An RSA-based (t, n) threshold proxy signature scheme with freewill identities



Similar documents
Authenticated Encryption. Jeremy, Paul, Ken, and Mike

A Secure Nonrepudiable Threshold Proxy Signature Scheme with Known Signers

Improved PKC Provably Secure against Chosen Cipher text Attack

Protecting E-Commerce Systems From Online Fraud

5 2 index. e e. Prime numbers. Prime factors and factor trees. Powers. worked example 10. base. power

A Secure Password-Authenticated Key Agreement Using Smart Cards

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

Non-Linear and Unbalanced Three-Phase Load Static Compensation with Asymmetrical and Non Sinusoidal Supply

Term Structure of Interest Rates: The Theories

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

B April 21, The Honorable Charles B. Rangel Ranking Minority Member Committee on Ways and Means House of Representatives

QUANTITATIVE METHODS CLASSES WEEK SEVEN

An Evaluation of the Extended Logistic, Simple Logistic, and Gompertz Models for Forecasting Short Lifecycle Products and Services

Sun Synchronous Orbits for the Earth Solar Power Satellite System

Online Load Balancing and Correlated Randomness

The example is taken from Sect. 1.2 of Vol. 1 of the CPN book.

Adverse Selection and Moral Hazard in a Model With 2 States of the World

Entity-Relationship Model

Reputation Management for DHT-based Collaborative Environments *

Econ 371: Answer Key for Problem Set 1 (Chapter 12-13)

FACULTY SALARIES FALL NKU CUPA Data Compared To Published National Data

is knowing the car market inside out.

5.4 Exponential Functions: Differentiation and Integration TOOTLIFTST:

Part 2 - Notes on how to complete your application form

ERLANG C FORMULA AND ITS USE IN THE CALL CENTERS

An Efficient Recovery Algorithm for Coverage Hole in WSNs

DEGREES OF EQUIVALENCE IN A KEY COMPARISON 1 Thang H. L., Nguyen D. D. Vietnam Metrology Institute, Address: 8 Hoang Quoc Viet, Hanoi, Vietnam

A Note on Approximating. the Normal Distribution Function

Modern Portfolio Theory (MPT) Statistics

Category 7: Employee Commuting

Tax Collection, Transfers, and Corruption: the Russian Federation at the Crossroads 1)

VOL. 25, NÚM. 54, EDICIÓN JUNIO 2007 PP

Constrained Renewable Resource Allocation in Fuzzy Metagraphs via Min- Slack

The influence of advertising on the purchase of pharmaceutical products

Rural and Remote Broadband Access: Issues and Solutions in Australia

An Broad outline of Redundant Array of Inexpensive Disks Shaifali Shrivastava 1 Department of Computer Science and Engineering AITR, Indore

Logo Design/Development 1-on-1

Sharp bounds for Sándor mean in terms of arithmetic, geometric and harmonic means

Data Encryption and Decryption Using RSA Algorithm in a Network Environment

CPS 220 Theory of Computation REGULAR LANGUAGES. Regular expressions

Sci.Int.(Lahore),26(1), ,2014 ISSN ; CODEN: SINTE 8 131

Managing the Outsourcing of Two-Level Service Processes: Literature Review and Integration

No 28 Xianning West Road, Xi an No 70 Yuhua East Road, Shijiazhuang.

Who uses our services? We have a growing customer base. with institutions all around the globe.

Hardware Modules of the RSA Algorithm

Use a high-level conceptual data model (ER Model). Identify objects of interest (entities) and relationships between these objects

Buffer Management Method for Multiple Projects in the CCPM-MPL Representation

Life Analysis for the Main bearing of Aircraft Engines

C H A P T E R 1 Writing Reports with SAS

Trivial lump sum R5.0

A Probabilistic Approach to Latent Cluster Analysis

Planning and Managing Copper Cable Maintenance through Cost- Benefit Modeling

A Secure Web Services for Location Based Services in Wireless Networks*

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network

Mininum Vertex Cover in Generalized Random Graphs with Power Law Degree Distribution

A Generalized Temporal and Spatial Role-Based Access Control Model

Personalized Web Search by User Interest Hierarchy

A Graph-based Proactive Fault Identification Approach in Computer Networks

A Project Management framework for Software Implementation Planning and Management

Can Auto Liability Insurance Purchases Signal Risk Attitude?

Magic Message Maker Amaze your customers with this Gift of Caring communication piece

An ID-Based Public Key Cryptosystem based on Integer Factoring and Double Discrete Logarithm Problem

Control of Perceived Quality of Service in Multimedia Retrieval Services: Prediction-based mechanism vs. compensation buffers

AP Calculus AB 2008 Scoring Guidelines

Lecture 20: Emitter Follower and Differential Amplifiers

Free ACA SOLUTION (IRS 1094&1095 Reporting)

Application form notes

IBM Healthcare Home Care Monitoring

Taiwan Stock Forecasting with the Genetic Programming

Continuity Cloud Virtual Firewall Guide

Derivation of Humidty and NOx Humidty Correction Factors

How To Write A Recipe Card

The international Internet site of the geoviticulture MCC system Le site Internet international du système CCM géoviticole

Gold versus stock investment: An econometric analysis

LG has introduced the NeON 2, with newly developed Cello Technology which improves performance and reliability. Up to 320W 300W

RSA Cryptography using Designed Processor and MicroBlaze Soft Processor in FPGAs

Electronic Commerce. and. Competitive First-Degree Price Discrimination

Key Management System Framework for Cloud Storage Singa Suparman, Eng Pin Kwang Temasek Polytechnic

Architecture of the proposed standard

ADVERTISEMENT FOR THE POST OF DIRECTOR, lim TIRUCHIRAPPALLI

Operation Transform Formulae for the Generalized. Half Canonical Sine Transform

Section 3: Logistic Regression

EXAMPLE PROBLEMS SOLVED USING THE SHARP EL-733A CALCULATOR

ANALYSIS OF ORDER-UP-TO-LEVEL INVENTORY SYSTEMS WITH COMPOUND POISSON DEMAND

Extending Probabilistic Dynamic Epistemic Logic

Advantageous Selection versus Adverse Selection in Life Insurance Market

Problem Set 6 Solutions

REVIEW ON COMPARATIVE STUDY OF SOFTWARE PROCESS MODEL

Initial inventory levels for a book publishing firm

Keywords Cloud Computing, Service level agreement, cloud provider, business level policies, performance objectives.

Transcription:

Int. J. Informaton an Computr Scurty, Vol. 1, No. 1/2, 27 21 An RSA-bas (t, n) thrshol proxy sgnatur schm wth frwll ntts Ya-Fn Chang Grauat Insttut of Accountng, Natonal Chung Hsng Unvrsty, Tachung 42, Tawan R.O.C. Dpartmnt of Computr Scnc an Informaton Engnrng, Natonal Tachung Insttut of Tchnology, Tachung 44, Tawan, R.O.C. E-mal: cyf@cs.ccu.u.tw Chn-Chn Chang* Dpartmnt of Informaton Engnrng an Computr Scnc, Fng Cha Unvrsty, Tachung, Tawan 4724, R.O.C. Dpartmnt of Computr Scnc an Informaton Engnrng, Natonal Chung Chng Unvrsty, Chay, Tawan 621, R.O.C. Fax: (886)4-2766495 E-mal: ccc@cs.ccu.u.tw *Corrsponng author Abstract: Hwang, Lu an Ln (23) propos a (t, n) thrshol proxy sgnatur schm, bas on th RSA cryptosystm. Latr, Wang t al. (24a) ncat that ths schm was nscur bcaus th orgnal sgnr s prvat ky coul b rv. Morovr, th lgats ntts ha to b chosn carfully. In ths papr, w propos an mprov RSA-bas (t, n) thrshol proxy sgnatur schm, whch wthstans ths scurty flaw an also offrs th convnnc of choosng ntts at wll. Kywors: cryptography; nformaton an computr scurty; proxy sgnatur; RSA; (t, n) thrshol. Rfrnc to ths papr shoul b ma as follows: Chang, Y-F. an Chang, C-C. (27) An RSA-bas (t, n) thrshol proxy sgnatur schm wth frwll ntts, Int. J. Informaton an Computr Scurty, Vol. 1, No. 1/2, pp.21 29. Bographcal nots: Ya-Fn Chang rcv th BS gr n Computr Scnc an Informaton Engnrng from Natonal Chao Tung Unvrsty, Hsnchu, Tawan n 2. Sh rcv hr PhD gr n Computr Scnc an Informaton Engnrng n 25 from Natonal Chung Chng Unvrsty, Chay, Tawan. Snc 26, sh has bn an Assstant Profssor of Natonal Tachung Insttut of Tchnology. Hr currnt rsarch ntrsts nclu lctronc commrc, nformaton scurty, cryptography an mobl communcatons. Copyrght 27 Inrscnc Entrprss Lt.

22 Y-F. Chang an C-C. Chang Chn-Chn Chang rcv th BS gr n Appl Mathmatcs n 1977 an th MS gr n Computr an Dcson Scncs n 1979, both from Natonal Tsng Hua Unvrsty, Hsnchu, Tawan. H rcv hs PhD n Computr Engnrng n 1982 from Natonal Chao Tung Unvrsty, Hsnchu, Tawan. Snc 22, h has bn a Char Profssor of Natonal Chung Chng Unvrsty. Snc 25, h has bn a Char Profssor of Fng Cha Unvrsty. Hs currnt rsarch ntrsts nclu atabas sgn, computr cryptography, mag comprsson an ata structur. Dr. Chang was th char an s th honorary char of th xcutv commtt of th Chns Cryptography an Informaton Scurty Assocaton of th Rpublc of Chna. 1 Introucton Mombo, Usua an Okamoto (1996) propos th concpt of proxy sgnaturs. Ths allow th orgnal sgnr to lgat thr sgnng capacty to anothr, th proxy sgnr. Employng th a of scrt sharng (Shamr, 1979; Prsn, 1991a; Prsn, 1991b; Km, Part an Won, 1997; Zhang, 1997) prsnt th frst thrshol proxy sgnatur schms. In a (t, n) thrshol proxy sgnatur schm, th orgnal sgnr lgats th sgnng capacty to n proxy sgnrs (Huang an Chang 23). If mor than (t 1) proxy sgnrs cooprat, thy can gnrat th val sgnatur on bhalf of th orgnal sgnr, who can st t frly such that 1 t n. Consquntly, th thrshol proxy sgnatur schm s mor practcal, flxbl an scur than th convntonal proxy sgnatur schm. Accorng to Hwang, Lu an Ln (23), th rqurmnts of a practcal an scur (t, n) thrshol proxy sgnatur schm nclu: 1 Scrcy: th orgnal sgnr s prvat ky cannot b rv. 2 Proxy Protcton: no on can gnrat th val partal proxy sgnatur xcpt th sgnat proxy sgnr. 3 Unforgablty: only f t or mor proxy sgnrs cooprat to gnrat a val proxy sgnatur. 4 Non-rpuaton: proxy sgnrs cannot ny sgnng th mssag, nor can th orgnal sgnr ny lgatng th capacty to th proxy sgnrs. 5 Tm Constrant: th proxy sgnng kys can only b us urng th lgaton pro. 6 Known Sgnrs: th actual sgnrs of a gvn thrshol proxy sgnatur can b trmn for an ntrnal aut. Although many thrshol proxy sgnatur schms hav bn propos (Km, Part an Won, 1997; Zhang, 1997; Sun, 1999a; Sun, 1999b; Hwang, Ln an Lu, 2; Hsu, Wu an Wu, 21; Wang t al., 24b), most of thm o not comply wth all of th abov rqurmnts. All of ths schms ar bas on th scrt logarthm cryptosystms (ElGamal, 1985; Schnorr, 1991) bcaus t s ffcult to shar th prvat ky among multpl parts n th RSA cryptosystm (Rvst, Shamr an Alman, 1978).

An RSA-bas (t, n) thrshol proxy sgnatur schm 23 Hwang, Lu an Ln (23) propos a (t, n) thrshol proxy sgnatur schm bas on th RSA cryptosystm. Thy clam that thr schm provs both computaton an communcaton ffcncs. Howvr, th proxy sgnr must choos thr ntty carfully, falng whch th sgnr cannot gnrat th partal proxy sgnatur succssfully. Ths poss a lmtaton on th proxy sgnrs bcaus thy cannot choos thr own ntts at wll. Consquntly, proxy sgnrs may b forc to own a har-tormmbr ntty. Thrfor, f th ntts ar not chosn carfully, th schm wll not work; th ntts may n to b chang to satsfy th crtcal contons of th schm. Ths proprty maks th schm mpractcal. Wang t al. (24a) ncat that Hwang, Lu an Ln (23) s schm s nscur an os not comply wth all of th rqurmnts. Morovr, th orgnal sgnr s prvat ky can b rv whn t proxy sgnrs cooprat. Whn th thrshol t s not vry larg, t s qut angrous, placng a havr burn on choosng th ntts. For ths rasons, w propos an mprov RSA-bas (t, n) thrshol proxy sgnatur schm wth fr-wll ntts. In Scton 2, w rvw Hwang Lu an Ln (23) s (t, n) thrshol proxy sgnatur schm an Wang t al. (24a) s crtqu of t. Our propos schm s prsnt n Scton 3, follow by th scusson n Scton 4. Fnally, som conclusons ar rawn n Scton 5. 2 A rvw of Hwang, Lu an Ln (23) s t-out-of-n proxy sgnatur schm Hwang, Lu an Ln (23) s (t, n) thrshol proxy sgnatur schm conssts of thr phass: proxy sharng, proxy sgnatur ssung an vrfcaton. Th schm s ntat as follows. Lt S not th orgnal sgnr, an S 1, S 2,, S n not n proxy sgnrs. Lt N, whch s ntcal to p *q, b a publc RSA moulus for S, whr p an q ar two scrt larg prms wth =, 1,, n. S owns a prvat ky, a publc ky an th ntty ID, whr gc[, (N )] = 1 an * = 1 mo (N ), Lt w, whch s a warrant mnt by S, nclu mportant nformaton such as th valty pro of th proxy ky, th proxy sgnrs ntts, th orgnal sgnr an so on. T nots th proxy sgnatur group, whr T = {S 1, S 2,, S n }. Lt L ID /( ID ID ), whr L Z, for = 1, 2,, n. 2.1. Th proxy sharng phas S, ST, S lgats th sgnng powr to n popl, S 1, S 2,, S n, as follows: w Stp 1: S computs D mo ( N) an E mo ( N), whr D s th group proxy sgnatur ky an E s th proxy vrfcaton ky. Thn S publshs {w, E, ( w E) mo N }. Stp 2: S gnrats a scrt polynomal f of gr (t1), whr f(x) = D + r 1 x + r 2 x 2 + + r t1 x t1 mo (N ), whr r 1, r 2,, r t1 ar t1 ranom numbrs. S computs S s partal proxy sgnng ky k = f(id ), an sns ( k mo N k) mo N to S, whr = 1, 2,, n. w

24 Y-F. Chang an C-C. Chang Stp 3: Aftr rcvng th transmtt ata, S computs (((k mo N ) mo N to gt k, whr = 1, 2,, n. 2.2 Th proxy sgnatur ssung phas mo N k ) mo N ) Whn t mmbrs of T want to sgn a mssag M coopratvly on bhalf of S, thy o so as follows: ( ) Stp 1: Each mmbr from th st of th t mmbrs computs x Lk M mo N. Thn, x mo N s comput an th rsult wth x s snt to th combnr. Stp 2: Th combnr vrfs ach x wth th corrsponng proxy sgnr s publc ky, collcts ach x mo N, an thn computs th proxy sgnatur S of M, whr D S x mo N M mo N. ST 2.3 Th vrfcaton phas A vrfr V who wants to vrfy th proxy sgnatur xcuts th followng procur: Stp 1: V frst chcks whthr (w E) = (( w E) mo N ) mo N. If t hols, V chcks th valty pro. If th pro has xpr, t ncats that th proxy vrfcaton ky s nval; othrws, th phas contnus. Stp 2: V computs S E mo N an chcks f th computaton rsult s qual to M. Stp 3: Th collct ( x mo N ) can b mploy to ntfy th actual sgnr. 2.4 Scurty flaw n Hwang, Lu an Ln (23) s RSA-bas (t, n) thrshol proxy sgnatur schm Hr, w monstrat how to rtrv S s prvat ky (Wang t al., 24a). Assum t mmbrs of T cooprat to rtrv S s prvat ky, as follows: Stp 1: Th mmbrs comput D= D mo (N ) coopratvly wthout knowng (N ). w w Stp 2: Thy comput P = D* E 1 = ( mo (N ))*( mo (N )) 1= b* (N ) +1 1= b* (N ), whr b s an ntgr. Stp 3: If gc(, P) = c 1, P = P/c go to Stp 3; f gc(, P)=1, can b obtan such that * = 1 mo P, whr b s an ntgr, P = b* (N ), an b b. Snc * = 1 mo b* (N ), * = b*b* (N ) + 1, whr b s an ntgr. That s, * = 1 mo (N ). As a rsult, S s prvat ky can b succssfully obtan.

An RSA-bas (t, n) thrshol proxy sgnatur schm 25 3 Th propos t-rsa-bas out-of-n proxy sgnatur schm Th propos (t, n) thrshol proxy sgnatur schm also conssts of thr phass: proxy sharng, proxy sgnatur ssung an vrfcaton. Th ntaton of th propos schm s smlar to Hwang, Lu an Ln (23) s schm wth th followng ffrncs: 1 L ID mo N, whr = 1, 2,, n. ID S, S T, ID 2 C s a trust thr party wth th RSA publc ky (N c, c ) an th RSA prvat ky c, whr N c s largr than any proxy sgnr S s publc ky N an S s publc ky N. 3 h(): a publc on-way collson-rsstant hash functon. 3.1 Th proxy sharng phas S lgats th powr to sgn mssags to n popl as follows: Stp 1: S computs G mo ( N ), D h(w) mo N, an mo ( ) E N, whr G* E ( * )mo ( N ) 1. G Lt = (w E) mo N. S thn publshs {w, E,, N }. Stp 2: S gnrats a scrt polynomal f of gr (t 1), whr f(x) = D + r 1 x + r 2 x 2 + + r t 1 x t 1 mo N. S computs S s partal proxy sgnng ky k = f(id ), whr = 1, 2,, n, computs an sns z = ( k mon k) mo N to S. If ( k mo N k) s gratr than N, t wll b v nto two or mor tms such that ach tm s smallr than N, an ach tm s ncrypt by S s publc ky sparatly. Stp 3: Aftr rcvng th transmtt ata, S computs ( z mon ) mon to gt k for = 1, 2,, n. 3.2 Th proxy sgnatur ssung phas For t mmbrs of T to sgn a mssag M coopratvly on bhalf of S : Stp 1: Each mmbr computs x ( L k)mon, th partal sgnatur g = ( ( )) x M h x M mon, an c g mo N c. Thn g c mo N c s snt to C by ach mmbr. If g s gratr than N c, t wll b v nto two or mor tms (g s) such that ach g s smallr than N c, an ach tm s ncrypt by C s publc ky sparatly. Stp 2: C frst uss hs/hr prvat ky c to gt g, vrfs x wth th corrsponng proxy sgnr s publc ky, collcts ach x an g, an computs th proxy sgnatur S of M, whr h(m) h(m) S ( x mon ) mon D mon. ST

26 Y-F. Chang an C-C. Chang 3.3 Th vrfcaton phas A vrfr V who wants to vrfy th proxy sgnatur xcuts th followng procur: Stp 1: V frst chcks f (w E) = (( w E) mo N ) mo N. If t hols, V chcks th valty pro. If th pro has xpr, t nots that th proxy vrfcaton ky s nval; othrws, th phas contnus. E h(m)*e G*h(M)*E Stp 2: V computs S D h(w) mo N an h (w) mo N. V vrfs M by chckng whthr th computaton rsults ar qual or not. Stp 3: If thr s a n to ntfy th actual sgnrs, th collct g s can b us. h(m) 4 Dscusson Th followng scton monstrats th scurty of th propos schm how th proxy sgnr can choos hs/hr own ntty at wll an how th schm satsfs th sx rqurmnts mnton n Scton 1. In sub-scton 4.3, practcs for managrs ar rcommn 4.1 Proxy sgnr can choos hs/hr own ntty at wll L S,ST, ID ID ID mo N S,ST, (ID *(ID ID 1 ) ) mo N n our propos schm. Bcaus N s known, (ID ID ) 1 mo N can b obtan. That s, rrspctv of th ntts, L must b an ntgr. As a rsult, proxy sgnrs can choos thr own ntts at wll. 4.2 Scurty of th schm Th clrk C s trust n th schm. Thrfor, th partal sgnatur must b concal such that only C can rval t to combn all th collct partal sgnaturs. As shown n Stp 1 of sub-scton 3.2, th partal sgnatur g s ncrypt by C s publc ky an so only C can accss t. As shown n sub-scton 3.3, th valty of th gnrat proxy sgnatur s nsur. If a proxy sgnr ns sgnng th sgnatur, th partal sgnatur g can b mploy bcaus g = ( ( )) x M h x M mo N. Although th clrk C can gt x s, C cannot forg th val partal sgnaturs bcaus th corrsponng prvat kys ar unknown. In Hwang, Lu an Ln (23) s schm, th scurty of th orgnal sgnr s prvat ky s thratn bcaus b*(n ) s known, whr b s an ntgr. Hr, no on can rtrv S s prvat ky bcaus of th ffcults n solvng th scrt logarthms from D. Morovr, snc D an E ar th proucts wth th moul N an (N ), rspctvly, no nformaton on (N ) wll b known vn f D s rtrv. If D s obtan, anyon can comput th val proxy sgnatur. Ths wll rsult h(m) n srous amag to th proxy an orgnal sgnr. From S D mo N, no on can rv D bcaus (N ) s unknown. Consquntly, h(m) 1 mo (N ) s not avalabl to

An RSA-bas (t, n) thrshol proxy sgnatur schm 27 rtrv D. Evn f D s rtrv, th sgn partal proxy sgnatur g, for trmnng th ral proxy sgnrs cannot b gnrat, snc th proxy sgnr s prvat ky s unknown. Th followng scton scusss how our propos schm satsfs th sx basc rqurmnts mnton n Scton 1. 4.2.1 Scrcy - th orgnal sgnr s prvat ky cannot b rv As shown n sub-scton 4.2, bcaus D an E ar th proucts wth th moul N an (N ), rspctvly, no nformaton of (N ) wll b known vn f D s rtrv. Morovr, G mo ( N) an G D h(w) mo N, bcaus of th ffcults n solvng th scrt logarthms, th orgnal sgnr s prvat ky s stll concal vn f D s rtrv. 4.2.2 Proxy protcton - no on can gnrat th val partal proxy sgnatur xcpt th lgat proxy sgnr As shown n sub-scton 3.2, th proxy sgnr S s partal sgnatur g = ( x M h(x M)) mo N. Only S can gnrat th val partal proxy sgnatur bcaus S s prvat ky s unknown. 4.2.3 Unforgablty - only f t or mor proxy sgnrs cooprat, a val proxy sgnatur can b crat As shown n sub-scton 3.2, f t or mor proxy sgnrs cooprat, C can gt D to gnrat th val proxy sgnatur. 4.2.4 Proxy sgnrs cannot ny that thy hav alray sgn th mssag. In aton, th orgnal sgnr cannot ny lgatng th sgnng capacty to th proxy sgnrs As shown n sub-scton 3.2, th proxy sgnr S s partal sgnatur g = ( x M h(x M)) mo N. Only S can gnrat th val partal proxy sgnatur, as S s prvat ky s unknown. C can us th collct partal sgnaturs g s to prov who th ral sgnr s. In th proxy sharng phas, S publshs {w, E, an N }, whr = (w E) mo N. Thrfor, S cannot ny lgatng th sgnng capacty to th proxy sgnrs. 4.2.5 Tm constrant th proxy sgnng kys can b us urng th lgaton pro. As shown n sub-scton 3.1, S computs mo ( ) G mo ( N), D = h(w) G mo N, an E N, whr G* E ( * )mo ( N ) 1. Thn S publshs {w, E, ((w E) mo N ) an N }. Th proxy sgnatur publc ky an th proxy sgnatur prvat ky ar th proucts of th warrant, an thrfor, th proxy sgnatur kys ar val only n th lgaton pro.

28 Y-F. Chang an C-C. Chang 4.2.6 Known sgnrs - for ntrnal aut, th actual sgnrs of a gvn thrshol proxy sgnatur can b trmn. As shown n sub-scton 3.2, th proxy sgnr S s partal sgnatur g = ( x M h(x M)) mo N. Only S can gnrat th val partal proxy sgnatur. Thrfor, C can us th collct partal sgnaturs g s to prov who th ral sgnr s. 4.3 Rcommn practcs for managrs RSA cryptosystms ar us globally, an th RSA publc ky nfrastructur ar wll stablsh. Thus, plnty of applcatons nvolvng publc kys ar bas on RSA; for xampl gtal sgnatur, crtfcats an ky agrmnt. Dgtal sgnatur s th most common applcaton bcaus t provs authntcaton, ntgrty an non-rpuaton. Thy can b ralstcally appl to -commrc an offcal ocumnts, such as -chcks an -nvocs. All mportant ocumnts apply gtal sgnaturs to mak thm unforgabl. An mportant applcaton for offcal ocumnts s th proxy sgnatur. For xampl on partmnt managr alon may not b abl to manag th ntr partmnt an thus lgat th rsponsblty to othr managr(s). Th thrshol proxy sgnatur s sgn for such a scnaro. Th propos RSA proxy sgnatur schm aopts th wllstablsh RSA cryptosystm nsta of th scrt logarthm-bas cryptosystm. Ths allows th organsaton or company that wants to apply proxy sgnaturs to authors othrs to vlop th customr-spcfc proxy sgnatur systm ralstcally. 5 Concluson In ths papr, w rmy th flaws of Hwang, Lu an Ln (23) s (t, n) thrshol proxy sgnatur schm. As mnton abov, our propos schm can wthstan th scurty flaws of th arlr schm. Morovr, t offrs th convnnc of choosng th ntts at wll. Consquntly, our propos schm s not only scur but also practcal. Rfrncs ElGamal, T. (1985) A publc ky cryptosystm an a sgnatur schm bas on scrt logarthms, IEEE Transactons on Informaton Thory, Vol. 31, pp.469 472. Hsu, C.L., Wu, T.S. an Wu, T.C. (21) Nw nonrpuabl thrshol proxy sgnatur schm wth known sgnrs, Th Journal of Systms an Softwar, Vol. 58, pp.119 124. Huang, H.F. an Chang, C.C. (23) An ffcnt an practcal (t, n) thrshol proxy sgnatur schm wth known sgnrs, Funamnta Informatca, Vol. 56, pp.243 253. Hwang, M.S., Ln, I.C. an Lu, J.L. (2) A scur nonrpuabl thrshol proxy sgnatur schm wth known sgnrs, Informatca, Vol. 11, pp.1 8. Hwang, M.S., Lu, J.L. an Ln, I.C. (23) A practcal (t, n) thrshol proxy sgnatur schm bas on th RSA cryptosystm, IEEE Transactons on Knowlg an Data Engnrng, Vol. 15, pp.1552 156. Km, S., Part, S. an Won, D. (1997) Proxy sgnatur, rvst, Papr prsnt at th Intrnatonal Confrnc on Informaton an Communcaton Scurty ICICS 97, Bng, Chna, pp.223 232. In procngs. Mombo, M., Usua, K. an Okamoto, E. (1996) Proxy sgnatur: lgaton of th powr to sgn mssags, IEICE Transactons on Funamntals, Vol. E79-A, pp.1338 1353.

An RSA-bas (t, n) thrshol proxy sgnatur schm 29 Prsn, T.P. (1991a) Dstrbut provrs wth applcatons to unnabl sgnaturs, Papr prsnt at th EUROCRYPT 91, Brghton, Englan, pp.221 242. In procngs. Prsn, T.P. (1991b) A thrshol cryptosystm wthout a trust party, Papr prsnt at th EUROCRYPT 91, Brghton, Englan, pp.522 526. In procngs. Rvst, R.L., Shamr, A. an Alman, L.M. (1978) A mtho for obtanng gtal sgnaturs an publc-ky cryptosystms, Communcatons of th ACM, Vol. 21, pp.12 126. Schnorr, C. (1991) Effcnt sgnatur gnraton by smart cars, Cryptology, Vol. 4, pp.161 174. Shamr, A. (1979) How to shar a scrt, Communcatons of th ACM, Vol. 22, pp.612 613. Sun, H.M. (1999a) An ffcnt nonrpuabl thrshol proxy sgnatur schm wth known sgnrs, Computr Communcatons, Vol. 22, pp.717 722. Sun, H.M., (1999b) Thrshol proxy sgnaturs, Papr prsnt at th Computrs an Dgtal Tchnqus, Vol. 146, pp.259 263. In IEE procngs. Wang, G., Bao, F., Zhou, J. an Dng, R.H. (24a) Commnts on a practcal (t, n) thrshol proxy sgnatur schm bas on th RSA cryptosystm, IEEE Transactons on Knowlg an Data Engnrng, Vol. 16, pp.139 1311. Wang, G., Bao, F., Zhou, J. an Dng, R.H. (24b) Scurty analyss of som proxy sgnaturs, Papr prsnt at th Intrnatonal Confrnc on Informaton Scurty an Cryptology ICICS 3, Mongola, Chna, pp.35 319. In procngs. Zhang, K. (1997) Thrshol proxy sgnatur schms, Papr prsnt at th Informaton Scurty Workshop ISW 97, Calforna, USA, pp.282 29. In procngs.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information