Authentication of Concast Communication
Mohamed Al-Ibrahim1, Hossein Ghodosi2, and Josef Pieprzyk3
1 Center for Computer Security Research, University of Wollongong
Wollongong, NSW 2522, Australia
[email]ibrahim@ieee.org[/email]
2 School of Information Technology, James CookU niversity
Townsville, Qld 4811, Australia
[email]hossein@cs.jcu.edu.au[/email]
3 Department of Computing, Macquarie University
Sydney, NSW 2109, Australia
[email]josef@ics.mq.edu.au[/email]
Abstract.
In this paper we tackle the problem of finding an efficient signature verification scheme when the number of signatures is signifi- cantly large and the verifier is relatively weak. In particular, we tackle the problem of message authentication in many-to-one communication networks known as concast communication. The paper presents three signature screening algorithms for a variant of ElGamal-type digital signatures. The cost for these schemes is n applications of hash functions, 2n modular multiplications, and n modular additions plus the verification of one digital signature, where n is the number of signatures. The paper also presents a solution to the open problem of finding a fast screening signature for non-RSA digital signature schemes.
Attack on a concast signature scheme
D.R. Stinson
School of Computer Science, University of Waterloo, Waterloo, ON, N2L 3G1, Canada
Abstract
Al-Ibrahim, Ghodosi and Pieprzyk proposed several methods of batch signature verification suitable for concast communication. These schemes are all based on El-Gamal-type signature schemes. We prove that their preferred scheme, which does not require interaction among the various signers, is insecure.
Abstract
The Internet is a large network comprising of many machines, such that nearly every major enterprise and institution in the world is part of it. This huge community performs information exchange on a mammoth scale using various communication technologies. Information exchanged is often confidential, sensitive and/or valuable. The style of the protocols used and how information flows through the numerous channels has changed greatly since the Internet's foundation, yet since the concept of public key encryption was first proposed, it has used an authentication function to secure communications. It has been shown that the present scheme is insecure allowing possible leaks of sensitive data.
Information should be protected and not leaked to strangers. This article proposes a solution to this very serious problem.
We present an improvement to concast authentication in signature protocols, which will prevent forgery attacks. Users do not divulge their secret key but still get authenticated based on a multicast or concast network environment.
Keywords: Concast communication, Digital signature, Discrete logarithm problem, Forgery attack
1. Introduction
Users of the basic digital signature scheme just assume that their messages are confidential and are ignorant of the possible dangers and weaknesses inherent in the underlying protocol. Any digital transaction can be the subject of an attack; and therefore non repudiation cannot be guaranteed to work. If an enterprise finds out that a key has been compromised, then it will be a time consuming and expensive task to identify all bogus messages and indeed contracts in their system. Obviously this is a matter of grave importance and our article seeks to eradicate these weaknesses. In the past, Al-Ibrahim, Ghodosi and Pieprzyk proposed several methods of batch signature verification suitable for concast communication (Al-Ibrahim et al., 2002). These schemes are all based on El-Gamal-type signature schemes. Stinson has proved that their preferred scheme, which does not require interaction among the various signers, is insecure.
We propose an improvement scheme of concast authentication in signature protocol. We point out how to efficiently protect this system. In Section 2, we review and discuss concast authenticated communication. In Section 3, we analyze the forgery attack discovered by Stinson (Stinson, 2004). In Section 4, we propose an improved scheme to defend against forgery attacks. Section 5 is our conclusion.
※ 这篇主要是改进 Authentication of Concast Communication 原本的 scheme,来防止 S. R. Stinson 教授的 attack。 这篇也是我在 digital singature 领域的得意作品之一。