Multiuse Unidirectional ForwardSecure Proxy Resignature Scheme

1
Multi-use Unidirectional Forward-Secure Proxy
Re-signature Scheme
Workshop on Collaborative Security Technologies
(CoSec 2009)

• N.R.Sunitha
• Asst. Professor
• Department of Computer Science Engg.
• Siddaganga Institute of Technology, Tumkur,
  Karnataka

2
Overview

• Abstract
• Proxy Re-signature Scheme
• Properties that can be expected from proxy
  re-signature schemes.
• Forward-Secure signatures
• Forward-Secure Proxy Re-signature Scheme
• Multi-use Bi-directional Proxy Re-Signature
  Scheme
• Multi-use Unidirectional Proxy Resignature Scheme
• Applications in e-banking
• Conclusion

3
Abstract

• Blaze et al.s construction is bidirectional and
  multi-use.
• In 2005 Ateniese and Hohenberger proposed two
  constructions based on bilinear maps.
• They left as open challenges the design of
  multi-use unidirectional systems.
• Benoit Libert and Damien Vergnaud have given one
  solution based on bilinear groups.
• We propose another solution for multi-use
  unidirectional proxy re-signature scheme using
  the property of forward security.
• With a minor change in resigning key, we can make
  the scheme to behave as a multi-use bidirectional
  scheme.

4
Proxy Re-signature Scheme

• Here, a semi-trusted proxy acts as a translator
  between Alice and Bob to translate a signature
  from Alice into a signature from Bob on the same
  message.
• The proxy, however, does not learn any signing
  key and cannot sign arbitrary messages on behalf
  of either Alice or Bob.

5
Properties thatcan be expected from Proxy
re-signature schemes

• Unidirectional re-signature keys can only be
  used for delegation in one direction.
• Multi-use a message can be re-signed a
  polynomial number of times.
• Private Proxy re-signature keys can be kept
  secret by an honest proxy.
• Transparent a user may not even know that a
  proxy exists.
• Unlinkable a re-signature cannot be linked to
  the one from which it was generated.
• Key optimal a user is only required to store a
  constant amount of secret data.
• Non-interactive the delegatee does not act in
  the delegation process.
• Non-transitive the proxy cannot re-delegate
  signing rights.
• Temporary revoke the rights given to proxy.

6
Digital Signatures

• Suppose I have a secret key, corresponding to
  some public key which I have been using for a
  long time and at some time an attacker breaks
  into my computer and learns the secret key.
• It is clear that
• Attacker will be able to forge all messages sent
  by me.
• If the attacker recorded previously the
  signatures of messages sent by me, he will be
  able to forge even those signatures.
• Thus Digital Signatures are vulnerable to
  leakage of secret key.

7
Solutions

• We can change both public key secret key
• This prevents future forgery of signatures.
• This will not protect previously signed messages.
• Previously signed messages will have to re-signed
  with new pair of keys which is not feasible
  !!!!!!!!!!.
• Also changing keys frequently is not a feasible
  solution.

FORWARD SECURITY ADDRESSES THIS PROBLEM.
8
Forward Security

• Time is divided into N periods
• In any time period i secret key stored is
  dynamically updated using the secret key of
  previous time period (i-1) (SKi Upd(SKi-1)).
• Public key remains fixed.
• If the Upd function is one-way, exposure of SKi
  does not reveal SKi-1 (!)

SK0
SK1
SKi-1
SKi
SKN

SKi1


9
Forward Security

• Forward-secure systems guarantee that exposure of
  secret key, Ski ,in any time period i does not
  affect security of the system for any time
  period t lt i
• Thus the attacker will only be able to forge
  signatures sent after the secret key is exposed
  even if the sender of the message does not know
  when or whether the secret key is exposed or not.
  

10
Forward-Secure Signatures
Gen
Signer
SKj-1
Vrfy
Upd
Sign
11
Forward-Secure Proxy Re-signatureScheme

• As digital signatures, proxy re-signatures are
  also vulnerable to leakage of re-signing key.
• If the re-signing key is compromised, any one can
  become a proxy.
• To prevent future forgery of re-signatures, both
  the delegator as well as the delegatee must
  change their public key and secret key pair and a
  new re-signing key computed. But this will not
  protect previously signed messages such messages
  will have to be re-signed with new pair of public
  key and secret key which is not feasible.
• To address this problem, we use the concept of
  forward security for proxy re-signatures.

12
Multi-use Bi-directional Proxy Re-Signature Scheme
Key Generation Algorithm
13
Key Evolution
14

• Rekey Generation

15

• Signature Generation

16

• Re-Sign We verify the signature before we

17

• Signature Verification

18
Multi-use Unidirectional Proxy Resignature Scheme

• The key generation, key evolution and
  signature generation algorithms are same as the
  ones used in Forward-Secure Multiuse
  Uni-directional Proxy Re-Signature Scheme.

19
Re-Signature Key Generation (ReKey) On in-
20
Re-Sign Algorithm
21

• Signature Verification
• As for verification, a signature ltj, (Y,Z)gt
  for the message M in time period j is accepted if

22
Applications in e-banking

• Loan Sanctioning process
• Frequently changing public keys
• Accounts to be operated by a nominee
• Transferrable e-cheques

23
Conclusion

• We have proposed a solution for one of the open
  challenges for the design of multi-use
  unidirectional proxy re-signature systems.
• We have come up with a forward-secure proxy
  resignature scheme.
• Our scheme is a multi-use unidirectional scheme
  where the proxy is able to translate in only one
  direction and signatures can be re-translated
  several times.
• With a minor change in resigning key, we can make
  the scheme to behave as a multi-use bidirectional
  scheme.
• In view of the banking applications we have
  attempted to satisfy the following properties in
  our re-signature scheme private proxy,
  transparent, unlinkable, key optimal,
  interactive(as banking applications need),
  non-transitive and temporary.

24
Thank You