Documente Academic
Documente Profesional
Documente Cultură
Brijesh Kumar Chaurasia Computer Science and Engineering Department, IITM, India ABSTRACT
Today incerasing number of applications demand a committed bandwidth and high speed for their transmission but still there is already an urgent need of secure data transmission . My paper simply define the group signature and zero knowledge proofs protocols and applying these protocols we can prevent misuse of group signatures and the technique of group signatures can be used more effectively.
1. INTRODUCTION
Group Signature, introduced by David Chaum and Eugene Van Heyst, CWI Centre for Mathematics and Computer Science, Netherlands. A series of improvements and enhancements followed [1,2,3,4,5]. Group Signature is a technique which allows only the members of a Group to sign a message without revealing the identity of signer but a group authority can verify the signer of a group. In Toto Group Signatures are a "generalization" of credential mechanism and membership (authentication) schemes, in which a group a group member can convince a verifier that he belongs to a certain group, without revealing his identity,
2. Anonymity: Given a signature, identifying the actual signer is computationally difficult for everyone but the group member. 3. Unlinkability: Deciding whether two different signatures have been computed by the same group member is computationally hard. 4. No framing: Even if the group manager and some of the group members collude, they cannot sign on behalf of non-involved group member. 5. Traceability: The group manager can always established the identity of the member who issued a valid signature. 6. Coalition-resistance: A colluding subset of group members cannot generate a valid signature that cannot be traced. A group signature allows any member of a group to sign on behalf of the group. Group signatures are publicly verifiable and can be verified with respect to a single group public key. Only a designated group manager can revoke the anonymity of the group signature and find out the identity of the group member who issued a given signature. Furthermore, group signatures are unlikable, which makes it computationally hard to establish whether or not multiple signatures are produced by the same group member. At the same time, no one, including the group manager, can misattribute a valid group signature. A group signature scheme could for instance be used in many specialized applications, such as voting and binding. A group signature scheme could be used by an employee of a large company to sign documents on behalf of company. A further application of a group signature scheme is electronic cash. In this case several banks issue coins, but it is impossible for shops to find out which bank issued a coin that is obtained from a customer. Central bank plays the role of the group manager, with all the other banks issuing coins as group members.
requirements than using comparable public key protocols. Thus Zero-knowledge protocols seem very attractive especially in smart card and embedded applications. There is quite a lot written about Zero-knowledge protocols in theory, but not so much practical down-toearth material is available even though Zero-knowledge techniques have been used in many applications.
4. ZERO-KNOWLEDGE TERMINOLOGY
The secret means some piece of information, be it a password, the private key of a public key cryptosystem, a solution to some mathematical problem or a set of credentials. With Zero-Knowledge protocols, the prover can convince the verifier that she is in possession of the knowledge, the secret ,without revealing the secret itself, unlike e.g. normal username-password queries. Accreditation means the building of confidence in each iteration of the protocol. If in one step of a ZeroKnowledge protocol, the chance f an impostor being able to provide the answer is 1 in 2, The chances of her passing an entire conversation are 2^- (number of accreditation rounds). Often the prover will offer a problem (i,e particular numeric values for a generic hard-to-solve mathematical
2. ZERO KNOWLEDGE
Zero-knowledge protocols allow identification, key exchange and other basic cryptographic operations to be implemented without leaking any secret information during the conversation and with smaller computational
problem, e.g. factoring extremely large numbers, which will ask for one of the 2 or or more possible solution to the hard mathematical problem, she is ables to provide any of the solution ask for. If she doest know the real solution, she can not provide all of the possible solutions, and if the verifier asks for one of the Cut-and0choose protocols work in the way, that one failure means the failure of the whole protocol (i.e. that the prover is not legitimate), but you can keep working on the protocol as long as you want, if the prover is legitimate. After you reach the level of confidence you need without being cut off, the protocol is successful. The notion of Zero-Knowledge was set forward by Goldwasser, Micali and Rackoff[6]. Essentially, a ZeroKnowledge protocol allows a prover to convince a verifier of an assertion without disclosing any information to the verifier beyond the validity of that assertion. In the context of [6,8], all Zero -Knowledge protocol will necessary protocol will necessarily disclose more than the validity of the assertion: the fact the prover knows why this assertion is valid is also disclosed. (In the context of interactive proofs, the fact that the prover has this knowledge is implied by her unbounded computing power). Nevertheless, this additional piece of information revealed when the provers computing power is limited makes it possible to design protocols that actually reveal less than would be possible for any (interesting) interactive proofs in which the prover has unbounded computing power: these are the proofs of ZeroKnowledge discussed at the end of the previous section. A protocol is perfect Zero-knowledge [7] if the verifier does not learn any-thing at all from the interaction beyond the validity of the assertion involved and --if relevant the fact that the prover knows why it is valid. In order to define this notion more formally, on has to consider the view of what the verifier sees during his interaction with the prover. This consists of the outcome of his random coin tosses as well as of everything that the prover tells him during the interaction. Because of the probabilistic nature of interactive protocols (including random choices made by the prover), a probability distribution is defined on the verifier. A protocol is perfect Zero-knowledge if , to each polynomial-time verifier, there corresponds a polynomial-time simulator capable of producing a view taken from exactly the same probability distribution without ever talking to the prover. Intuitively, the existence of this simulator shows that the verifier does not
learn anything from the interaction since the prover does not tell him anything that he could not have produced by himself (probabilistically speaking). Using this Zero Knowledge proofs protocol in group signature we can identify that who is signer and without reveal that signature. If this concept is works that another advantage that a Zero-Knowledge protocol allows a prover to convince a verifier of an assertion without disclosing any information to the verifier beyond the validity of that assertion
5. CONCLUSION
In this paper there are two folds: To simplify and unify the proofs for the protocols for the Zero-knowledge property and to apply these in group signature theory. Using these, we believe that the misuse of group signatures can be minimized and the technique of group signatures can be used more efficiently.
6. REFERENCES
[1] D. Chaum, and E. van Heijt, Group signature, Advances in Cryptology - Eurocrypt 91, springer-Verlag(1991) 257265. [2] J. Camenish. Efficient and generalized group signatures. In W. Fumy, editor, Advanced in Cryptology EUROCRYPT 97, volume 1233 of Lecture Notes in computer science, pages 465-479. springer Verlag, 1997. [3] L.chen and T. P. Pedersen. New group signatures schemes. In A De. Santis, editor, Advanced in Cryptology - EUROCRYPT 94, volume 950 of Lecture Notes in computer science, pages 171-181. Springer Verlag, 1995. [4] S. J. kim, S. J. Park, and D. H. Won. Convertible group signatures. In K. Kim and T. Matsumoto, editors, Advanced in Cryptology - ASIACRYPT 96, volume 1163 of Lecture Notes in computer science, pages 311-321. springer Verlag, 1996. [5] H. Petersen. How to convert any digital signature scheme into a group signature scheme. In M. Lomas and S. Vaudenay, editors, Security Protocols Workshop, Paris,1997. [6] Goldwasser, Micalie, Racoff. The Knowledge complixity of interactive proof system, 1985. [7] Goldreich., Micali, and Wigderson. How to Prove All NP-Statements in Zero-Knowledge and a Methodology of Cryptographic Protocol Design, 1986.
s
.
D. M. Gorden and K. S. McCurely. Massively parallel computation of discrete logarithms, Advances in cryptology CRYPTO 92, p.g. 312-323, Springer Verlag , [GMR86],1993.
[8]
AUTHOR PROFILE
Brijesh Kumar Chaurasia,Reader, CSE,IITM, Profile:M.Tech. (Computer Science) from Devi Ahilya Vishwa ,Vidhialaya, Indore (M.P.).Area of Expertise and Interest: Web Mining, Data Mining, Search Engine Technology ,OOAD with UML, Software Testing, Cryptography.Experience details:Presently I am working as a Reader in Computer Science and Engineering, IITM, Gwalior (M.P.).Five Years experience as a Lecturer in ITM Universe, Sithouli,Gwalior (M. P.),1.5 years experience in design and development of Suns applications using J2EE under Windows environment