the dual receiver cryptosystem and its applications
DESCRIPTION
The Dual Receiver Cryptosystem and its Applications. Presented by Brijesh Shetty. Overview. Dual Receiver Cryptosystem – Concept Interesting Applications Combined Cryptosystem Useful Puzzle Solving. Dual Receiver Cryptosystem. Encryption Scheme - PowerPoint PPT PresentationTRANSCRIPT
The Dual Receiver Cryptosystem The Dual Receiver Cryptosystem and its Applicationsand its Applications
Presented by Brijesh Shetty
OverviewOverview
Dual Receiver Cryptosystem – Concept
Interesting Applications Combined Cryptosystem Useful Puzzle Solving
Dual Receiver Cryptosystem
Encryption Scheme
Ciphertext can be decrypted by two independent receivers!
Bilinear Diffie Hellman Assumption (based on elliptic curves)
Elliptic Curve based Discrete Log problem
Given Y = k . P and Y,P(i.e P added to itself k times)
Find k ???? (P,P)--- g (Y,P)--- h By definition of Bilinear Curve, we get
h = gk [since (aP,bQ)=(P,Q)ab](Y,P)=(kP,P)=(P,P)k=gk
“ Key Escrow ” (in the context of Dual receiver)
An arrangement where keys needed to decrypt encrypted data must be held in escrow by a third party.
Eg. Govt. agencies can use it to decrypt messages which they suspect to be relevant to national security.
Dual Receiver Cryptosystem
Ciphertext C
Message m
Encrypt using public keys of
B and C
B
C
A
Decrypts to m
C can also decrypt!C does not learn about the private keys of B or A !!
Dual Receiver Cryptosystem- The Scheme
Some Definitions
(Semantically secure) Dual Receiver Cryptosystem scheme
Definitions (Randomised algorithms)
Key Generation algorithm K(k) = (e,d) & (f,g)
Encryption algorithm E e,f (m) = c
Definitions (contd..)
Decryption Algorithm D Dd,f (c) = m
Recovery Algorithm RRe,g (c) = m
Dual Receiver Cryptosystem- The Scheme
Some Definitions
(Semantically secure) Dual Receiver Cryptosystem scheme
Semantically secure Dual Receiver Cryptosystem
B
C
A
(x, xP)
(y, yP)
Message mRandom r
(u1,u2,u3)private
Hx is a hash fn associated with public key xP
Semantically secure Dual Receiver Cryptosystem
B
C
A
(x, xP)
(y, yP)
Message mRandom r u1 = rP
u2 = yPu3 = m+ Hx(<xP,yP>r)
Decryption
B<u1,u2>x = <rP,yP>x
= <xP,yP>r
= <P,P>xyr
U3 + Hx(<xP,yP>r) = m
Recovery (Second Receiver)
C
<u1,xP>y = <rP,xP>y
= <xP,yP>r
= <P,P>xyr
U3 + Hx(<xP,yP>r) = m
Dual Receiver Cryptosystem- The Scheme
Some Definitions
(Semantically secure) Dual Receiver Cryptosystem scheme
OverviewOverview
Dual Receiver Cryptosystem – Concept
Interesting Applications Combined Cryptosystem Useful Puzzle Solving
Combined Cryptosystem
We combine using a single key x
Dual Receiver Encryption
Signature
Signature (in Combined scheme)
Same key x . Hash I:{0,1}n -> G1
A B
Sign the hash
Message m
σ = x . I(m)
Verification..
BVerify
<P, σ > = <xP, I(m)>
B has m, σ
If they are same both must be equal <P,I(m)>x
Combined Cryptosystem
What is so special?
Dual receiver encryption facilitates escrow of the decryption capability & non escrow of the signature capability using the same key!!
The security of either of the schemes is not compromised
OverviewOverview
Dual Receiver Cryptosystem – Concept
Interesting Applications Combined Cryptosystem Useful Security Puzzles
Useful Security Puzzles
Application Areas When Server wants to rate-limit the
clients (against DOS attacks) Lighten the server’s computational
burden
Example : File Server
File Server (Security Puzzle)
Client
Abcde……
FileServer
¤¥§~¶…….
KsEke,Ka(Ks)
(C1,C2)[ ]STORING FILE
File Server … (Request File)¤¥§~¶……. (C1,C2)[ ]
C1, PaComputeDPa,Ke(C1)
Random pC1 = Eke,Ka(p)
u1 = Ks+ G(p)u2 = F(p,Ks,C1,u1)
C2 = [u1,u2]
G, F are hashes
TD1 G(TD1)+u1 = mCheck
u2=F(p,m,c,u1)
Client
Decryption..Computation intensive
XOR and hashDual Receiver Encrytpion
Thank you