A Secure Nonrepudiable Threshold Proxy Signature Scheme with Known Signers



Similar documents
A Secure Password-Authenticated Key Agreement Using Smart Cards

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010

A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security

Trivial lump sum R5.0

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage

A Study on Secure Data Storage Strategy in Cloud Computing

An Interest-Oriented Network Evolution Mechanism for Online Communities

How To Understand The Results Of The German Meris Cloud And Water Vapour Product

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

Data Mining from the Information Systems: Performance Indicators at Masaryk University in Brno

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network

An Evaluation of the Extended Logistic, Simple Logistic, and Gompertz Models for Forecasting Short Lifecycle Products and Services

1.1 The University may award Higher Doctorate degrees as specified from time-to-time in UPR AS11 1.

Yixin Jiang and Chuang Lin. Minghui Shi and Xuemin Sherman Shen*

Provably Secure Single Sign-on Scheme in Distributed Systems and Networks

ADVERTISEMENT FOR THE POST OF DIRECTOR, lim TIRUCHIRAPPALLI

Can Auto Liability Insurance Purchases Signal Risk Attitude?

Institute of Informatics, Faculty of Business and Management, Brno University of Technology,Czech Republic

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT

A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS

Compact CCA2-secure Hierarchical Identity-Based Broadcast Encryption for Fuzzy-entity Data Sharing

Secure Network Coding Over the Integers

A hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm

Practical PIR for Electronic Commerce

Inter-domain Alliance Authentication Protocol Based on Blind Signature

An RFID Distance Bounding Protocol

How To Get A Tax Refund On A Retirement Account

DEFINING %COMPLETE IN MICROSOFT PROJECT

Scalable and Secure Architecture for Digital Content Distribution

Laddered Multilevel DC/AC Inverters used in Solar Panel Energy Systems

Statistical Approach for Offline Handwritten Signature Verification

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.

An Optimally Robust Hybrid Mix Network (Extended Abstract)

Design and Development of a Security Evaluation Platform Based on International Standards

Traffic-light a stress test for life insurance provisions

BERNSTEIN POLYNOMIALS

Canon NTSC Help Desk Documentation

Tuition Fee Loan application notes

Calculation of Sampling Weights

Power-of-Two Policies for Single- Warehouse Multi-Retailer Inventory Systems with Order Frequency Discounts

Forecasting the Direction and Strength of Stock Market Movement

An Alternative Way to Measure Private Equity Performance

PKIS: practical keyword index search on cloud datacenter

PSYCHOLOGICAL RESEARCH (PYC 304-C) Lecture 12

Data Broadcast on a Multi-System Heterogeneous Overlayed Wireless Network *

An Efficient Recovery Algorithm for Coverage Hole in WSNs

Network Security Situation Evaluation Method for Distributed Denial of Service

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS

Time Domain simulation of PD Propagation in XLPE Cables Considering Frequency Dependent Parameters

"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *

A DATA MINING APPLICATION IN A STUDENT DATABASE

Identity-Based Encryption Gone Wild

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) , Fax: (370-5) , info@teltonika.

Recurrence. 1 Definitions and main statements

A Generalized Temporal and Spatial Role-Based Access Control Model

Performance Analysis of Energy Consumption of Smartphone Running Mobile Hotspot Application

Authenticated AODV Routing Protocol Using One-Time Signature and Transitive Signature Schemes

Understanding the physical and economic consequences of attacks on control systems

A Performance Analysis of View Maintenance Techniques for Data Warehouses

Subcontracting Structure and Productivity in the Japanese Software Industry

Chosen Public Key and Ciphertext Secure Proxy Re-encryption Schemes

DISCLOSURES I. ELECTRONIC FUND TRANSFER DISCLOSURE (REGULATION E)... 2 ELECTRONIC DISCLOSURE AND ELECTRONIC SIGNATURE CONSENT... 7

RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST)

Study on Model of Risks Assessment of Standard Operation in Rural Power Network

PRE COURSE ASSIGNMENT ALT COURSE ( This should be prepared in separate sheets bounded in one booklet presentable manner )

Fast Variants of RSA

An Enhanced Super-Resolution System with Improved Image Registration, Automatic Image Selection, and Image Enhancement

Tracker: Security and Privacy for RFID-based Supply Chains

Simple Interest Loans (Section 5.1) :

v a 1 b 1 i, a 2 b 2 i,..., a n b n i.

On the Optimal Control of a Cascade of Hydro-Electric Power Stations

The program for the Bachelor degrees shall extend over three years of full-time study or the parttime equivalent.

Efficiency Test on Taiwan s Life Insurance Industry- Using X-Efficiency Approach

Using Series to Analyze Financial Situations: Present Value

ENVIRONMENTAL MONITORING Vol. II - Statistical Analysis and Quality Assurance of Monitoring Data - Iris Yeung

A DYNAMIC CRASHING METHOD FOR PROJECT MANAGEMENT USING SIMULATION-BASED OPTIMIZATION. Michael E. Kuhl Radhamés A. Tolentino-Peña

LIFETIME INCOME OPTIONS

In our example i = r/12 =.0825/12 At the end of the first month after your payment is received your amount in the account, the balance, is

Transcription:

INFORMATICA, 2000, Vol. 11, No. 2, 137 144 137 2000 Insttute of Mathematcs and Informatcs, Vlnus A Secure Nonrepudable Threshold Proxy Sgnature Scheme wth Known Sgners Mn-Shang HWANG, Iuon-Chang LIN, Erc Ju-Ln LU Department of Informaton Management, Chaoyang Unversty of Technology 168, Gfeng E. Rd., Wufeng, Tachung County, Tawan 413, R.O.C. e-mal: mshwang@mal.cyut.edu.tw Receved: December 1999 Abstract. In the (t, n) proxy sgnature scheme, the sgnature, orgnally sgned by a sgner, can be sgned by t or more proxy sgners out of a proxy group of n members. Recently, an effcent nonrepudable threshold proxy sgnature scheme wth known sgners was proposed by H.-M. Sun. Sun s scheme has two advantages. One s nonrepudaton. The proxy group cannot deny that havng sgned the proxy sgnature. Any verfer can dentfy the proxy group as a real sgner. The other s dentfable sgners. The verfer s able to dentfy the actual sgners n the proxy group. Also, the sgners cannot deny that havng generated the proxy sgnature. In ths artcle, we present a cryptanalyss of the Sun s scheme. Further, we propose a secure, nonrepudable and known sgners threshold proxy sgnature scheme whch remedes the weakness of the Sun s scheme. Key words: cryptography, Lagrange nterpolatng polynomal, proxy sgnature, threshold proxy sgnature. 1. Introducton A proxy sgnature scheme s a method whch allows orgnal sgner delegate hs works to a desgnated person wth a proxy sgnature key (Mambo, 1996a; Mambo, 1996b; Usuda, 1996). In these schemes, the proxy sgnature key s created by the orgnal sgner s sgnature key whch cannot be computed from the proxy sgnature key. The proxy sgner can generate proxy sgnature on a message on behalf of the orgnal sgner. To further expand the proxy sgnature scheme, the (t, n) threshold proxy sgnature schemes were proposed (Km, 1997; Lee, 1998; Zhang, 1997). The orgnal sgner now shares the proxy sgnature key wth an authorzed proxy group. Any t or more proxy sgners of the proxy group of n members can cooperately generate a proxy sgnature on a message. Some threshold proxy sgnature schemes, such as Zhang s scheme (Zhang, 1997), are not nonrepudable. Although some threshold proxy sgnature schemes, such as the Km s scheme (Km, 1997), are nonrepudable, they suffer a severe lmtaton; that the verfer cannot dentty the actual sgners n the proxy group. Based on Km s scheme, H.-M. Sun proposed an effcent nonrepudable threshold proxy sgnature scheme wth known sgner (Sun, 1999). The Sun s scheme s more effcent than the other threshold proxy sgnature schemes, and has nonrepudable property.

138 M.-Sh. Hwang et al. The man advantage of Sun s scheme s that the verfer s able to dentfy the actual sgners n the proxy group. The securty of the Sun s scheme s based on Lagrange nterpolatng polynomal and the dffculty of calculatng dscrete logarthms. However, the weakness of the Sun s scheme s that, f an adversary can obtan the proxy sgner s secret key. Then he can mpersonate a legal proxy sgner to generate a proxy sgnature and the real proxy sgner cannot deny that havng sgned the proxy sgnature before. In ths artcle, we show the weakness of the Sun s scheme and remedy the Sun s scheme. In next secton, we revew the Sun s scheme and llustrate ts weakness. In Secton 3, we propose a new secure scheme based on the Sun s scheme. And the securty of our proposed scheme s analyzed. Fnally, we conclude ths paper by lstng the advantages of the proposed scheme. 2. Revew of Sun s Nonrepudable Threshold Proxy Sgnature Scheme In ths secton, we frst revew the Sun s threshold proxy sgnature scheme (Sun, 1999) and then present a weakness of the Sun s scheme. 2.1. Sun s (t, n) Threshold Proxy Sgnature Scheme The Sun s proposed nonrepudable (t, n) threshold proxy sgnature wth known sgner, whch s based on the Km s threshold scheme (Km, 1997). The Sun s scheme uses the secret share technque (Blakley, 1979; Shamr, 1979) to share the proxy sgnature key. It s dvded nto three phases: proxy sharng generaton, proxy sgnature ssung, and proxy sgnature verfcaton. Intally, the system parameters are defned as follows: p be a large prme, q be a prme factor of p 1, g be an element of order q n Zp; x s partcpant p s prvate key and ts correspondng publc key s y, y = g x (modp); h s an one-way functon; m w s a warrant that be mnted by the orgnal sgner, and ts records some nformaton such as the dentty of the orgnal sgner; the denttes of proxy sgners of the proxy group; etc. and ASID (Actual Sgners ID) records the denttes of the actual sgners. In the proxy sharng generaton phase, the group shares a secret value from multplcatve sharng technque. The steps are descrbed as follows: 1 (Group key generaton). In a (t, n) threshold proxy sgnature scheme, let p 0 be the orgnal sgner, and p 1,p 2,...,p n be the n proxy sgners of the proxy group. Each member, p 1,p 2,...,p n, randomly generates a secret polynomal f of degree t 1,whch f (X) =x + a (,1) X +...+ a (,t 1) X t 1 (mod q). Here, a (,1),a (,2),...,a (,t 1) are random number. Then, each proxy sgner p can receve the shared value f j () from p j,where0<,j<n,and j. Therefore, each proxy sgner p can obtan a value s,

A Secure Nonrepudable Threshold Proxy Sgnature Scheme wth Known Sgners 139 s = f() = f 1 ()+f 2 ()+...+ f n () = a 0 + a 1 +...+ a t 1 t 1 (mod q), (1) where a 0 = n x (mod p), a 1 = n a (,1) (mod p),..., a t 1 = n a (,t 1) (mod p). And the publc parameters of the proxy group (Pedersen, 1991-a; Pedersen, 1991-b) are y G = g a0 (mod p), anda j = g aj (mod p), j =1,...,t 1. 2 (Proxy generaton). The orgnal sgner chooses a random number k and computes the parameter K, K = g k mod p. Then the orgnal sgner can obtan the value σ, σ = ex 0 + k (mod q), (2) where e = h(m w,k). 3 (Proxy sharng). The orgnal sgner shares a proxy key σ n a (t, n) threshold scheme. He generates a secret degree t 1 polynomal f, and computes σ = f (), = σ + b 1 +...+ b t 1 t 1, for =1, 2,...,n, (3) where b j s a random number, j =1,...,t 1. After the orgnal sgner sends σ to proxy sgner p, =1,...,n, over a secured channel, and publshes B j = g bj (mod p), j =1,...,t 1,and(m w,k). 4 (Proxy share generaton). After recevng the σ, each proxy sgner p checks whether or not the followng equaton s hold, g σ t 1 = y h(mw,k) 0 K Bj j (mod p). (4) j=1 If the above equaton s hold, each p computes σ = σ + s h(m w,k)(modq), (5) the σ as a proxy share of p. Otherwse, the proxy sgner rejects σ. Assume that the t proxy sgners, p 1,...,p t, want to cooperately sgn a message on behalf of the proxy group, the steps of the proxy sgnature ssung phase are lsted below: 1. As the step 1 of the proxy share generaton phase, the polynomal s usng f (X) =(c (,0) + x )+c (,1) X +...+ c (,t 1) X t 1 (mod q). Each actual proxy sgner p can obtan the value s when they receve the values f j () from each actual proxy sgner p j, as shown n followng:

140 M.-Sh. Hwang et al. s = f () = f 1 ()+f 2 ()+...+ f t () n = x + c 0 + c 1 +...+ c t 1 t 1 (mod q), (6) where =1,...,t. The publc parameters of ths step are Y = g c0 (mod p), and C j = g cj (mod p), j =1,...,t 1. 2. Each proxy sgner p, =1,...,t, has two secret values σ and s. Therefore, each proxy sgner p can computes γ = s Y + σ h(asid, m)(modq), (7) where m s the message. Then each proxy sgner p sends γ to proxy sgner p j, j =1,...,tand j. 3. For each receved γ j (j =1,...,t; j ), p can check whether the followng equaton s hold g γj = [ Y ( t 1 C j [ ( t 1 y h(mw,k) 0 K )( t 1 ) ] Y y t 1 B j )(y G ) ] h(mw,k) h(asid,m) A j mod p. (8) 4. Each proxy sgner p can apply Lagrange formula to [γ j ] to compute (Dennng, 1983) T = f (0)Y +[f(0) + f (0)] h(asid, m). (9) The proxy sgnature on m s (m, T, K, m w,asid). In the verfcaton phase, any verfer can verfy the valdty of the proxy sgnature and dentfy the actual sgners. The steps of ths phase are descrbed as follows: 1. Accordng to m w and ASID, the verfer gets the publc keys of the proxy sgners from the CA, and knows who the orgnal sgner and the actual proxy sgners are. 2. The verfer then checks the valdty of the proxy sgnature on the message m from the followng equaton: g T = [ y h(mw,k) 0 K n ] h(asid,m) y (Y t=1 2.2. The Weakness of Sun s Scheme t ) Y y (mod p). (10) In Sun s (t, n) threshold proxy sgnature scheme, any verfer can verfy the valdty of the proxy sgnature and dentfy the actual sgners. However, n ths subsecton we wll

A Secure Nonrepudable Threshold Proxy Sgnature Scheme wth Known Sgners 141 show that the proxy sgner s secret key s not kept n prvacy. Any (n 1) proxy sgners n the group of n members can conspre the secret key of the remander one. We call ths attack as colluson attack. In ths attack, any (n 1) proxy sgners n the group of n members can mpersonate the remander one. For example, assume that a (3, 5) threshold proxy sgnature scheme. The proxy sgner p 1,...,p 4 ntend to obtan the secret key of the proxy sgner p 5. Then, they can mpersonate a legal proxy sgner p 5 to sgn a message m.in(1),any3 proxy sgners of p 1,...,p 4 can compute a 0 usng the Lagrange formula snce a 0 = 5 x (mod p). Thus the proxy sgners p 1,...,p 4 can present ther secret keys to conspre the secret key x 5 of the proxy sgner p 5 easly. Next, we can mpersonate the proxy sgner p 5 to generate a legal proxy sgnature. In the same way, the s 5, σ 5,andσ 5 can be computed by usng Lagrange formula from the Eqs. (1), (3), and (5), respectvely. In proxy sgnature ssung phase, we can mpersonate p 5 to share a random number as descrbed n Step 1, and we can get a secret s 5 from (6). By havng s 5 and σ 5, we can obtan γ 5 from (7) and send t to other proxy sgners of the proxy group. Then T can be computed from (9) and, thus, the proxy group can generate a proxy sgnature (m, T, K, m w,asid) for message m. In the verfcaton phase, the verfer can verfy the valdty of the proxy sgnature and dentfy the p 5 as actual sgner of the proxy group. In fact, p 5 have never sgned the message m,butp 5 cannot deny. Therefore, n Sun s scheme, the secret key x of the proxy sgner p can be compromsed by colluson attack and an adversary can mpersonate a legal proxy sgner p to sgn a message. 3. Improvement of Sun s Scheme In ths secton, we modfy Sun s scheme to remedy the weakness as descrbed n Secton 2.2 and analyze the securty of our scheme. 3.1. The Improved Scheme In Sun s scheme, the secret key x can be compromsed by colluson attack. To remedy the weakness we modfy Sun s scheme and the revsed scheme s presented n detals. In the proxy share generaton phase, we replace f (X) wth f (X) =x + a (,0) + a (,1) X +...+ a (,t 1) X t 1 (mod q), wherea (,0) s a random number. Therefore, the Eq. 1 becomes s = f() = n x + a 0 + a 1 +...+ a t 1 t 1 (mod q), (11) where a = t 1 a (,0) (mo d p). The proxy group then publshes y g (y G = n gx = n y (mod p)), anda j (A j = g aj (mod p); j =0,...,t 1). The other steps of the proxy share generaton phase are the same as that of the Sun s scheme.

142 M.-Sh. Hwang et al. In the proxy sgnature ssung phase, the proxy sgner p computes γ from (7) and sends γ to other proxy sgners of the proxy group. Each proxy sgner can verfy the valdty of γ from the followng equaton: g γj = [ Y ( t 1 C j )( t 1 t 1 0 K [ ( y h(mw,k) ) ] Y y B j t 1 )(y G A 0 ) ] h(mw,k) h(asid,m) A j (mod p). Then, each sgner computes T from (9) and the proxy sgnature on message m s (m, T, K, m w,asid). Fnally, the verfer checks the valdty of the proxy sgnature and dentfy the actual sgners of the group from the followng equaton: g T = [ y h(mw,k) 0 KA 0 t=1 n ] h(asid,m)( y Y t ) Y y (mod p). (12) If the above equaton s hold, the verfer can frmly beleve the valdty of the proxy sgnature and dentfy the actual sgners. Furthermore, the revsed scheme can wthstand the colluson attack. Any n 1 proxy sgners cannot conspre the secret key of the remander. Therefore, the secret key of any proxy sgner can be kept n prvacy. And any adversary cannot forge the legal proxy sgnature. 3.2. Securty Analyss of the Improved Scheme The securty of the proposed threshold proxy sgnature scheme as descrbed above s examned. As wth Sun s scheme, the level of securty s tghtened. However, our scheme can wthstand the colluson attack. Assume that we use the same example as descrbed n Secton 2.2. Any 3 proxy sgners can obtan the f(0) = 5 (x + c (,0) )(modp) by Lagrange formula. However, any 4 proxy sgners, p 1,...,p 4, can only obtan x 5 + c (5,0). They cannot conspre the secret key x 5 of proxy sgner p 5. Therefore, colluson attack s mpossble snce t s dffcult to compute the secret key x 5 from the addton of two unknown numbers x 5 and c (5,0). The secret key of the proxy sgner n the proposed scheme s kept n prvacy. In addton, we can conspre to get the σ 5,andσ 5 from Eqs. (3), and (5). However, an adversary cannot obtan vald s 5 and S 5 wthout p 5 secret key. If an adversary tres to forge a proxy sgnature of p 5, the verfy check n the Eq. 10 s not hold. Therefore, t can wthstand the colluson attack and the proxy sgnature cannot be forged.

A Secure Nonrepudable Threshold Proxy Sgnature Scheme wth Known Sgners 143 4. Conclusons In ths artcle, we presented a cryptanalyss of Sun s threshold proxy sgnature scheme. We have shown that the secret key can be compromsed by colluson attack. And a secure threshold proxy sgnature scheme was proposed to remedy the weakness of Sun s scheme. The man advantages of our scheme are: t obtans the property of nonrepudable, the verfer s able to dentfy the actual proxy sgner of the proxy group, and anyone cannot forge the legal proxy sgnature. Acknowledgements The authors wsh to thank many anonymous referees for ther suggestons to mprove ths paper. Part of ths research was supported by the Natonal Scence Councl, Tawan, R.O.C., under contract no. NSC89-2213-E-324-025. References Blakley, G.R. (1979). Safeguardng cryptographc keys. Proc. of AFIPs, pp. 313 317. Dennng, D.E.R. (1983). Cryptography and Data Securty. Addson-Wesley. Km, S., S. Park, and D. Won (1997). Proxy sgnatures, revsted. Proc. of ICICS 97, LNCS, 1334, pp. 223 232. Lee, N.Y., T. Hwang, and C.H. Wang (1998). On Zhang s nonrepudable proxy sgnature schemes. ACISP 98, LNCS, 1438, pp. 415 422. Mambo, M., K. Usuda, and E. Okamoto (1996a). Proxy sgnatures: Delegaton of the power to sgn message. IEICE Trans. Fundamentals, E79-A(9), 1338 1354. Mambo, M., K. Usuda, and E. Okamoto (1996b). Proxy sgnatures for delegatng sgnng operaton. Proc. Thrd ACM Conf. on Computer and Communcatons Securty, pp. 48 57. Pedersen, T.P. (1991a). Dstrbuted provers wth applcatons to undenable sgnatures. Proc. Eurocrypt 91, LNCS, 547, pp. 221 238. Pedersen, T.P. (1991-b). A threshold cryptosystem wthout a trusted party. Proc. Eurocrypt 91, LNCS, 547, pp. 522 526. Shamr, A. (1979). How to share a secret. Commun. of the ACM, 22(11), 612 613. Sun, H.M. (1999). An effcent nonrepudable threshold proxy sgnature scheme wth known sgners. Computer Communcatons, 22(8), 717 722. Usuda, K., M. Mambo, T. Uyematsu, and E. Okamoto (1996). Proposal of an automatc sgnature scheme usng a compler. IEICE Trans. Fundamentals, E79-A(1), 94 101. Zhang, K. (1997). Threshold proxy sgnature schemes, Informaton Securty Workshop, 191 197.

144 M.-Sh. Hwang et al. M.-Sh. Hwang receved the B.S. n Electronc Engneerng from Natonal Tape Insttute of Technology, Tape, Tawan, Republc of Chna, n 1980; the M.S. n Industral Engneerng from Natonal Tsng Hua Unversty, Tawan, n 1988; and the Ph.D. n Computer and Informaton Scence from Natonal Chao Tung Unversty, Tawan, n 1995. He also studed Appled Mathematcs at Natonal Cheng Kung Unversty, Tawan, from 1984 1986. Dr. Hwang passed the Natonal Hgher Examnaton n feld Electronc Engneer n 1988. He also passed the Natonal Telecommuncaton Specal Examnaton n feld Informaton Engneerng, qualfed as advanced techncan the frst class n 1990. From 1988 to 1991, he was the leader of the Computer Center at Telecommuncaton Laboratores (TL), Mnstry of Transportaton and Communcatons, ROC. He was also a project leader for research n computer securty at TL n July 1990. He obtaned the 1997, 1998, and 1999 Dstngushed Research Awards of the Natonal Scence Councl of the Republc of Chna. He s currently a professor and charman of the Department of Informaton Management, Chaoyang Unversty of Technology, Tawan, ROC. He s a member of IEEE, ACM, and Chnese Informaton Securty Assocaton. Hs current research nterests nclude database and data securty, cryptography, mage compresson, and moble communcatons. I.-Ch. Ln receved the B.S. n Computer and Informaton Scences from Tung Ha Unversty, Tachung, Tawan, Republc of Chna, n 1998. He s currently pursung hs master degree n Informaton Management from Chaoyang Unversty of Technology. Hs current research nterests nclude electronc commerce, nformaton securty, cryptography, and moble communcatons. E.J.-L. Lu receved hs B.S. degree n Transportaton Engneerng and Management from Natonal Chao Tung Unversty, Tawan, R.O.C, n 1982; M.S. degree n Computer Informaton Systems from San Francsco State Unversty, Calforna, U.S.A, n 1990; and Ph.D. degree n Computer Scence from Unversty of Mssour-Rolla, Mssour, U.S.A, n 1996. He s currently an assocate professor and vce charman of the Department of Informaton Management, Chaoyang Unversty of Technology, Tawan, R.O.C. Hs current research nterests nclude electronc commerce, dstrbuted processng, and securty. Saug slenkstnė galot u parašu schema, ka žnom pasrašantys asmenys Mn-Shang HWANG, Iuon-Chang LIN, Erc Ju-Ln LU Strapsnyje parodyta, kad grupės galot uasmen u parašu Sun o krptoanalzės algortmas tur trūkuma, nes slaptass raktas gal būt lengva apskačuotas. Pasūlyta Sun o algortmo modfkacja, neturnt šo trūkumo. Modfkuotas algortmas galna dentfkuot galot aj pasrašant asmen. Nekas negal suklastot tesėto galoto asmens parašo. Igalotass pasrašants asmuo negal atssakyt savo parašo.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information