当前位置:首页 >> 建筑/土木 >>

h a collision-resistance hash function


Solutions to Security Problems of Rivest and Shamir' s PayWord
Authors: Norio Adachi, Satoshi Aoki, Yuichi Komano, Kazuo
Ohta

Source: IEICE Transactions on Fundamenta

ls, Vol. E88-A,
No. 1 January 2005 Speaker: Yi-Fang Cheng Date: 2005/11/17

1

Introduction (1/2)
Micropayment system (PayWord)
Why needs mrcropayment ?
Non-free website Pay-per-view movie

Characteristic
Low communication Low computation (special for the customer)

2

Introduction (2/2)
diagram of PayWord
Bank
credit redeem

Consumer

payment

Shop

3

Rivest and Shamir' s PayWord (1/4)
Notations
IDB / IDU / IDS: identity of Bank / Consumer / Shop PKB,SKB: public and private key pair of Bank PKU,SKU: public and private key pair of Consumer { M }SKB : digital signature signed by Bank using key SKB { M }SKU : digital signature signed by Consumer using key SKU h : a collision-resistance hash function

4

Rivest and Shamir' s PayWord (2/4)
credit
Bank Consumer
CU ={IDB, IDU, AddrU, PKU, E, IU }SKB

AddrU: Consumer’s delivery address E: expiration date of CU IU: other information (such as credit limit, information on how to contact Bank)

5

Rivest and Shamir' s PayWord (3/4)
payment
Consumer
wn → wn-1 →…→ w1 →w0 M = {IDS, CU, w0, n, D }SKU M request1, ( w1, 1 ) goods requesti, ( wi, i ) wn: random number n: suitable number of coin to pay D: current date
6 h h h h

Shop

verify M h(w1) ? w0 = ? h(wi) = wi-1

goods …



Rivest and Shamir' s PayWord (4/4)
redeem

Shop
M, (wj, j)

Bank

verify M and wj update account

7

Problems of PayWord
Consumer certificate abuse attack
M1

Shop 1 Shop 2 ….. Bank

Consumer
Mv

M2

Shop v

Bank impersonates an unexistent consumer

8

Proposed protocol (1/2)
Payment
Consumer
wn → wn-1 →…→ w1 →w0 M = {IDS, CU, w0, n, E}SKU M IDU,M, r verify M pool money CU’ request i,(wi, i) CU’={ IDU, M, YES, r, I }SKB
h h h h

Shop

Bank

E: expiration date of M r: random number I: additional information
9

Proposed protocol (1/2)
Redeem
Shop
M, (wk, k) verify M and wk retrieve pooled money

Bank

10

Conclusion
The authors proposed a modification on PayWord to overcome 2 security problems.

11


相关文章:
A hash table with hash function is shown below.H
A hash table with hash function is shown below.H1(k)=k mod 13 Collision is resolved using the hash function H2(k)=(k mod 11)q-1. How many ...
网络安全基本知识
Hash Function(Used for MAC Used MAC) Weak collision resistance eak Computationally infeasible to find y≠x such that H(y) = H(x) tationally y≠ ...
hash存储
h(j)=h(k), so the next hash function, h1 is used. A second collision occurs, so h2 is used. Clustering Linear probing is subject to a ...
Hash函数MD5攻击技术研究_图文
Hash function MD5 Collision attack Preimage attack 创新性声明 秉承学校严谨的...对于 RIPEMD 算法,H.Dobbertin 能够以 231 的复杂性找到两 圈 RIPEMD 的碰 ...
数据结构英文试题(修改)
12,19,17,14,10,24,15 Hash function h(k)=k mod 5. (a)Determine the hash addresses and resolute collision by chaining. (b)Write a function in C...
数据结构试题(修改)
12,19,17,14,10,24,15 Hash function h(k)=k mod 5. (a)Determine the hash addresses and resolute collision by chaining. (b)Write a function in C...
数据结构练习题
12,19,17,14,10,24,15 Hash function h(k)=k mod 5. (a)Determine the hash addresses and resolute collision by chaining. (b)Write a function in C...
数据结构试题答案(修改版)
12,19,17,14,10,24,15 Hash function h(k)=k mod 5. (a)Determine the hash addresses and resolute collision by chaining. 0 10-15 1 2 12-17 3 ...
单向杂凑函数
(Cryptographic Hash Function) ,為一種可以將任意長...因此,一個可以抗拒碰撞(Collision-Resistance)的單向...文件長度 H n :最後一個壓縮函數的輸出值 GOST ...
信息保障与安全考试猜测题
给定消息的散列值 h(m),要得到消息 m 在计算上不可行; (2)具有弱抗碰撞性(Weak collision resistance) 。对任何给定的消息 m, 寻找与 m 不同的消息 m’ ...
更多相关标签: