Oblivious Signature-Based Envelope scheme (OSBE) Presented By: - - PowerPoint PPT Presentation

▶

Dec 01, 2023 183 likes •341 views

Oblivious Signature-Based Envelope scheme (OSBE) Presented By: Khaled Rabieh Supervisor: Dr. Mohamed Mahmoud Outline - What is Oblivious Signature-Based Envelope (OSBE)? - Applications - cryptosystem - Analysis 2 Problem Formulation -

SLIDE 1

Presented By: Khaled Rabieh

Oblivious Signature-Based Envelope scheme (OSBE)

Supervisor: Dr. Mohamed Mahmoud

SLIDE 2

2

Outline

What is Oblivious Signature-Based Envelope (OSBE)?
Applications
cryptosystem
Analysis

SLIDE 3

3

Problem Formulation

Alice and Bob need to communicate based on some attributes
n their certificates.
They should exchange certificates
However,

revealing some attributes in the certificate are sensitive such as top-secret clearance. Bob Bob’s certificate Alice Alice’s certificate Secure session

SLIDE 4

4

Oblivious Signature-Based Envelope

Alice can prove to Bob that it has a third party signature on m

without revealing the signature to Bob Bob m = I am an FBI Agent Alice If you are FBI, decrypt this packet Enc(P) Bob can prove to Alice that he has a signature

n m if he recovers P

SLIDE 5

5

Applications

Online Publishing library
OSBE enables users to gain access without disclosing which
rganizations they are members of. (Privacy preserving)

Request for docs with out sending the certificate, Encrypted envelope that contains a certain message The user can recover the message if he has a valid certificate

SLIDE 6

6

OSBE based on RSA signature

RSA Signature

Choose p, q are two large random prime numbers
Compute n = p*q
Compute Φ(n) = (p-1) * (q-1)
Choose two random numbers e,d such that ed=1 mod Φ(n)
Public key is (e, n)
Private key is d
Signature is SIG(m) = δ = H(m)d
Verification (m, δ)
Check if H(m) = δe (mod n) = H(m)de =H(m)

SLIDE 7

7

OSBE based on RSA signature

 Party R1 needs to prove to S that he has a valid third party signature on a known message M

S R1

SLIDE 8

8

OSBE based on RSA signature

h = H(m) X and y are random numbers

signature blinded with random secret

Signature Symmetric key

SLIDE 9

9

OSBE based on RSA signature

Diffie-Hellman base hde =h RSA decryption

SLIDE 10

10

Analysis OSBE based on RSA signature

 S can not extract the signature of R1 because it is blinded by hx.  S can be sure that R1 indeed has the signature if R1 decrypts Enc(P)  R1 proves to S that he has a valid signature though not revealing his sensitive attributes in his certificate.

SLIDE 11

11

Performance Analysis

R1 needs 1 multiplication and 1 exponentiation to generate S needs 2 multiplications and 2 exponentiations to generate R1 needs 1 exponentiation operation to generate

SLIDE 12

Questions

SLIDE 13

13

OSBE based on BLS signatures  BLS signatures  There exists one multiplicative group G1 with generator g  There exists a bilinear map e such that e(G1,G1) =G2  Choose a random element x belongs to Z*

p.

 The public key is h=gx and x is a private key.  A hash function H that maps from {0,1}* to G1  To sign a message m, the signature δ = H(m)x  To verify a signature, check if

e(g, δ) == e(h,H(m))

SLIDE 14

Presented By: Khaled Rabieh

Oblivious Signature-Based Envelope scheme (OSBE)

Supervisor: Dr. Mohamed Mahmoud

2

Outline

3

Problem Formulation

revealing some attributes in the certificate are sensitive such as top-secret clearance. Bob Bob’s certificate Alice Alice’s certificate Secure session

4

Oblivious Signature-Based Envelope

without revealing the signature to Bob Bob m = I am an FBI Agent Alice If you are FBI, decrypt this packet Enc(P) Bob can prove to Alice that he has a signature

5

Applications

Request for docs with out sending the certificate, Encrypted envelope that contains a certain message The user can recover the message if he has a valid certificate

6

OSBE based on RSA signature

RSA Signature

7

OSBE based on RSA signature

 Party R1 needs to prove to S that he has a valid third party signature on a known message M

S R1

8

OSBE based on RSA signature

h = H(m) X and y are random numbers

signature blinded with random secret

Signature Symmetric key

9

OSBE based on RSA signature

Diffie-Hellman base hde =h RSA decryption

10

Analysis OSBE based on RSA signature

 S can not extract the signature of R1 because it is blinded by hx.  S can be sure that R1 indeed has the signature if R1 decrypts Enc(P)  R1 proves to S that he has a valid signature though not revealing his sensitive attributes in his certificate.

11

Performance Analysis

R1 needs 1 multiplication and 1 exponentiation to generate S needs 2 multiplications and 2 exponentiations to generate R1 needs 1 exponentiation operation to generate

Questions

13

OSBE based on BLS signatures  BLS signatures  There exists one multiplicative group G1 with generator g  There exists a bilinear map e such that e(G1,G1) =G2  Choose a random element x belongs to Z*

p.

 The public key is h=gx and x is a private key.  A hash function H that maps from {0,1}* to G1  To sign a message m, the signature δ = H(m)x  To verify a signature, check if

e(g, δ) == e(h,H(m))

14

OSBE based on BLS signatures  A message P is encrypted using H(M)  Only the one who has the private key H(M)s decrypts the message P

A signature proof