A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao Source:...
-
Upload
elfreda-mcdonald -
Category
Documents
-
view
218 -
download
2
Transcript of A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao Source:...
A novel and efficient unlinkable secret handshakes scheme
Author: Hai Huang and Zhenfu Cao
Source: IEEE Comm. Letters 13 (5) (2009)
Presenter: Yu-Chi Chen
Outline
• Introduction• Huang and Cao’s scheme• Conclusions
Introduction
• A secret handshakes– affiliation-hiding authentication– firstly introduced by Balfanz et al.– For example, two FBI agents, Alice and Bob, want
to discover and communicates with other agents, but they don’t want to reveal their affiliations to non-agents.
Introduction
• An unlinkable secret handshakes – provide unlinkability– an adversary cannot link any two different
instances of same party.• Given C, to guess C is AB, A’B’, or other.• unlinkability has been widely considered in many
applications.
Introduction
• Jarecki et al.’s scheme– an unlinkable secret handshakes – not efficient
• Huang and Cao presented an unlinkable secret handshake scheme– novel and efficient– Simple, so it can be published in IEEE-CL.
Outline
• Introduction• Huang and Cao’s scheme• Conclusions
Huang and Cao’s scheme
This figure is copied from IEEE Comm. Letters 13 (9) (2009), page 731
Conclusions
• Huang and Cao analyzed this scheme can provide authenticated key exchange security, affiliation-hiding, and unlinkability.
• The scheme is more efficient than Jarecki et al.’s.
On the security of a novel and efficient unlinkable secret
handshakes schemeAuthor: Renwang Su
Source: IEEE Comm. Letters 13 (9) (2009)
• Su found Huang and Cao’s scheme is not secure.– Cannot provide authenticated key exchange
security.
This figure is copied from IEEE Comm. Letters 13 (9) (2009), page 731
Security analysis of an unlinkable secret handshakes
schemeAuthor: T.-Y. Youn and Y.-H. Park
Source: IEEE Comm. Letters 14 (1) (2009)
• Youn and Park also found Huang and Cao’s scheme is not secure.– Cannot provide authenticated key exchange
security and affiliation-hiding.
Receiving vB, then try find PK where vB=H1(KA, (PK, EA, EB), resp)