Upload
reshma-begam
View
220
Download
0
Embed Size (px)
Citation preview
8/13/2019 50355471 2signcryption Complete 3
1/26
SIGNCRYPTION
Seminar ID: 181
A Technical Seminar Reportsubmitted in partial fulfillment of
the requirements for theDegree of Bachelor of Technology
Under Biju Patnaik Uniersity of Technology
By
Kishore Chandra Sahoo Roll # IT200710098
!ebruary" #$%%
Under the guidance of
Mrs. Sasmita Padh
8/13/2019 50355471 2signcryption Complete 3
2/26
!"TI!"$ I!STIT%T& ' SCI&!C& ( T&C)!$*+Pal,r )ills- erham/,r- rissa 71008- India
"STR"CT
Signcryption is a new cryptographic primitive which simultaneously provides both
confidentiality and authenticity. Previously, these two goals had been considered
separately, with encryption schemes providing confidentiality and signature schemes
providing authenticity. In cases where both were required, the encryption and
signature operations were simply sequentially composed.
In 1997, heng demonstrated that by combining both goals into a single primitive, it
is possible to achieve significant savings both in computational and communication
overhead. Since then, a wide variety of signcryption schemes have been proposed.
Signcryption is a new cryptographic primitive, which simultaneously provides both
confidentiality and authenticity. Previously, these two goals had been considered
separately, with encryption scheme provide confidentiality and digital signature
provides authenticity. In cases where both required, the encryption operations and
digital signature operations were simply sequentially composed. In 199!, heng
demonstrated that by combining both goals into a single primitive it is possible to
achieve significant savings both in computational and communication overhead. Since
a wide variety of signcryption schemes have been proposed. In this seminar we
discuss one algorithm for signcryption and advantages and disadvantages of
signcryption.
ii
8/13/2019 50355471 2signcryption Complete 3
3/26
8/13/2019 50355471 2signcryption Complete 3
4/26
T"$& ' C!T&!TS
AS!RAC! ...................................... ii
ACKNO"#ED$EMEN! ............................................................................................ i
!A#E O% CON!EN!S ............................................................................................ ii
#IS! O% %I$&RES .................................................................................................... i'
(. IN!ROD&C!ION ....................................................................................................)
1.1. )hy Signcryption* ..............................................................................................+
1.1.1 $ased on discrete algorithm problem, ..........................................................+
1.1. -sing S/ cryptosystem ..............................................................................+
*. SI$NCR+P!ION , HO" I! "ORKS .................................................................-.1 $asic /rchitecture ................................................................................................!
. Steps involved in -nsigncrypting a message ..................................................... 10
. SI$NCR+P!ION %ROM !RAPDOOR PERM&!A!ION .............................. (*
.1 %rapdoor Permutation 2amilies ..........................................................................1
.1.1 Synta3 ..........................................................................................................1
.1. Security ........................................................................................................1
. 4ryptography from %rapdoor Permutations ....................................................... 1
..1 &rawbac#s ................................................................................................... 15
.. /dvantage ....................................................................................................16
/. %EA!&RES AND SEC&RI!+ ASPEC!S O% SI$NCR+P!ION .............. .....(0
5.1 2eatures .............................................................................................................. 1+
5.1.1 -nique -nsigncryptability ......................................................................... 1+
5.1. Security .......................................................................................................1+
5.1. fficiency .................................................................................................... 1+
5. Security .............................................................................................................. 1+
5..1 -nforgeability ............................................................................................ 1+
5.. 4onfidentiality .............................................................................................17
5. 4omparisons ....................................................................................................... 17
). AD1AN!A$ES AND DISAD1AN!A$ES O% DI$I!A# SI$NCR+P!ION (2
6.1 /dvantages ......................................................................................................... 1!
6.1.1 8ow computational cost .............................................................................. 1!
6.1. (igher security ............................................................................................ 1!
ii
8/13/2019 50355471 2signcryption Complete 3
5/26
6.1. essage ecovery .......................................................................................19
6. &isadvantages .....................................................................................................0
0. POSSI#E APP#ICA!IONS O% DI$I!A# SI$NCR+P!ION ...................... *(
+.1 8 Signcryption and its application in )%8S (andsha#e Protocol .................1
+. -sing Signcryption in unforgeable #ey establishment over /% 'etwor#s .. ..
-. CONC#&SION ....................................................................................................... *
RE%ERENCES ........................................................................................................... */
iii
8/13/2019 50355471 2signcryption Complete 3
6/26
$IST ' 'I*%R&S
%igure *.( Sign3ry4tion 5 generating 6( and 6*........................................................2
%igure *.*7 Sign3ry4tion 5 generating 3om4onents 3 and r......................................8
%igure *.7 Sign3ry4tion 5 generating 3om4onent s..................................................8
%igure *./7 &nsign3ry4tion5 generating 3om4onent 6............................................(9
%igure *.)7 &nsign3ry4tion , o:taining the message m..........................................(9
%igure *.07 &nsign3ry4tion , 'erifi3ation of the message m..................................((
%igure ).(7 Se3urity of Com:ination of Algorithms...............................................(8
%igure ).*7 Disad'antage of Sign3ry4tion................................................................*9
%igure -.(7 %uture S3enario of Sign3ry4tion...........................................................*
i3
8/13/2019 50355471 2signcryption Complete 3
7/26
SIGNCRYPTION
1. I!TRD%CTI!
In order to send a confidential letter in a way that it cannot be forged, it has been a
common practice for the sender of the letter to sign it, put it in an envelope and thenseal it before handing it over to be delivered.
&iscovering Public #ey cryptography has made communication between people who
have never met before over an open and insecure networ#, in a secure and
authenticated way possible. $efore sending a message, the sender has to do the
following:
Sign it using a &igital Signature ;&S< scheme ncrypt the message and the signature using a private #ey encryption
algorithm under randomly chosen message encryption #ey
ncrypt the random message encryption #ey using the receiver=s public #ey
Send the message following steps 1 to .
%his approach is #nows as signature>then>encryption. %he main disadvantage of this
approach is that, digitally signing a message and then encrypting it, consumes moremachine cycles and bloats the message by introducing e3tended bits to it. (ence,
decrypting and verifying the message at the receiver=s end, a lot of computational
power is used up.
%hus you can say that the cost of delivering a message using signing>then>encryption
is in effect the sum of the costs of both digital signatures and public #ey encryption.
Signcryption is a new paradigm in public #ey cryptography that simultaneously fulfils
both the functions of digital signature and public #ey encryption in a logically single
step, and with a cost significantly lower than that required by the traditional signature
followed by encryption.
4
8/13/2019 50355471 2signcryption Complete 3
8/26
SIGNCRYPTION
1.1. Why Signcryption?
1.1.1 Based on discrete algorith pro!le"
Signcryption costs 6!? less in average computation time and 70? less in messagee3pansion than does signature then encryption.
1.1.# $sing RS% cryptosyste
It costs on average 60? less in computation time and 91? less in message e3pansion
than signature>then>encryption does.
8/13/2019 50355471 2signcryption Complete 3
9/26
SIGNCRYPTION
2. SI*!CR+PTI! ) IT RKS
Signcryption can be defined as a combination of two schemes@ one of digital
signatures and the other of public #ey encryption. Ane can implement Signcryption byusing l Bamal=s shortened digital signature scheme, Schnorr=s signature scheme or
any other digital signature schemes in conCunction with a public #ey encryption
scheme li#e &S, &S or SP&. %his choice would be made based on the level of
security desired by the users. (ere we present the implementation of Signcryption
using lBamal=s shortened signature scheme and a public #ey encryption algorithm
denoted by and &;ncryption and &ecryption algorithms
8/13/2019 50355471 2signcryption Complete 3
10/26
SIGNCRYPTION
#.1 Basic %rchitect&re
)e are ta#ing an e3ample in which /lice is sender and bob is receiver. So /lice is
having a message m, which wants to send to bob in an unsecured channel, hence he
uses signcryption mechanism to send the message to bob so that message would
remain safe. So below steps are discussed which are involved in Signcrypting the
message.
'ig&re #.1 Signcryption ( generating )1 and )#
1. /lice chooses a value 3 from the large range 1,F,q>1
. She then uses $ob=s public #ey and the value 3 and computes the hash of it. %his will
give her a 1!>bit string. H hash ;yb3 mod pbit value H into two +5>bit halves. )e can name them as #1
and # and refer to them as the #ey pair.
5. 'e3t, /lice encrypts the message m using a public #ey encryption scheme with the
#ey #1. %his will give her the cipher te3t c. 3 #1 ;mway #eyed hash function H( to get a hash of the
message m. %his will give her a 1!>bit hash, which we will call r. %his process uses
the S&SS /lgorithm. r H( # ;m
N D/ny &igital Signature /lgorithm
V D /ny ncryption /lgorithm
N= D %otal 'umber of Signature /lgorithms #nown
V= D %otal 'umber of ncryption /lgorithms #nown
%herefore the combination of the schemes N and V would give you the
Signcryption scheme S. S N - V
18
8/13/2019 50355471 2signcryption Complete 3
21/26
SIGNCRYPTION
'ig&re .1* Sec&rity o Co!ination o %lgoriths
If you consider the fact that both N and V involve comple3 mathematical functions, it
is only logical to assume that S, which is a combination of both N and V will involve
the combination of the comple3ities of both N and V and thus be more comple3. ore
the comple3ity, more the harder it is for cryptanalysis. /nother point to be noted here
is that N, the digital signature algorithm, can be chosen from a large range of e3isting
digital signature algorithms, N=. Similarly the encryption algorithm for V can be
chosen from any encryption algorithm li#e &S, &S, etc from the range V=. %hus
the Signcryption algorithm can be implemented using any of the values in N= and V=.
%his would ma#e it very difficult for a cryptanalyst to figure out which
implementation was used in the Signcrypting algorithm. $asically he would have N= 3
V= W N= X V= i.e. the cryptanalyst would have to decide between the number of total
digital signature algorithms times the number of encryption algorithms, which is
greater or equal to either the number of N= or V=.
.1.+ 9essage Reco,ery
4onsider the following scenario: /lice signs and encrypts a message and sends it to
$ob. / while later, she wants to use the contents of the message again. %o satisfy
/liceYs requirement, her electronic mail system has to store some data related to the
message sent. /nd depending on cryptographic algorithms used, /liceYs electronic
mail system may either Z #eep a copy of the signed and encrypted message as
evidence of transmission, or Z in addition to the above copy, #eep a copy of the
19
8/13/2019 50355471 2signcryption Complete 3
22/26
8/13/2019 50355471 2signcryption Complete 3
23/26
SIGNCRYPTION
. PSSI$& "PP$IC"TI!S ' DI*IT"$SI*!CR+PTI!
0.1 79 Signcryption and its application in WT7S8andsha)e Protocol
%he mobile telecommunications business is booming. %iny digital telephones and
slee# poc#etsi"e P&/s ;personal digital assistants< are now more than Cust fashion
accessories. %he ability to connect to the Internet is a maCor feature that attracts
people to them. It means that mobile communication devices and client mobile
devices are now ready to access the )eb. %his scenario has given rise to a big
question in the minds of users, is it secure* /ccordingly, operators and manufactures
have responded by establishing the )/P ;)ireless /pplication Protocol< forum.
%he )/P forum has already developed )%8S ;)ireless %ransport 8ayer Securitythenencryption. %he
other is vice>versa, called encryption>then>signature. 4urrently, the )%8S handsha#e
protocol is used for secure communication through mobile devices. %his handsha#e
uses /H/ protocol with an end>to>end connection. In handsha#e message flow, user
certificate is sent to the recipient without encryption or another cryptographic scheme.
In this scenario an attac#er can get the certificate by eavesdropping on the
transmission interface and can figure out user information from the certificate. %his
can provide the attac#er with the userYs location and activity.
If Signcryption is used to send messages with mobile devices it will rectify this gap
by providing stronger security. $y the use of Signcryption, bandwidth use can be
reduced and computational load can be decreased without compromising on thesecurity of the message.
21
8/13/2019 50355471 2signcryption Complete 3
24/26
SIGNCRYPTION
0.# $sing Signcryption in &norgea!le )eyesta!lishent o,er %T9 Net4or)s
%he asynchronous transfer mode ;/%< is a high speed networ#ing technique for
public networ#s capable of supporting many classes of traffic.
It is essentially a pac#et>switching technique that uses short fi3ed length pac#ets
called cells. 2i3ed length cells simplify the design of an /% switch at the high
switching speeds involved. %he selection of a short fi3ed length cell reduces the
delay. /% is capable of supporting a wide range of traffic types such as voice,
video, image and various data traffic.
In /% networ#s data pac#ets are typically 6 bytes. Anly 5! bytes out of 6 bytes in
an /% cell can be used for transmitting data, as the remaining 6 bytes are reserved
for storing control information. %hus transmitting encryption #ey materials of more
than !5 bits ;5! bytes< over an /% networ# would require two or more /% cells.
In a fast networ# such as /%, if data pac#ets are divided then there could be
considerable delay due to pac#eti"ation, buffering and reassembling data units.
So, the need of the hour is to design an authenticated #ey establishment protocol that
does not rely on a #ey distribution system,
has low resource requirements,
message is as short as possible and
offers unforgeability and non>repudiation.
In such a scenario, Signcryption or a modified usage of Signcryption can solve the
problem by minimi"ing message si"e as well as ensuring unforgeability and
nonrepudiation. 3tensive research is going on in use of Signcryption in #ey
establishment over /% networ#s. It is e3pected that within a few years it will
actually be implemented.
22
8/13/2019 50355471 2signcryption Complete 3
25/26
SIGNCRYPTION
7. C!C$%SI!
Signcryption is a very novel idea that, if implemented in the right way, can be very
useful.
'ig&re :.1* '&t&re Scenario o Signcryption
In life, it is human nature to try and do two things at once, or to ]#ill two birds in one
stone=. (umans do this to ma#e shortcuts, save on time and resources. Is this best
approach to do things* In terms of computer security, li#e we e3plained before, we
believe that by combining two comple3 mathematical functions, you will increase the
comple3ity and in turn increase security. Signcryption still has a long way to go
before it can be implemented effectively and research is still going on in various parts
of the world to try to come up with a much more effective way of implementing this.
25
8/13/2019 50355471 2signcryption Complete 3
26/26
SIGNCRYPTION
R&'&R&!C&S
E1G ^http:KKwww.signcryption.orgKintroductionK
EG ^http:KKcoitweb.uncc.eduK_y"hengKpublicationsKEG ^http:KKwww.uow.edu.auK_guilinKbibleKsigncryption.htm
E5G http:KKportal.acm.orgKcitation.cfm*id1+!05.1+5!!0
E6G /le3 &ent and Vuliang heng: Practical Signcryption, a volume in
Information Security and 4ryptography, Springer>Xerlag, $erlin,
E+G )enbo ao, odern 4ryptography: %heory and Practice, Prentice (all P%.
E7G Jee(ea/n, Vevgeniy &odis ,and %alabin. An the security of Coint signature
and encryption. In 8..Hnudsen, editor, Proc.ofurocrypt=0, volume of8'4S, pages!D107. Springer>Xerlag,00. -pdated versionavailableat:
http:KKtheory.lcs.mit.eduKyevgenKpsKsigncrypt.
http://www.uow.edu.au/~guilin/bible/signcryption.htmhttp://portal.acm.org/citation.cfm?id=1633804.1634880http://www.springer.com/computer/security+and+cryptology/book/978-3-540-89409-4http://www.springer.de/http://www.uow.edu.au/~guilin/bible/signcryption.htmhttp://portal.acm.org/citation.cfm?id=1633804.1634880http://www.springer.com/computer/security+and+cryptology/book/978-3-540-89409-4http://www.springer.de/