SOME GROUP BASED AUTHENTICATION PROTOCOLS AND ZERO KNOWLEDGE PROOFS full report
seminar presentation Active In SP Posts: 582 Joined: Apr 2010 
06062010, 10:22 PM
SOME GROUP BASED AUTHENTICATION PROTOCOLS AND ZERO KNOWLEDGE PROOFS.docx (Size: 29.74 KB / Downloads: 58) SOME GROUP BASED AUTHENTICATION PROTOCOLS AND ZERO KNOWLEDGE PROOFS Presented By: Brijesh Kumar Chaurasia Computer Science and Engineering Department, IITM, India ABSTRACT A Group Signature schemes as a digital signature scheme comprises the following: Today incerasing number of applications demand a committed bandwidth and high speed for their transmission but still there is already an urgent need of secure data transmission . My paper simply define the group signature and zero knowledge proofs protocols and applying these protocols we can prevent misuse of group signatures and the technique of group signatures can be used more effectively. 1. INTRODUCTION Group Signature, introduced by David Chaum and Eugene Van Heyst, CWI Centre for Mathematics and Computer Science, Netherlands. A series of improvements and enhancements followed [1,2,3,4,5]. Group Signature is a technique which allows only the members of a Group to sign a message without revealing the identity of signer but a group authority can verify the signer of a group. In Toto Group Signatures are a "generalization" of credential mechanism and membership (authentication) schemes, in which a group a group member can convince a verifier that he belongs to a certain group, without revealing his identity, In short Group Signature is characterized by the following points: Only members of the group can sign message. The receiver of the signature can verify that it is a valid signature from the group. The receiver of the signature cannot determine which member of the group is the signer. In the case of a dispute, the signature can be opened 1. Setup, 2. Join, 3. Sign, 4. Verify, 5. Open. 1. Setup: An interactive setup protocol between the membership manager, the group members, and the revocation manager. On input of a security parameter 1? this probabilistic algorithm outputs the initial group public key P and the secret key S for the group manager. The membership manager is responsible for the system setup and for adding group members while revocation manager has the ability to revoke the anonymity of the signatures. 2. Join: An interactive protocol between the group manager and a user that result in the user becoming a new group member. 3. Sign: An interactive protocol between the group member and a user whereby a group signature on a user supplied message is computed by the group member. Verify: An algorithm for establishing the validity of a group signature given a group public key and a signed message. Open: An algorithm that, given a signed message and a group secret key, determines the identity of the signer. A secure group signature schemes must satisfy the following prosperities: 1. Correctness: Signatures produced by a group member using sign must be accepted by verify. to reveal the identity of the signer. 2. Anonymity: Given a signature, identifying the actual signer is computationally difficult for everyone but the group member. 3. Unlinkability: Deciding whether two different signatures have been computed by the same group member is computationally hard. 4. No framing: Even if the group manager and some of the group members collude, they cannot sign on behalf of noninvolved group member. 5. Traceability: The group manager can always established the identity of the member who issued a valid signature. 6. Coalitionresistance: A colluding subset of group members cannot generate a valid signature that cannot be traced. A group signature allows any member of a group to sign on behalf of the group. Group signatures are publicly verifiable and can be verified with respect to a single group public key. Only a designated group manager can revoke the anonymity of the group signature and find out the identity of the group member who issued a given signature. Furthermore, group signatures are unlikable, which makes it computationally hard to establish whether or not multiple signatures are produced by the same group member. At the same time, no one, including the group manager, can misattribute a valid group signature. A group signature scheme could for instance be used in many specialized applications, such as voting and binding. A group signature scheme could be used by an employee of a large company to sign documents on behalf of company. A further application of a group signature scheme is electronic cash. In this case several banks issue coins, but it is impossible for shops to find out which bank issued a coin that is obtained from a customer. Central bank plays the role of the group manager, with all the other banks issuing coins as group members. 2. ZERO KNOWLEDGE Zeroknowledge protocols allow identification, key exchange and other basic cryptographic operations to be implemented without leaking any secret information during the conversation and with smaller computational requirements than using comparable public key protocols. Thus Zeroknowledge protocols seem very attractive especially in smart card and embedded applications. There is quite a lot written about Zeroknowledge protocols in theory, but not so much practical downto earth material is available even though Zeroknowledge techniques have been used in many applications. 3. ZEROKNOWLEDGE PROTOCOL BASIC ZeroKnowledge protocols ,as their name says, are cryptographic protocols which di not reveal the information or secret itselfs during the protocols ,or any eavesdropper. They have some very interesting properties, e.g. as the secret itself (e.g. your identity) is not transferred t the verification part, they cannot try to masquerade as you to any third party. Although ZeroKnowledge protocols looks a bit unusual, must usual cryptographics problems can be solved by using them, as well as with pulic key cryptography. For some application, like key exchange (For later normal cheap and some application, likes key exchange (for later normal cheap and fast symmetric encryption on the communication link ) r proving mutual identities, zero Knowledge protocols can in many occasions be a very good and Suitable solution. 4. ZEROKNOWLEDGE TERMINOLOGY The secret means some piece of information, be it a password, the private key of a public key cryptosystem, a solution to some mathematical problem or a set of credentials. With ZeroKnowledge protocols, the prover can convince the verifier that she is in possession of the knowledge, the secret ,without revealing the secret itself, unlike e.g. normal usernamepassword queries. Accreditation means the building of confidence in each iteration of the protocol. If in one step of a Zero Knowledge protocol, the chance f an impostor being able to provide the answer is 1 in 2, The chances of her passing an entire conversation are 2^ (number of accreditation rounds). Often the prover will offer a problem (i,e particular numeric values for a generic hardtosolve mathematical problem, e.g. factoring extremely large numbers, which will ask for one of the 2 or or more possible solution to the hard mathematical problem, she is ables to provide any of the solution ask for. If she doesâ„¢t know the real solution, she can not provide all of the possible solutions, and if the verifier asks for one of the Cutand0choose protocols work in the way, that one failure means the failure of the whole protocol (i.e. that the prover is not legitimate), but you can keep working on the protocol as long as you want, if the prover is legitimate. After you reach the level of confidence you need without being cut off, the protocol is successful. The notion of ZeroKnowledge was set forward by Goldwasser, Micali and Rackoff[6]. Essentially, a Zero Knowledge protocol allows a prover to convince a verifier of an assertion without disclosing any information to the verifier beyond the validity of that assertion. In the context of [6,8], all Zero Knowledge protocol will necessary protocol will necessarily disclose more than the validity of the assertion: the fact the prover knows why this assertion is valid is also disclosed. (In the context of interactive proofs, the fact that the prover has this knowledge is implied by her unbounded computing power). Nevertheless, this additional piece of information revealed when the proverâ„¢s computing power is limited makes it possible to design protocols that actually reveal less than would be possible for any (interesting) interactive proofs in which the prover has unbounded computing power: these are the proofs of Zero Knowledge discussed at the end of the previous section. A protocol is perfect Zeroknowledge [7] if the verifier does not learn anything at all from the interaction beyond the validity of the assertion involved and if relevantâ€ the fact that the prover knows why it is valid. In order to define this notion more formally, on has to consider the view of what the verifier sees during his interaction with the prover. This consists of the outcome of his random coin tosses as well as of everything that the prover tells him during the interaction. Because of the probabilistic nature of interactive protocols (including random choices made by the prover), a probability distribution is defined on the verifier. A protocol is perfect Zeroknowledge if , to each polynomialtime verifier, there corresponds a polynomialtime simulator capable of producing a view taken from exactly the same probability distribution without ever talking to the prover. Intuitively, the existence of this simulator shows that the verifier does not learn anything from the interaction since the prover does not tell him anything that he could not have produced by himself (probabilistically speaking). Using this Zero Knowledge proofs protocol in group signature we can identify that who is signer and without reveal that signature. If this concept is works that another advantage that a ZeroKnowledge protocol allows a prover to convince a verifier of an assertion without disclosing any information to the verifier beyond the validity of that assertion 5. CONCLUSION In this paper there are two folds: To simplify and unify the proofs for the protocols for the Zeroknowledge property and to apply these in group signature theory. Using these, we believe that the misuse of group signatures can be minimized and the technique of group signatures can be used more efficiently. 6. REFERENCES [1] D. Chaum, and E. van Heijt, Group signature, Advances in Cryptology  Eurocrypt â„¢91, springerVerlag(1991) 257 265. [2] J. Camenish. Efficient and generalized group signatures. In W. Fumy, editor, Advanced in Cryptology  EUROCRYPT â„¢97, volume 1233 of Lecture Notes in computer science, pages 465479. springer Verlag, 1997. [3] L.chen and T. P. Pedersen. New group signatures schemes. In A De. Santis, editor, Advanced in Cryptology  EUROCRYPT â„¢94, volume 950 of Lecture Notes in computer science, pages 171181. Springer Verlag, 1995. [4] S. J. kim, S. J. Park, and D. H. Won. Convertible group signatures. In K. Kim and T. Matsumoto, editors, Advanced in Cryptology  ASIACRYPT â„¢96, volume 1163 of Lecture Notes in computer science, pages 311321. springer Verlag, 1996. [5] H. Petersen. How to convert any digital signature scheme into a group signature scheme. In M. Lomas and S. Vaudenay, editors, Security Protocols Workshop, Paris,1997. [6] Goldwasser, Micalie, Racoff. The Knowledge complixity of interactive proof system, 1985. [7] Goldreich., Micali, and Wigderson. How to Prove All NPStatements in ZeroKnowledge and a Methodology of Cryptographic Protocol Design, 1986. s D. M. Gorden and K. S. McCurely. Massively parallel computation of discrete logarithms, Advances in cryptology â€œ CRYPTO Ëœ92, p.g. 312323, Springer Verlag , [GMR86],1993. AUTHOR PROFILE Brijesh Kumar Chaurasia,Reader, CSE,IITM, . Profile:M.Tech. (Computer Science) from Devi Ahilya Vishwa ,Vidhialaya, Indore (M.P.).Area of Expertise and Interest: Web Mining, Data Mining, Search Engine Technology ,OOAD with UML, Software Testing, Cryptography.Experience detailsresently I am working as a Reader in Computer Science and Engineering, IITM, Gwalior (M.P.).Five Years experience as a Lecturer in ITM Universe, Sithouli,Gwalior (M. P.),1.5 years experience in design and development of Sunâ„¢s applications using J2EE under Windows environment Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion



