当前位置:首页 >> 建筑/土木 >>

h a collision-resistance hash function


Solutions to Security Problems of Rivest and Shamir' s PayWord
Authors: Norio Adachi, Satoshi Aoki, Yuichi Komano, Kazuo
Ohta

Source: IEICE Transactions on Fundamentals, Vol. E88-A,
No. 1 January 2005 Speaker: Yi-Fang Cheng Date: 2005/11/17

1

Introduction (1/2)
Micropayment system (PayWord)
Why needs mrcropayment ?
Non-free website Pay-per-view movie

Characteristic
Low communication Low computation (special for the customer)

2

Introduction (2/2)
diagram of PayWord
Bank
credit redeem

Consumer

payment

Shop

3

Rivest and Shamir' s PayWord (1/4)
Notations
IDB / IDU / IDS: identity of Bank / Consumer / Shop PKB,SKB: public and private key pair of Bank PKU,SKU: public and private key pair of Consumer { M }SKB : digital signature signed by Bank using key SKB { M }SKU : digital signature signed by Consumer using key SKU h : a collision-resistance hash function

4

Rivest and Shamir' s PayWord (2/4)
credit
Bank Consumer
CU ={IDB, IDU, AddrU, PKU, E, IU }SKB

AddrU: Consumer’s delivery address E: expiration date of CU IU: other information (such as credit limit, information on how to contact Bank)

5

Rivest and Shamir' s PayWord (3/4)
payment
Consumer
wn → wn-1 →…→ w1 →w0 M = {IDS, CU, w0, n, D }SKU M request1, ( w1, 1 ) goods requesti, ( wi, i ) wn: random number n: suitable number of coin to pay D: current date
6 h h h h

Shop

verify M h(w1) ? w0 = ? h(wi) = wi-1

goods …



Rivest and Shamir' s PayWord (4/4)
redeem

Shop
M, (wj, j)

Bank

verify M and wj update account

7

Problems of PayWord
Consumer certificate abuse attack
M1

Shop 1 Shop 2 ….. Bank

Consumer
Mv

M2

Shop v

Bank impersonates an unexistent consumer

8

Proposed protocol (1/2)
Payment
Consumer
wn → wn-1 →…→ w1 →w0 M = {IDS, CU, w0, n, E}SKU M IDU,M, r verify M pool money CU’ request i,(wi, i) CU’={ IDU, M, YES, r, I }SKB
h h h h

Shop

Bank

E: expiration date of M r: random number I: additional information
9

Proposed protocol (1/2)
Redeem
Shop
M, (wk, k) verify M and wk retrieve pooled money

Bank

10

Conclusion
The authors proposed a modification on PayWord to overcome 2 security problems.

11


赞助商链接
相关文章:
机械工程学专业词汇英语翻译(H)
h function h 函数 h theorem h 定理 habann ...resistance 传热阻力 heat transport 热传输 heat ...collision 超弹性碰撞 hyperelastic material 超弹性...
华工密码学考试提纲及重点考试题目一览
Hash function Collision resistance Digital Signatures Replay Attacks Kerberos pk X.509 ? Kerberos implementation? What are the key items of certificate? How ...
网络信息安全
21、散列函数以及 MD5 算法 散列函数:hash function:哈希函数、摘 要函数。输入...强抗冲突性(stronge collision resistance) :要找到两个报文 M 和 N 使 H(M...
信息安全术语中英文词条对照表
(冲突)散列函数 collision resistant hash-function 混合型防火墙 combination fire...ground grid ground resistance grounding grounding electrode grounding system 5 ...
单向杂凑函数
(Cryptographic Hash Function) ,為一種可以將任意長...因此,一個可以抗拒碰撞(Collision-Resistance)的單向...文件長度 H n :最後一個壓縮函數的輸出值 GOST ...
Hash函数MD5攻击技术研究_图文
Hash function MD5 Collision attack Preimage attack 创新性声明 秉承学校严谨的...对于 RIPEMD 算法,H.Dobbertin 能够以 231 的复杂性找到两 圈 RIPEMD 的碰 2...
局部敏感哈希
会发生 不同的数据被映射到了同一个桶中(即发生了冲突 collision),这一般通过...Hamming distance 对应的 LSH hash function 为:H(V) = 向量 V 的第 i 位...
LSH局部敏感哈希
会发生不同 的数据被映射到了同一个桶中(即发生了冲突 collision),这一般通过...这些 hash function 需要满足以下两个条件: 1)如果 d(x,y) ≤ d1,则 h(...
微信摇一摇搜歌技术原理分析_图文
(即发生了冲突 collision) , 这一般通过再次哈希将数据映射到其他空桶内来解决...这些 hash function 需要满足以下两个条件: 1)如果 d(x,y) ≤ d1, 则 h...
编译原理术语中英文对照表
Collision resolution Comment delimiter Compilation ...Goto 动作 Goto 语句 语法规则 语法 chapter H No...English Hash function Hash table Heap Hexadecimal ...
更多相关标签: