Method and apparatus for generating and verifying an ID_based proxy signature by using bilinear pairings

US 20050005126A1
Filed: 12/30/2003
Published: 01/06/2005
Est. Priority Date: 07/04/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for generating and verifying an identity-based proxy signature by using bilinear pairings, comprising the steps of:

(a) generating system parameters, selecting a master key and then disclosing the system parameters by a trust authority;

(b) generating private keys of an original signer and a proxy signer based on the original signer'"'"'s identity and the proxy signer'"'"'s identity, respectively, and then transferring the original signer'"'"'s private key and the proxy signer'"'"'s private key to the original signer and the proxy signer, respectively, through a secure channel by the trust authority;

(c) receiving and storing the system parameters and the original signer'"'"'s private key by the original signer, receiving and storing the system parameters and the proxy signer'"'"'s private key by the proxy signer and receiving and storing the system parameters by a verifier;

(d) generating a signed warrant, computing values for verifying the signature of the signed warrant by using at least one of the system parameters and then transferring the signed warrant and the values to the proxy signer by the original signer;

(e) verifying the signature of the signed warrant by using the values and an original signer'"'"'s public key based on the original signer'"'"'s identity and then generating a proxy signature key by the proxy signer;

(f) proxy-signing a delegated message by using the proxy signature key by the proxy signer; and

(g) verifying the validity of the proxy signature by using at least one of the system parameters and a proxy signer'"'"'s public key based on the proxy signer'"'"'s identity by the verifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method and an apparatus for generating and verifying an identity based proxy signature by using bilinear pairings, a trust authority generates system parameters and selects a master key. Further, the trust authority generates private keys of an original signer and proxy signer based on the original signer'"'"'s identity and the proxy signer'"'"'s identity, respectively. The original signer generates a signed warrant, computes values for verifying the signature of the signed warrant and then transfers the signed warrant and the values to the proxy signer. Thereafter, the proxy signer verifies the signature of the signed warrant and then generates a proxy signature key. Finally, the proxy signer signs a delegated message and the verifier verifies the proxy signature.

Citations

14 Claims

1. A method for generating and verifying an identity-based proxy signature by using bilinear pairings, comprising the steps of:
- (a) generating system parameters, selecting a master key and then disclosing the system parameters by a trust authority;
  
  (b) generating private keys of an original signer and a proxy signer based on the original signer'"'"'s identity and the proxy signer'"'"'s identity, respectively, and then transferring the original signer'"'"'s private key and the proxy signer'"'"'s private key to the original signer and the proxy signer, respectively, through a secure channel by the trust authority;
  
  (c) receiving and storing the system parameters and the original signer'"'"'s private key by the original signer, receiving and storing the system parameters and the proxy signer'"'"'s private key by the proxy signer and receiving and storing the system parameters by a verifier;
  
  (d) generating a signed warrant, computing values for verifying the signature of the signed warrant by using at least one of the system parameters and then transferring the signed warrant and the values to the proxy signer by the original signer;
  
  (e) verifying the signature of the signed warrant by using the values and an original signer'"'"'s public key based on the original signer'"'"'s identity and then generating a proxy signature key by the proxy signer;
  
  (f) proxy-signing a delegated message by using the proxy signature key by the proxy signer; and
  
  (g) verifying the validity of the proxy signature by using at least one of the system parameters and a proxy signer'"'"'s public key based on the proxy signer'"'"'s identity by the verifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the system parameters include G₁, G₂, e, q, P, P_pub, H₁and H₂, where G₁is a cyclic additive group whose order is a prime q, G₂is a cyclic multiplicative group of the same order q, e is a bilinear paring defined by e:
    - G₁×
      
      G₁→
      
      G₂, P is a generator of G₁, P_pubis a trust authority'"'"'s public key having relationship of P_pub=s·
      
      P, where s is the master key, and H₁and H₂are hash functions, respectively, described by H₁;
      
      {0,1}*→
      
      Z_q* and H₂;
      
      {0,1}*→
      
      G₁, where Z_q* is a cyclic multiplicative group.
  - 3. The method of claim 2, wherein the original signer'"'"'s public key Q_Aequals H₂(A), where A is the original signer'"'"'s identity, and the original signer'"'"'s private key S_Aequals s·
    - Q_A; and
      
      the proxy signer'"'"'s public key Q_Bequals H₂(B), where B is the proxy signer'"'"'s identity, and the proxy signer'"'"'s private key S_Bequals S_B=s·
      
      Q_B.
  - 4. The method of claim 3, wherein in the step (d), the signed warrant m_wcontains an explicit description of a delegation relation, the values for verifying the signature of the signed warrant (c_A, U_A) have the relationship of c_A=H₁(m_w∥
    - r_A) and U_A=c_AS_A+kP, respectively, where r_Aequals e(P, P)^kand k is an integer belonging to Z_q*.
  - 5. The method of claim 4, wherein the verifying step (e) accepts the signature only if c_A=H₁(m_w∥
    - r_A), where r_A=e (U_A, P) e (Q_A, P_pub)^−
      
      c^Aand the proxy signature key S_Pis described by S_P=c_AS_B+U_A.
  - 6. The method of claim 5, wherein in the step (f) the proxy signature is (m, c_P, U_P, m_wand r_A), where m is the delegated message, where c_Pequals H₁(m∥
    - r_P), where U_Pequals c_PS_P+k_PP, where r_Pequals e(P, P)^k^Pand where k_Pis an integer belonging to Z_q*.
  - 7. The method of claim 6, wherein the verifying step (g) accepts the signature only if c_P=H₁(m∥
    - r_P), where r_P=e (U_P, P) (e (Q_A+Q_B, P_pub)^H¹^m^w^∥
      
      r^A⁾·
      
      r_A)^−
      
      c^P.

8. An apparatus for generating and verifying an identity-based proxy signature by using bilinear pairings, comprising:
- means for generating system parameters, selecting a master key and then disclosing the system parameters by a trust authority;
  
  means for generating private keys of an original signer and a proxy signer based on the original signer'"'"'s identity and proxy signer'"'"'s identity, respectively, and then transferring the original signer'"'"'s private key and proxy signer'"'"'s private key to the original signer and proxy signer, respectively, through a secure channel by the trust authority;
  
  means for receiving and storing the system parameters and the original signer'"'"'s private key by the original signer, receiving and storing the system parameters and the proxy signer'"'"'s private key by the proxy signer and receiving and storing the system parameters by a verifier;
  
  means for generating a signed warrant, computing values for verifying the signature of the signed warrant by using at least one of the system parameters and transferring the signed warrant and the values to the proxy signer by the original signer;
  
  means for verifying the signature of the signed warrant by using the values and an original signer'"'"'s public key based on the original signer'"'"'s identity and then generating a proxy signature key by the proxy signer;
  
  means for proxy-signing a delegated message by using the proxy signature key by the proxy signer; and
  
  means for verifying the validity of the proxy signature by using at least one of the system parameters and a proxy signer'"'"'s public key based on the proxy signer'"'"'s identity by the verifier.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the system parameters include G₁, G₂, e, q, P, P_pub, H₁and H₂, where G₁is a cyclic additive group whose order is a prime q, G₂is a cyclic multiplicative group of the same order q, e is a bilinear paring defined by e:
    - G₁×
      
      G₁→
      
      G₂, P is a generator of G₁, P_pubis a trust authority'"'"'s public key having relationship of P_pub=s·
      
      P, where s is the master key, and H₁and H₂are hash functions, respectively, described by H₁;
      
      {0,1}*→
      
      Z_q* and H₂;
      
      {0,1}*→
      
      G₁, where Z_q* is a cyclic multiplicative group.
  - 10. The apparatus of claim 9, wherein the original signer'"'"'s public key Q_Aequals H₂(A), where A is the original signer'"'"'s identity, and the original signer'"'"'s private key S_Aequals s·
    - Q_A; and
      
      the proxy signer'"'"'s public key Q_Bequals H₂(B), where B is the proxy signer'"'"'s identity, and the proxy signer'"'"'s private key S_Bequals S_B=s·
      
      Q_B.
  - 11. The apparatus of claim 10, wherein the signed warrant m_wcontains an explicit description of a delegation relation, the values for verifying the signature of the signed warrant (c_A, U_A) have the relationship of c_A=H₁(m_w∥
    - r_A) and U_A=c_AS_A+kP, respectively, where r_Aequals e(P, P)^kand k is an integer belonging to Z_q*.
  - 12. The apparatus of claim 11, wherein the means for verifying the signature of the signed warrant accept the signature only if c_A=H₁(m_w∥
    - r_A), where r_A=e (U_A, P) e (Q_A, P_pub)^−
      
      c^Aand the proxy signature key S_Pequals c_AS_B+U_A.
  - 13. The apparatus of claim 12, wherein the proxy signature is (m, c_P, U_P, m_wand r_A), where m is the delegated message, where c_Pequals H₁(m∥
    - r_P), where U_Pequals c_PS_P+k_PP, where r_Pequals e(P, p)^k^Pand where k_Pis an integer belonging to Z_q*.
  - 14. The apparatus of claim 13, wherein the means for verifying the validity of the proxy signature accept the signature only if c_P=H₁(m∥
    - r_P), where r_P=e (U_P, P) (e (Q_A+Q_B, P_pub)^H¹^(m^w^∥
      
      r^A⁾·
      
      r_A)^−
      
      c^P.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Information and Communications University Educational Foundation
Original Assignee
Information and Communications University Educational Foundation
Inventors
Kim, Kwangjo, Choi, Hyunggi, Zhang, Fangguo

Application Number

US10/747,188
Publication Number

US 20050005126A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 9/083   involving central third par...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3247   involving digital signatures

Method and apparatus for generating and verifying an ID_based proxy signature by using bilinear pairings

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for generating and verifying an ID_based proxy signature by using bilinear pairings

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links