Upload
adair
View
47
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Practical Affiliation-Hiding Authentication from Improved Polynomial Interpolation. Mark Manulis , Bertram Poettering ASIACCS ‘11 Proceedings of the 6 th ACM Symposium on Information, Computer and Communications Security, March 2011, Pages 286-295, Citation: 4 Presenter: 方竣民 - PowerPoint PPT Presentation
Citation preview
1
Practical Affiliation-Hiding Authentication from Improved Polynomial Interpolation
Mark Manulis, Bertram PoetteringASIACCS ‘11 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security,
March 2011, Pages 286-295, Citation: 4Presenter: 方竣民Date: 2012/12/03
2
Outline
• Introduction• Initial Technique• Polynomial Interpolation• Optimized Multi-Group AH Protocol• Analysis• Conclusion
3
Outline
• Introduction• Initial Technique• Polynomial Interpolation• Optimized Multi-Group AH Protocol• Analysis• Conclusion
4
Introduction
• Affiliation-hiding (AH) protocols are valuable for hiding identities of communicating users behind their membership of groups.
• Improvements advance the area of efficient polynomial interpolation in finite fields.
5
Introduction
You will see :• Implementing polynomial interpolation by lots
of mathematical ways and their pseudocode.
• One optimized multi-group Affiliation-hiding protocol.
6
Outline
• Introduction• Initial Technique• Polynomial Interpolation• Optimized Multi-Group AH Protocol• Analysis• Conclusion
7
Index-Hiding Message Encoding
Indices , messagesTwo algorithms iEncode and iDecode
8
Multi-Group AH Protocol
• GA creates public key (n,e,g)– n is the RSA modulus– e the public exponent– g a generator of a large subgroup of
• GA keeps private key d• Membership credential cred = • Pseudonym id• , is random exponent
t is used to generate session key.
9
Outline
• Introduction• Initial Technique• Polynomial Interpolation• Optimized Multi-Group AH Protocol• Analysis• Conclusion
10
Interpolation Without Precomputation
• As Algorithm1, it has quadratic running time
• Algo1 already solves the problem of polynomial interpolation in reasonable time.
11
Algorithm1 Polynomial Interpolation
12
Interpolation Without Precomputation
• Most divisions can be replaced by multiplications, e.g.
• It is solved by algorithm2 with performance:
• But, algorithm2 needs extra storage for n-1 variables
13
Algorithm2 Interpolation with Deferred Inversion
14
Interpolation With Precomputation
• In some occasions polynomial interpolations have to be computed many times in succession.
15
Algorithm3 Interpolation after Precomputiation
16
Compare Algo2 and Algo3
• Device: Intel XEON 2.66GHz.• Using gcrypt library.
Algorithm2
Algorithm3
17
Within/Without Precomputation
18
Interleaved IHME
• These fields may become rather large, e.g. .
• IHME’s running time is still ,so it will be very slow.
19
Interleaved IHME
For instance, an IHME setting with andCould split all messages into 8 chunks
Each of length We get new field
• The gain in efficiency might be superlinear.
20
V-fold IHME
=> => is a prime, is a nature number. index space message space
21
Comparison v-fold/IHME by Algo2,3
80*14=1120
22
Outline
• Introduction• Initial Technique• Polynomial Interpolation• Optimized Multi-Group AH Protocol• Analysis• Conclusion
23
Group Initialization Phase
• Performance in this phase is not very important, because it is only executing once.
• They improve on storage size of group parameters.
24
Group Initialization Phase
• A safe prime is a prime number such that ,where is a prime as well.
25
Implementing CreateGroup
26
User Registration Phase
• By altering the generation of user credentials to:
cred = with
27
Implementing Adduser
28
Multi-Group Handshake Protocol
• Users have a set•
• at least; in first-round messages are encoded over a much small field of elements
29
Multi-Group Handshake Protocol
• In second-round, the per-group key confirmation messages are of length
• Where bits would suffice.
• It mades the field size to be elements.
30
Multi-Group Handshake ProtocolPart1
31
Multi-Group Handshake ProtocolPart2
32
Multi-Group Handshake ProtocolPart3
33
Outline
• Introduction• Initial Technique• Polynomial Interpolation• Optimized Multi-Group AH Protocol• Analysis• Conclusion
34
Analysis
Symmetric Key Size Asymmetric Key Size
Is it possible < ?
35
Outline
• Introduction• Initial Technique• Polynomial Interpolation• Optimized Multi-Group AH Protocol• Analysis• Conclusion
36
Conclusion
• They heavily modified the group management and handshake algorihms to achieve considerably better performance.
• It showed that AH authentication in the multi-group setting, and provided appropriate performance measurements .