Fuzzy Identity Based Signature

Based on P Yang et al 2008

Kittipat Virochsiri

Introduction

• What is it?• Applications

An Identity Based Signature scheme

With some error tolerance A signature issued by a user with identity can

be verified by another user with identity If and are within a certain distance judged by

some metric

What is it?

Attribute-based signature Biometric identity based signature

Applications

Preliminaries

• Bilinear Pairing• Computational Diffie-Hellman

• Threshold Secret Sharing Schemes

Let and be multiplicative groups of the same

prime order Bilinear pairing is a map with following

properties: Bilinear: , where and Non-degeneracy: Computability: It is efficient to compute for all

Bilinear pairing

Computational Diffie-Hellman (CDH)

Challenger

Adversary

(g , A=ga ,B=gb )

gab∈𝔾

An adversary has at least advantage if: The computational (t,) - DH assumption holds

if no polynomial-time adversary has at least advantage in solving the game

CDH Assumption

Threshold Secret Sharing Scheme

Let:

be a finite field with elements be the secret

Assign every player with a unique field element

Set of players , where can recover secret using

Threshold Secret Sharing Scheme

Fuzzy Identity Based Signature (FIBS)

schemeConsisted of 4 steps:• Setup• Extract• Sign• Verify

FIBS schemes

Setup

Extract

Sign

Verify

1k

mk

params

ID

D ID

M

𝜎

ID ′

0/1

Security Model

Unforgeable Fuzzy Identity Based Signature against Chosen-Message Attack (UF-FIBS-CMA)

Security Model

Adversary

Setup

params𝛼

Signing

Oracle

Private Key Oracle

𝛾 i,|𝛾 i∩𝛼

∗ |<d

K𝛾 i

(M i ,𝛼 )

𝜎 i

for

’s success probability is

The fuzzy identity based signature scheme FIBS is said to be UF-FIBS-CMA secure if is negligible in the security parameter

Definition

The Scheme

0/1invalid/validID ′𝜔 ′

𝜎

D ID

S

K 𝜔

ID𝜔

mkMK

params

1k

PP

n,d

FIBS schemes

Setup

Extract

Sign

Verify

M

and are groups of the prime order Bilinear pairing is a generator of Identities are sets of elements of

Building Blocks

Choose Choose uniformly random from Let be the set

Select a random integer Select a random vector Public parameters Master key

Setup

Choose a random degree polynomial such

that Return

is a random number from defined for all

Extract

A bit string Select a random for Output

Sign

where Choose an arbitrary -element subset of Verify

Verify

Correctness check

Security Proof

Security Game

Adversary

Setup

params𝛼∗

Signing

Oracle

Private Key Oracle

𝛾 ,|𝛾∩

𝛼∗ |<d

K𝛾

(M ,𝛼∗ )

𝜎

for

(g ,ga , gb ) gabSimulator

Let be an adversary that makes at most

signature queries and produces a successful forgery against the scheme with probability in time

Then there exists an algorithm that solves the CDH problem in with probability in time

Theorem

Select a random identity Choose

A random number Random numbers in the interval Random exponents

Setup

Let and Choose

A random degree polynomial An degree polynomial such that if and only if

for from to

Setup

Answer private key query on identity

Define , ,

and

Private Key Oracle

Define private key for For

and are chosen randomly in For

Private Key Oracle

Define degree polynomial as Let For , it can be shown that

Private Key Oracle

Answer signature query on identity for some

If , then the simulator aborts Select a random set

Signing Oracle

For

is chosen randomly in For

Signing Oracle

Pick random , for Compute

Signing Oracle

For , it can be shown that

Signing Oracle

Output a valid forgery on for identity

If or , then aborts.

Producing Forgery

For some

Producing Forgery

Select a random set such that and Compute

Producing Forgery

could solve the CDH instance by outputting

The probability is

Solving CDH

Issues

• Privacy• Capture and replay

No anonymity for signer

Privacy

Only secure when forgery of identity can be

detected

Capture and replay

Conclusion

Allows identity to issue a signature that

identity can verify Provided that and are within some distance

Unforgeable against adaptively chosen message attack

Conclusion

Thank you

Question?

1. Dan Boneh and Matthew K. Franklin. Identity-based encryption from the

weil pairing. In CRYPTO ’01: Proceedings of the 21st Annual International Cryptography Conference on Advance in Cryptology, page 213-229, London, UK, 2001. Springer-Verlag.

2. Jin Li and Kwangjo Kim. Attribute-based ring signature. Cryptology ePrint Archive, Report 2008/394, 2008.

3. Amit Sahai and Brent Waters. Fuzzy Identity-Based encryption. In Advance in Cryptography – EUROCRYPT 2005, page 457-473. 2005.

4. Siamak F Shahandashti and Reihaneh Safavi-Naini. Threshold attribute-based signatures and their application to anonymous credential systems. Cryptology ePrint Archive, Report 2009/126, 2009.

5. Brent Waters. Efficient Identity-Based encryption without random oracles. In Advance in Cryptography – EUROCRYPT 2005, page 114-127. 2005.

6. Piyi Yang, Zhenfu Cao, and Xiaolei Dong. Fuzzy identity based signature. Cryptology ePrint Archive, Report 2008/002, 2008.

References