Abstract
Most identity-based identification (IBI) schemes proposed in recent literature are built using pairing operations. This decreases efficiency due to the high operation costs of pairings. Furthermore, most of these IBI schemes are proven to be secure against impersonation under active and concurrent attacks using interactive assumptions such as the one-more RSA inversion assumption or the one-more discrete logarithm assumption, translating to weaker security guarantees due to the interactive nature of these assumptions. The Schnorr-IBI scheme was first proposed through the Kurosawa-Heng transformation from the Schnorr signature. It remains one of the fastest yet most secure IBI schemes under impersonation against passive attacks due to its pairing-free design. However, when required to be secure against impersonators under active and concurrent attacks, it deteriorates greatly in terms of efficiency due to the protocol having to be repeated multiple times. In this paper, we upgrade the Schnorr-IBI scheme to be secure against impersonation under active and concurrent attacks using only the classical discrete logarithm assumption. This translates to a higher degree of security guarantee with only some minor increments in operational costs. Furthermore, because the scheme operates without pairings, it still retains its efficiency and superiority when compared to other pairing-based IBI schemes.
Highlights
Identification schemes, first proposed by Fiat and Shamir [1], are a cryptographic primitive that allows one party, called the prover, to verify himself to another party, the verifier, with the verifier learning nothing else other than the fact that the prover knows the prover’s secret key as claimed
We show that the Schnorr-identity-based identification (IBI) scheme is able to be proven secure against impersonation under active and concurrent attacks using only the classical discrete logarithm assumption, which is an improvement in terms of security guarantee over the results of [8] of using the decisional DiffieHellman assumption
Implementation Results we run an instantiation of the TwinSchnorr-IBI written in Java utilizing the Java Cryptography Architecture and Java Cryptography Extension libraries to showcase the actual running time results
Summary
Identification schemes, first proposed by Fiat and Shamir [1], are a cryptographic primitive that allows one party, called the prover, to verify himself to another party, the verifier, with the verifier learning nothing else other than the fact that the prover knows the prover’s secret key as claimed. We show that the Schnorr-IBI scheme is able to be proven secure against impersonation under active and concurrent attacks using only the classical discrete logarithm assumption, which is an improvement in terms of security guarantee over the results of [8] of using the decisional DiffieHellman assumption. This comes at a small cost to storage and operation.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have