Blinded-Key Signatures: securing private keys embedded in mobile agents Extended Abstract Lucas C. Ferreira
Ricardo Dahab
Instituto de Computac¸ao ˜ Universidade Estadual de Campinas - Unicamp Caixa Postal 6176 13083-970, Campinas, SP, Brazil
Instituto de Computac¸ao ˜ Universidade Estadual de Campinas - Unicamp Caixa Postal 6176 13083-970, Campinas, SP, Brazil
[email protected]
[email protected]
ABSTRACT
! "" "# $ % # & # ' " ( ) " ' & "* ""&% * " # # + , - * . "/ " (
Keywords
' " # * " #
1.
INTRODUCTION
0 ' " # " & * # "" 123 ( - $ " # * $ " # ( " "# " * ' * * & " * $ 4 # & ' * 5 # " 6 * " "# ' " $ ( 7 " * ' " # & # "" $ % # " $ * # * & * ( 8 # "" # % * ' # # # ( ) * " 4 # 193 * "# ' " ( : 4 # ! "" # % ' *& * * ' " " "" #" * # ' "$ $ ( ; " * *&% $ % ' < # "" 4 # $ # & " # # * " % ) $# "" $ "' " 1=3
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SAC 2002, Madrid, Spain Copyright 2002 ACM 1-58113-445-2/02/03 ... > 5.00.
" % ( , # 6 ' 4 # * " $ $ # * ' " * %( ) ?# @ # * &
* * ? # "" A A B CD 1E3 ( 7 , F *# " # G ( , H * ' * @ " $ ' " *& # % * * # # # ( , 2 * # " ' # * ' " * *&% # ( + " * % * " ?# $ &" * ' " % ' 4 * ' * , = ( - & " # ' " * *&% , E ( , 9 "# * (
2. DEFINITIONS
7 $ "" # $ "" * 6 % ' " I J K L M N O ' # "* * 6 # * 6 ( ) $ # ' " P % ( Q R M LS T O ' " $ * 4 # ' "$ $ ( - # ?# 7U *
' " * * % $ ( 7$ "" ' ' # * ' ( VW NM XR L Q R M L YZ O " ' * * 4 # * ( ) $ # * ' * * #
" ( [ W S\ NZ O )# * ) * ] ^) ) ] _ ' " $ & $ ' " * *&% # * $ * ' ( ) " 4 # ) ) ] % (
3. BLINDED-KEY SIGNATURES
) $
% "" ' $ "# ( 7 6 ' " * *&% # $ + , - * "` $ # * ' * *# " (
) # # * * # ' " 1 3 *& # "# # * # (
3.1 Blinded-key signatures using RSA
+ "" # ' " * % $ + ,- # " ^ _ * ^ _ ^ # _ I ^_ $ * " # ' ^_ * # ^ * ^ __ $ ^ _ ^ _ ^ _ * ^ _ ( 0 ' # + , - ' $ # * 1 3 (
Blinding the key.
) " $ ' " * % "` # * $ + ,- ( 7 ' $ * # & "# # ^ _ # *# "# $ ' " * * ' * - " H ( Q R W N XS $ / " % &' " * / % % * * # "# # ' " * * % $ "" I ( * ' " * $ & ! " F ( ' " * * % % * 6 * % I % * (
Blinding the key.
) ' " * + ,- 4 4 # - " *# ' " * * 4 ( ) ' " * * % $ ^ _ ^ # _ ( Q R W N XS ; " * + , - %( / 4 * ^ _ # ' " * * 4 $ "" I ( * ' " * $ 1 ^ _ 3 F ( ' " * * 4 *6 * I * ^ _
7 * ' " * % * ' " *& $ * # * # $ % * ' " * $ *# " ( 7$ % & * $ " ' &' & , # ^ , H (H _ ' " * ' " * # # *@ ' " * $ (
Signing with the blinded key.
, # ' " * * % " " # * " # ' # # ' " * * % * ( U # " # (
Verifying a blinded-key signature. Signing with the blinded key.
, # ' " * * % # " & $ * * + , - % ( / * ' " * * % ^ _ # " I *
Verifying a blinded-key signature.
) $ ' " * *&% # 4 # - " F ( Q R W N XS + ,- ' " * *&% # 6 (
/ * # G # ' " % ^ _ * % G ' " * $ & ( # I * *
I
*
F (
# $ * " $ (
) ' " * *&% # 6 " * & * $ # * " # * "" * 6 " " ( + " 2 #" " ' * * $ * $ # *" # ( ( # "" # $ * ^ # ' " _ 6 % % " ) ^% _ * 6 6 * # * $ I # & * I + ^% _ * ' " $# , ^* _ # $ * " $ * * " # $ "# $ ) ^% _ , ^* _ ( Q R W N XS - U $ # 6 $ ' " * * % ( ) # 6 " ) ^% _ $ ' " * * % * * $ ) ^% _ $ "" I ( U # + ^% _ $ + ^% _ ( F ( U $# , ^* _ * + ^% _ # # ! $ * " $ , ^* _ #& # # $ "" # ' " $ (
8 6
^ * _
(
3.2 Generalized blinded-key signatures
* ' " $ % $ * # ' " * *& % # * $ % # ( # # * " # * # * * # ^! " # " _ (
3.3 Examples for other signature schemes.
% % # ' * * ' " * *&% # $ % ( * * " "" # # 6 ( ) $ # " ' * * $ * # ' ( ' * " # # * * $ * 13 ( 7 "" * . *
$# * * ' * (
ElGamal.
7 . "/ " % * * % * ' " * * % % % * ^ F _ & 1 H3 ' " * $ ( ) # * $ * * * ^* _ ( ) 6 " = ( Q R W N XS . "/ " 6 $ ' " * *&% & # ( / # ^* _ * # ' " % ^ _ & # * *
*
) $ #
(
Feige-Fiat-Shamir
) 4 " $ # %
* $ " $ * * ' " * $ ( 0 6 "" % ^ _ # ' $ ' $ # # $ $# # ' " * * % * $ F & ! " * * ' " * $ ( ) # * $ " ^ _ ( - " E * * 6 $ & # ( Q R W N XS ' & ' & , ' " * *&% # (
6
" $ # # $ . * ' $ ( ) $ # (
&
6
/ # ^ _ * # ' " % ^ * 6 *
"
! _
$
# &
!# " _
. ^
) $ #
(
* ' " * % ' # * " ( ) " * "* ' " * *&% # ' * ' " 6 * $ %( , " # ' " * * % # "* * "$ ( * G % $ ) % ' " * * % % % * * % # % ( 7 " " ?# $ # " * 5 # " # % "$ ( ) # ' % # $ ' " * *&% # $ " " * 5 # " ' % # * " ' # %( - $ ' " * * % $ # # $ # "* " # # $ * # G %( ' ""# $ "" # ' $ ' " * * % %% % &
$
/ # ^ _ * # ' " % ^ _
#
*
. ^ ^ __
Q R W N XS / # "" #& # ? # ' " * *&% # (
% '
( ( (
% %
%
(
) ) ) " ( "" # " # "" * # ' " * $ ( 7 $ # # "" ' ' # * "" ' " ' " * $ # * "
" # ( : $ # "* # "" ' " ' " * $ & $ "' " # "* ' * # $ " 1 3 ( , 4 $ & ' # % % ( 7$ " * @ "# # * $ $ * ( - $ * * *
G %(
Guillou-Quisquater
- ' & ' & , 4 " $ & # ' * *6 " ( ) % * * % * # * $ ^ _ ( ) ' " * * % *6 * % % * & ! " ( ) 6 $ # * 6 * - " 9 (
3.4 Security of blinded-key signatures
, # * $ $
G " * ' " ?# ' " * *&% ( ) # "* "& " ' "$ $ G ' # "" # "* ' " # G % ' " ( ) %
4. POLICIES FOR BLINDED-KEY SIGNATURES ) ' " * *&% # " * * $ " # * " % # ( # $ " ' * ^_ "* ^_ ^_ # ' $ # # * ^ _ (
Validity time
- " " * 6 * ' " * * % ' # * ( ) " * "* # 6 * ( - # $ $ "* * * * "* ( )
# % ' " $ "* # * * & # ' $ & # ( "* ' * " ' @ # * # A A B CD ^, =_ (
Agency restricting policies
] " $ ' " * *&% # " "" * * ' " * * %( ) $ % "" ' & ' " "* $ ' " * *&% # # & # ' ( ) "# * $ % * %& # * * (
Number of signatures
7 * " ' " * ' * ' " * * % $ "* & # ' * ' " * * %( ) "
"* 6 # 6 4 # # ' $ # '
* %( ) " $ # # # "* & $ * # # * ' "" (
Contents of the agreement
- " # $ ' " * * % ' # $ $ 4 "
' ' # "* ' ' " * * %( ) " # ' ' # " * *& `* $ "" $ $ 6 " * ( ( " $ $ $ * @ $ * * $ G * (
5.
RELATED WORK
) % "* *@ $ # & I $ # "# * 4 # * ' " #(
5.1 Variants of signature schemes
) $ "# * % *$& $ # G ! 1H3 * ' # * %
13 * $ * # 13 "" !CD ! 193 ( ; " * *&% # % * $ 4 # $ * $# "6 "" "" # # " ?# $ 4 # ( 7 * " 4 # ' * ' " " ^ * ' ' # * $ ' * _ & $% 4 # ^ # * ' 4 _ ( ) % $ ' " * *&% # # "* 4 # * P ( ; " * *&% # " " # G ' " * # ' # ' " * $ # $ $ ( ; # ' " * # " $ ' *
$ " * # ' " * *&% & # " % $ $ # # (
5.2 Black boxes and mobile agent security
) " $ " # # $ ' " % ' 4 # * * * ' * ^ $# " _ * * * * ' * 6 * ^ & $# " _ ( ) ' * # ' " % ' 4 I A A B CD 1E3 * A C B! C ! < 1 3 "# * # * $# & * # * * ( - #
# * # ' " % ' 4 " " # : " 1E3 " * ' " % &' 4 ' * * * * '& $# ?# ( 7 : " G ' " % ' 4 "* " * # " ' " % ' 4 "* ( - $ "* 4 # ' # * $##
# * @ ( ) "# * "# $ % ' * ?# ( ) ' * $ " ' " ( 7 1 3 # $ ' " ' * & # "* "" 4 # # ' ' " $ ( 7 1F3 ' " % ' 4 * ' ' " # $ * # $# "# ( ; * *5 # " # * * * " * * " ' * * " (
5.3 Blinded-key signatures and time-limited black-boxes as complementary solutions
) &" * ' " % &' 4 " $ ' " * # "* * ' * * 5 # " $ " * * * $ '$# * $ ( - $ 4 $ ' " % ' 4
' # * * * % * $ * " # ' " # ( : * "" * "" "# $ " &" * $ # # G %( ( ' $ &" * ' " % &' 4 * ' " * *&% ( ( ' 6 ' " * % * ' " % ' 4 ' " ' $ * * * * "" "# $ % ( 7 # ' " %&' 4 $ &
# * " ' " * *&% # "" # # " * ' "$ $ & * ' $ " ' " #& * 4 ' "( ) " " ' # * ' " * *&% # " "* * & * # * , 2 (
6. EXAMPLE USE FOR BLINDED-KEY SIGNATURES
0 ' " ' " # * $ 4 # " * * ' & "" # # * ' ' " 4 #
( ( ' " * *&% # ' " * 4 " $ # & ' " ( 7 ' " * *&% & # # "* ' # * 4 $ " (
6.1 A simplified payment system
0 " ' * & $ $ "# '
# ( 0 " " & % # ` ?# $# * $ ( ( # "" " % * G %( ) # # " $ # ^_ % $ ""* B!C B B< B ^_ * % ^_ * % ' % % 4 # $# * $ (
6.2 Adapting the simplified payment system to mobile agents ( ' " * * % # ' " * "6 * * ' * # ' " ( ) % 4 " & " # ' * % # ' " % ( " # * ' % ( 7 # 4 " * ' & " * ' " %&' 4 ?# * & ' " * *&% " ' # * ' "* & * " "# ( 7 4 # * $ "& " I ^_ ' " * % * " % ^_ & * $ * ^_ * * * ^ _ 6 * "* P' % "" 4 # $# * $ $ * "* ^ _ " % # # * *" * (
7.
CONCLUSION
* ?# ' # * ' " "" * ' " * *&% # ( ) "" # ' * % # # * $ % ( ( * # ' " %&' 4 ?# ' " * *&% # "" * "" $ & $ * * * " # ( '#& # % # "* " " $ ?# & * # &' * " ( ) ?# * * $ % $ ( ' # 5 ' " * % ( - " ' " * * % # "" " % * " % % # "* ?# % * $
6 ( - # # ' " "" ' " & " ( : ' $ ' " ' " " ' & " " * # # ' * * * ( - " #
" * ' * " # # $ $ " # ( $ ' " * ' # "' " ' " "" * # " ' ( # " * ' * ' # ' # "* "" ' 4 $ " (
8.13 UREFERENCES ( ; * 0 ( ' % " ( . 5 $ * + ,- % ( 7 ; ( "% * B ! CC !CB C ! C 2 F = 2 H (
, & " 9 ( 1F3 ( ( ( " * ( 0 # "" ( & # * # # * # # # ' " ( 7 !CB C F (
1H3 U ( # ( ; " * # $ # ' " ( 7 U ( # + ( ( + * - ( ) ( , * B ! CC !CB C ! C ( , & " F ( 123 U ( 0 ( ( , # # ' " * ( 7 / ( * C B ! # ' 2 # 8 # , 2 ( , & " ''# ( 1=3 ( ( ' * + ( U ' ( ; " * *&% # ( ) " + 7 & & = 7 # * # & ( F ( - "' " IP P ( (# (' P &&$ P & = ( ( ` ( 1E3 ' ( : " ( ) " * ' " % ' 4 # I ] ' " $ " # ( 7 / ( * C B ! # ' 2 # 8 # , ( , & " '' # ( 193 0 ( 0 ' ( ( # * * . ( % ( ] 4 # I U " $ (
! BC A . 9&- ^ _ IH H H =2 , ' E (
13 - ( ( 0 ` ]( ( * , ( - ( ( CC C ! C ! < ( + ] 9 ( - "' " " IP P ( (# " ( P ( 13 + ( ( + - ( , * ( 0 ( - *" ( * $ ' * " # * # ' " &%
( CA A BC C < F ^F_ IF FE '' # 9 ( 1 3 ) ( , * * ( ' ( ) # * ( ] ' " " # ( 7 / ( * C B ! # ' 2 # 8 # , ( , & " '' # ( 1 3 ) ( # 0 ( 0 "% * U ( ; ( ; # "* # " " ( 7 !CB C < < B ! A C A 9 - # # (
9. BIOGRAPHY # ( '
] (U ( ,# * ( * * . & *# " * ^( _ ; `" ( : " ?# " & * # $ ' " ( + * U ' $ ( * * . *# " * ^( _ ( : "# * & * ' ( : * ] (U ( ' & $ ( $ " * (