key replacement attack on a certificateless signature scheme
DESCRIPTION
Key Replacement Attack on a Certificateless Signature Scheme. Zhenfeng Zhang and Dengguo Feng Presenter: Yu-Chi Chen. Outline. Yap-Heng-Goi Certificateless Signature Scheme Public Key Replacement Attack on the Yap-Heng-Goi Scheme Remark. CL-PKC. CL-PKC is better than PKC and ID-PKC. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Key Replacement Attack on a Certificateless Signature Scheme](https://reader036.vdocuments.pub/reader036/viewer/2022082818/5681355f550346895d9cc4f5/html5/thumbnails/1.jpg)
Key Replacement Attack on a Certificateless Signature Scheme
Zhenfeng Zhang and Dengguo Feng
Presenter: Yu-Chi Chen
![Page 2: Key Replacement Attack on a Certificateless Signature Scheme](https://reader036.vdocuments.pub/reader036/viewer/2022082818/5681355f550346895d9cc4f5/html5/thumbnails/2.jpg)
Outline
• Yap-Heng-Goi Certificateless Signature Scheme
• Public Key Replacement Attack on the Yap-Heng-Goi Scheme
• Remark
112/04/20 2
![Page 3: Key Replacement Attack on a Certificateless Signature Scheme](https://reader036.vdocuments.pub/reader036/viewer/2022082818/5681355f550346895d9cc4f5/html5/thumbnails/3.jpg)
CL-PKC
• CL-PKC is better than PKC and ID-PKC.– CL-PKC does not need the certificate for identity
and the management about certificate.
– CL-PKC solves the key escrow problem in ID-PKC.
– KGC only generates the user’s partial-private-key.
112/04/20 3
![Page 4: Key Replacement Attack on a Certificateless Signature Scheme](https://reader036.vdocuments.pub/reader036/viewer/2022082818/5681355f550346895d9cc4f5/html5/thumbnails/4.jpg)
112/04/20 4
Yap-Heng-Goi scheme
keyprivpartialIDsH
IDsHS
keymasterssPS
i
ii
T
__:)(
),(
_:,
1
1
),(:
)(
)||(
_
2
VUSignature
YhlV
UmHh
lQU
lrandom
i
i
),(),( iiT hQUXSeVPe
qZH
GH
*
2
11
}1,0{:
(.)
Sign:
Verify:
pkPxX
skSQxY
xrandom
ii
iii
i
:
:
_
![Page 5: Key Replacement Attack on a Certificateless Signature Scheme](https://reader036.vdocuments.pub/reader036/viewer/2022082818/5681355f550346895d9cc4f5/html5/thumbnails/5.jpg)
An Attack on the Yap-Heng-Goi Scheme
• Replacement attack:
• An attacker uses public key replacement to generate a forged signature without knowing the master-key.
• The forged signature is valid via the verification.
112/04/20 5
![Page 6: Key Replacement Attack on a Certificateless Signature Scheme](https://reader036.vdocuments.pub/reader036/viewer/2022082818/5681355f550346895d9cc4f5/html5/thumbnails/6.jpg)
An Attack on the GS Scheme
• The attacker chooses a random and replaces A's public key with the value
• It is able to generate a signature
• This signature (U,V) can be valid via Verify.
112/04/20 6
qZk
Ti StPX
)( ihQUtV
),())(,( iTii hQUSXehQUtPe
![Page 7: Key Replacement Attack on a Certificateless Signature Scheme](https://reader036.vdocuments.pub/reader036/viewer/2022082818/5681355f550346895d9cc4f5/html5/thumbnails/7.jpg)
Remark.
• For example for signature,
• Remarks of the public key replacement attack.
112/04/20 7
...
...
...)(...
3
2
1
xBsAV
sxAV
AxsxAsAV