An Identification Scheme Based on KEA1 Assumption
نویسندگان
چکیده
There are three well-known identification schemes: Fiat-Shamir, GQ and Schnorr identification schemes. All of them are proven secure against passive or active attacks under number theoretic assumptions. However, the efficiencies of reductions in those proofs are not tight, since they need “rewinding.” We show an identification scheme IDKEA1. Although it needs four exchanges of messages and slightly more exponentiations, IDKEA1 is proved to be secure under KEA1 assumption with tight reduction to DLA. The idea underlying IDKEA1 is to use extractable commitment for prover’s commitment. In the proof of security, the simulator can open the commitment in two different ways: one by the non-black-box extractor of KEA1 assumption and the another through the simulated transcript. So, we don’t need to rewind and can prove the security without the loss of efficiency of the reduction.
منابع مشابه
An Identification Scheme with Tight Reduction
There are three well-known identification schemes: the Fiat-Shamir, GQ and Schnorr identification schemes. All of them are proven secure against the passive or active attacks under some numbertheoretic assumptions. However, efficiencies of the reductions in those proofs of security are not tight, because they require “rewinding” a cheating prover. We show an identification scheme IDKEA1, which ...
متن کاملA Straight-Line Extractable Non-malleable Commitment Scheme
Non-malleability is an important security property of commitment schemes. The property means security against the man-in-the-middle attack, and it is defined and proved in the simulation paradigm using the corresponding simulator. Many known non-malleable commitment schemes have the common drawback that their corresponding simulators do not work in a straight-line manner, requires rewinding of ...
متن کاملAn efficient certificateless signcryption scheme in the standard model
Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i.e., large amount of computation, storage and communication costs for managing certificates) and ID-based public key cryptography (i.e., key escrow problem), simultaneously. A signcryption scheme is an important primitive in cryptographic protocols which ...
متن کاملParameters Identification of an Experimental Vision-based Target Tracker Robot Using Genetic Algorithm
In this paper, the uncertain dynamic parameters of an experimental target tracker robot are identified through the application of genetic algorithm. The considered serial robot is a two-degree-of-freedom dynamic system with two revolute joints in which damping coefficients and inertia terms are uncertain. First, dynamic equations governing the robot system are extracted and then, simulated nume...
متن کاملA Simple Explicit Guidance Scheme Based on Velocities-to-be-Gained.
In this paper, a closedloop strategy in the vertical plane is derived in order to determine the thrust direction of a launch vehicle in terms of velocitiestobe gained The two velocities-to-be-gained are utilized, here, for a given altitude and zero vertical speed in a specied nal time The formulation is obtained for constant gravity assumption, but it works when the velocitiesto-be-gained are o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005