!S O% SI$NCR+P!ION .............. .....(0

5.1 2eatures .............................................................................................................. 1+

5.1.1 -nique -nsigncryptability ......................................................................... 1+

5.1. Security .......................................................................................................1+

5.1. fficiency .................................................................................................... 1+

5. Security .............................................................................................................. 1+

5..1 -nforgeability ............................................................................................ 1+

5.. 4onfidentiality .............................................................................................17

5. 4omparisons ....................................................................................................... 17

). AD1AN!A$ES AND DISAD1AN!A$ES O% DI$I!A# SI$NCR+P!ION (2

6.1 /dvantages ......................................................................................................... 1!

6.1.1 8ow computational cost .............................................................................. 1!

6.1. (igher security ............................................................................................ 1!

ii


5/26

6.1. essage ecovery .......................................................................................19

6. &isadvantages .....................................................................................................0

0. POSSI#E APP#ICA!IONS O% DI$I!A# SI$NCR+P!ION ...................... *(

+.1 8 Signcryption and its application in )%8S (andsha#e Protocol .................1

+. -sing Signcryption in unforgeable #ey establishment over /% 'etwor#s .. ..

-. CONC#&SION ....................................................................................................... *

RE%ERENCES ........................................................................................................... */

iii


6/26

$IST ' 'I*%R&S

%igure *.( Sign3ry4tion 5 generating 6( and 6*........................................................2

%igure *.*7 Sign3ry4tion 5 generating 3om4onents 3 and r......................................8

%igure *.7 Sign3ry4tion 5 generating 3om4onent s..................................................8

%igure *./7 &nsign3ry4tion5 generating 3om4onent 6............................................(9

%igure *.)7 &nsign3ry4tion , o:taining the message m..........................................(9

%igure *.07 &nsign3ry4tion , 'erifi3ation of the message m..................................((

%igure ).(7 Se3urity of Com:ination of Algorithms...............................................(8

%igure ).*7 Disad'antage of Sign3ry4tion................................................................*9

%igure -.(7 %uture S3enario of Sign3ry4tion...........................................................*

i3


7/26

SIGNCRYPTION

1. I!TRD%CTI!

In order to send a confidential letter in a way that it cannot be forged, it has been a

common practice for the sender of the letter to sign it, put it in an envelope and thenseal it before handing it over to be delivered.

&iscovering Public #ey cryptography has made communication between people who

have never met before over an open and insecure networ#, in a secure and

authenticated way possible. $efore sending a message, the sender has to do the

following:

Sign it using a &igital Signature ;&S< scheme ncrypt the message and the signature using a private #ey encryption

algorithm under randomly chosen message encryption #ey

ncrypt the random message encryption #ey using the receiver=s public #ey

Send the message following steps 1 to .

%his approach is #nows as signature>then>encryption. %he main disadvantage of this

approach is that, digitally signing a message and then encrypting it, consumes moremachine cycles and bloats the message by introducing e3tended bits to it. (ence,

decrypting and verifying the message at the receiver=s end, a lot of computational

power is used up.

%hus you can say that the cost of delivering a message using signing>then>encryption

is in effect the sum of the costs of both digital signatures and public #ey encryption.

Signcryption is a new paradigm in public #ey cryptography that simultaneously fulfils

both the functions of digital signature and public #ey encryption in a logically single

step, and with a cost significantly lower than that required by the traditional signature

followed by encryption.

4


8/26

SIGNCRYPTION

1.1. Why Signcryption?

1.1.1 Based on discrete algorith pro!le"

Signcryption costs 6!? less in average computation time and 70? less in messagee3pansion than does signature then encryption.

1.1.# $sing RS% cryptosyste

It costs on average 60? less in computation time and 91? less in message e3pansion

than signature>then>encryption does.


9/26

SIGNCRYPTION

2. SI*!CR+PTI! ) IT RKS

Signcryption can be defined as a combination of two schemes@ one of digital

signatures and the other of public #ey encryption. Ane can implement Signcryption byusing l Bamal=s shortened digital signature scheme, Schnorr=s signature scheme or

any other digital signature schemes in conCunction with a public #ey encryption

scheme li#e &S, &S or SP&. %his choice would be made based on the level of

security desired by the users. (ere we present the implementation of Signcryption

using lBamal=s shortened signature scheme and a public #ey encryption algorithm

denoted by and &;ncryption and &ecryption algorithms


10/26

SIGNCRYPTION

#.1 Basic %rchitect&re

)e are ta#ing an e3ample in which /lice is sender and bob is receiver. So /lice is

having a message m, which wants to send to bob in an unsecured channel, hence he

uses signcryption mechanism to send the message to bob so that message would

remain safe. So below steps are discussed which are involved in Signcrypting the

message.

'ig&re #.1 Signcryption ( generating )1 and )#

1. /lice chooses a value 3 from the large range 1,F,q>1

. She then uses $ob=s public #ey and the value 3 and computes the hash of it. %his will

give her a 1!>bit string. H hash ;yb3 mod pbit value H into two +5>bit halves. )e can name them as #1

and # and refer to them as the #ey pair.

5. 'e3t, /lice encrypts the message m using a public #ey encryption scheme with the

#ey #1. %his will give her the cipher te3t c. 3 #1 ;mway #eyed hash function H( to get a hash of the

message m. %his will give her a 1!>bit hash, which we will call r. %his process uses

the S&SS /lgorithm. r H( # ;m

N D/ny &igital Signature /lgorithm

V D /ny ncryption /lgorithm

N= D %otal 'umber of Signature /lgorithms #nown

V= D %otal 'umber of ncryption /lgorithms #nown

%herefore the combination of the schemes N and V would give you the

Signcryption scheme S. S N - V

18


21/26

SIGNCRYPTION

'ig&re .1* Sec&rity o Co!ination o %lgoriths

If you consider the fact that both N and V involve comple3 mathematical functions, it

is only logical to assume that S, which is a combination of both N and V will involve

the combination of the comple3ities of both N and V and thus be more comple3. ore

the comple3ity, more the harder it is for cryptanalysis. /nother point to be noted here

is that N, the digital signature algorithm, can be chosen from a large range of e3isting

digital signature algorithms, N=. Similarly the encryption algorithm for V can be

chosen from any encryption algorithm li#e &S, &S, etc from the range V=. %hus

the Signcryption algorithm can be implemented using any of the values in N= and V=.

%his would ma#e it very difficult for a cryptanalyst to figure out which

implementation was used in the Signcrypting algorithm. $asically he would have N= 3

V= W N= X V= i.e. the cryptanalyst would have to decide between the number of total

digital signature algorithms times the number of encryption algorithms, which is

greater or equal to either the number of N= or V=.

.1.+ 9essage Reco,ery

4onsider the following scenario: /lice signs and encrypts a message and sends it to

$ob. / while later, she wants to use the contents of the message again. %o satisfy

/liceYs requirement, her electronic mail system has to store some data related to the

message sent. /nd depending on cryptographic algorithms used, /liceYs electronic

mail system may either Z #eep a copy of the signed and encrypted message as

evidence of transmission, or Z in addition to the above copy, #eep a copy of the

19


22/26


23/26

SIGNCRYPTION

. PSSI$& "PP$IC"TI!S ' DI*IT"$SI*!CR+PTI!

0.1 79 Signcryption and its application in WT7S8andsha)e Protocol

%he mobile telecommunications business is booming. %iny digital telephones and

slee# poc#etsi"e P&/s ;personal digital assistants< are now more than Cust fashion

accessories. %he ability to connect to the Internet is a maCor feature that attracts

people to them. It means that mobile communication devices and client mobile

devices are now ready to access the )eb. %his scenario has given rise to a big

question in the minds of users, is it secure* /ccordingly, operators and manufactures

have responded by establishing the )/P ;)ireless /pplication Protocol< forum.

%he )/P forum has already developed )%8S ;)ireless %ransport 8ayer Securitythenencryption. %he

other is vice>versa, called encryption>then>signature. 4urrently, the )%8S handsha#e

protocol is used for secure communication through mobile devices. %his handsha#e

uses /H/ protocol with an end>to>end connection. In handsha#e message flow, user

certificate is sent to the recipient without encryption or another cryptographic scheme.

In this scenario an attac#er can get the certificate by eavesdropping on the

transmission interface and can figure out user information from the certificate. %his

can provide the attac#er with the userYs location and activity.

If Signcryption is used to send messages with mobile devices it will rectify this gap

by providing stronger security. $y the use of Signcryption, bandwidth use can be

reduced and computational load can be decreased without compromising on thesecurity of the message.

21


24/26

SIGNCRYPTION

0.# $sing Signcryption in &norgea!le )eyesta!lishent o,er %T9 Net4or)s

%he asynchronous transfer mode ;/%< is a high speed networ#ing technique for

public networ#s capable of supporting many classes of traffic.

It is essentially a pac#et>switching technique that uses short fi3ed length pac#ets

called cells. 2i3ed length cells simplify the design of an /% switch at the high

switching speeds involved. %he selection of a short fi3ed length cell reduces the

delay. /% is capable of supporting a wide range of traffic types such as voice,

video, image and various data traffic.

In /% networ#s data pac#ets are typically 6 bytes. Anly 5! bytes out of 6 bytes in

an /% cell can be used for transmitting data, as the remaining 6 bytes are reserved

for storing control information. %hus transmitting encryption #ey materials of more

than !5 bits ;5! bytes< over an /% networ# would require two or more /% cells.

In a fast networ# such as /%, if data pac#ets are divided then there could be

considerable delay due to pac#eti"ation, buffering and reassembling data units.

So, the need of the hour is to design an authenticated #ey establishment protocol that

does not rely on a #ey distribution system,

has low resource requirements,

message is as short as possible and

offers unforgeability and non>repudiation.

In such a scenario, Signcryption or a modified usage of Signcryption can solve the

problem by minimi"ing message si"e as well as ensuring unforgeability and

nonrepudiation. 3tensive research is going on in use of Signcryption in #ey

establishment over /% networ#s. It is e3pected that within a few years it will

actually be implemented.

22


25/26

SIGNCRYPTION

7. C!C$%SI!

Signcryption is a very novel idea that, if implemented in the right way, can be very

useful.

'ig&re :.1* '&t&re Scenario o Signcryption

In life, it is human nature to try and do two things at once, or to ]#ill two birds in one

stone=. (umans do this to ma#e shortcuts, save on time and resources. Is this best

approach to do things* In terms of computer security, li#e we e3plained before, we

believe that by combining two comple3 mathematical functions, you will increase the

comple3ity and in turn increase security. Signcryption still has a long way to go

before it can be implemented effectively and research is still going on in various parts

of the world to try to come up with a much more effective way of implementing this.

25


26/26

SIGNCRYPTION

R&'&R&!C&S

E1G ^http:KKwww.signcryption.orgKintroductionK

EG ^http:KKcoitweb.uncc.eduK_y"hengKpublicationsKEG ^http:KKwww.uow.edu.auK_guilinKbibleKsigncryption.htm

E5G http:KKportal.acm.orgKcitation.cfm*id1+!05.1+5!!0

E6G /le3 &ent and Vuliang heng: Practical Signcryption, a volume in

Information Security and 4ryptography, Springer>Xerlag, $erlin,

E+G )enbo ao, odern 4ryptography: %heory and Practice, Prentice (all P%.

E7G Jee(ea/n, Vevgeniy &odis ,and %alabin. An the security of Coint signature

and encryption. In 8..Hnudsen, editor, Proc.ofurocrypt=0, volume of8'4S, pages!D107. Springer>Xerlag,00. -pdated versionavailableat:

http:KKtheory.lcs.mit.eduKyevgenKpsKsigncrypt.
http://www.uow.edu.au/~guilin/bible/signcryption.htmhttp://portal.acm.org/citation.cfm?id=1633804.1634880http://www.springer.com/computer/security+and+cryptology/book/978-3-540-89409-4http://www.springer.de/http://www.uow.edu.au/~guilin/bible/signcryption.htmhttp://portal.acm.org/citation.cfm?id=1633804.1634880http://www.springer.com/computer/security+and+cryptology/book/978-3-540-89409-4http://www.springer.de/

Documents

50355471 2signcryption Complete 3