An Efficient Digital Multisignature Scheme

6 downloads 675 Views 1MB Size Report
E-mail:Sattar aboud,Yahoo.com. Abstract. An efficient digital multisignature scheme is suggested which enhance the Kiesler-Harn's scheme. The suggested ...
An Efficient Digital Multisignature Scheme Sattar J Aboud Amman Arab University for Graduate Studies Amman - Jordan E-mail:Sattar aboud,Yahoo.com

[10]. This was substantially a manner of defeating the relocking difficulty stated above by specifying an individual modulus corresponding to organization supremacy; so that a superior is always own a larger modulus than those on his hand. This algorithm is just suitable when the order of signing is predetermined. The concept behind the schemes proposed is to extend the RSA scheme to a multi key encryption. A certain technique of achieving multi key encryptions the keys should be inserted at the same time [1 1, 12]. The algorithm proposed will employ the multiplicative ability of inverse [13, 14, 15, 16] to create a method where this is not important.

Abstract An efficient digital multisignature scheme is suggested which enhance the Kiesler-Harn's scheme. The suggested scheme has no bit expansion, in which every signer has the RSA modulus with the same bit length and the same most significant b bits pattern. In addition, the new algorithm has no limitations in signing order and in fact is more efficient than the Kiesler-Harn's multisignature algorithm.

Keywords: RSA scheme, digital multisignature scheme, Kiesler-Harn's scheme, expansion, threshold scheme.

bit

length

In 1978 RSA suggested novel scheme for public key encryption, its security relied on the difficulty of integer factorization [10]. The implementation of RSA scheme for multiple signings of a determined message produces bit expansion problem intrinsically. The early algorithms that face this difficulty are re-blocking algorithm [17], repeated exponentiation algorithm [18, 19], and fast exponentiation [20].

1. Introduction The concept of digital signature is now common as a way of replacing hand written signatures in ecommunications [1]. In many uses a cheque may require to be signed by more than one person [2, 3, 4]. So when a signature wants more than one individual is usually called a multisignature.

Another idea is suggested for a multisignature scheme in which many signers creates a digital signature for a determined message [21]. To face the problem of bit expansion in the RSA multisignature, they permitted the signer to have the RSA modulus with a special bit length corresponding to his place in an orderly structure. So, the signing order is limited.

One technique of implementing a digital multisignature is by employing a so called threshold scheme [5, 6] which distributes knowledge of the singing key amongst many parties. However, in this example all the signers should set together at the same time and at the same place for redesign the key, which is obviously irrelevant in various uses. Additional possibility is subsequent signing by the different persons, when the signature is checked by deleting every signature in turn. This has some drawbacks such as the time required for verification is repeated by the number of signers [7]. Also the verifier will require the logical verification information for every signer participated [8]. In addition, in the RSA signature scheme, which is the most known scheme, reblocking being important when a successive signer has an expanded modulus [9].

Alternatively, another suggested multisignature algorithm with out limitation of the signing order [22, 23]. In this algorithm, when the size of median signature surpasses a pre-determined threshold value, then the increment bits surpassing the threshold value are added to the document. Thus the size of expanded message relies on the number of signers and the bit length of every signer's RSA modulus. Kiesler-Harn suggested another two multisignature algorithms with out bit expansion [24]. In the first scheme the signing order is selected corresponding to the length of signers' exponent key. The second algorithm is relied on re-encryption scheme with

The technique of performing a multisignature algorithm employ RSA scheme was described in 0-7803-9521-2/06/$20.00 §2006 IEEE.

3298

permutation polynomials technique. Although their, multisignature algorithms have no bit expansion difficulty and the signing order is not limited, every signer has the RSA modulus with the same bit length and the computational requirements of getting the multisignature is expanded.

objects. The signer can not say that he did not sign it afterward.

3. Digital Multisignature Scheme

In this paper, we suggest an efficient multisignature scheme which is enhanced the Kiesler-Harn's multisignature algorithm. The suggested scheme has no bit expansion in which every signer has the RSA modulus with the same bit length, and the same most significant b bits pattern. The calculation complexity of signature generation and verification rely on the length of the keys. The key of signature generation is the same length as t which is proposed as 160 bits. Also, the key of signature verification is the same length as m, h(m), h is the hash function employed which is also 160 bits.

First section: * * * * * * * * * * *

The remaining of the paper is planned as follows. In section 2, we introduce the hand written signature which has long been used. In section 3, we describe a new digital multisignature scheme which is more efficient than Kiesler-Harn's multisignature scheme. In section 4 we present a manner of extending the proposed a digital

Now, we suggest the RSA multisignature algorithm, which is a broadened idea of KieslerHam method [9]. Suppose n is the RSA modulus which is the product of two large primes p and q, and e is a public exponent such that gcd(e, 0(n)) = 1. The secret key d is then computed as follows ed 1 mod 0(n) using the multiplicative inverse [28]. Each user should select the RSA modulus with the same bit number, and the same most significant b bits pattern. Suppose z is the b bits pattern which is pre-determined. So the modulus of a user i can be denoted as follows:

multisignature scheme. The security of the suggested scheme is represented in section 5. Section 6 and 7 concludes with paper notes and references.

0(n)= (p- 1)(q- 1) h(.): hash function b: most significant bit pattern v: the threshold value t: number of signers m: the message to be signed r: the long n bits

(1)

Suppose z * 2rh- is a threshold value v, e, is the exponent key and d, is the private key of user i. So the multisignature by t signers is done as follows:

Hand written signature has long been employed

as a proof of authorship of or at least agreement with the contents of a message [25, 26]. The reasons of employing signature as authorship proof [27] are as follows:

u1 computes the signature s1 = h(m)dI mod n1 for the given message m. But in case s1 > v, the signer uses the repeated exponentiation method to s1 until s1 < v then sends m and s1 to the second signer.

1. The signature is not reusable. The signature is a piece of message; the dishonest individual cannot transfer the signature to another message.

u. (i

s.

2,..., t), calculates the signature Si > mod n,. But when s, v then the singer calculates s, Sdi mod n,, repeatedly, until s- v, then the recipient repeats exponentiations s,

The signature un-repudiatable. The signature and the message are physical

0-7803-9521-2/06/$20.00 §2006 IEEE.

u,: one of t signers, u1,..., ut. n,: RSA modulus of u,. (ni, el): public key of u,. (0(ni), di): private key of u,

n, z* 2rh +yi(O