当前位置:首页 >> 建筑/土木 >>

h a collision-resistance hash function


Solutions to Security Problems of Rivest and Shamir' s PayWord
Authors: Norio Adachi, Satoshi Aoki, Yuichi Komano, Kazuo
Ohta

Source: IEICE Transactions on Fundamenta

ls, Vol. E88-A,
No. 1 January 2005 Speaker: Yi-Fang Cheng Date: 2005/11/17

1

Introduction (1/2)
Micropayment system (PayWord)
Why needs mrcropayment ?
Non-free website Pay-per-view movie

Characteristic
Low communication Low computation (special for the customer)

2

Introduction (2/2)
diagram of PayWord
Bank
credit redeem

Consumer

payment

Shop

3

Rivest and Shamir' s PayWord (1/4)
Notations
IDB / IDU / IDS: identity of Bank / Consumer / Shop PKB,SKB: public and private key pair of Bank PKU,SKU: public and private key pair of Consumer { M }SKB : digital signature signed by Bank using key SKB { M }SKU : digital signature signed by Consumer using key SKU h : a collision-resistance hash function

4

Rivest and Shamir' s PayWord (2/4)
credit
Bank Consumer
CU ={IDB, IDU, AddrU, PKU, E, IU }SKB

AddrU: Consumer’s delivery address E: expiration date of CU IU: other information (such as credit limit, information on how to contact Bank)

5

Rivest and Shamir' s PayWord (3/4)
payment
Consumer
wn → wn-1 →…→ w1 →w0 M = {IDS, CU, w0, n, D }SKU M request1, ( w1, 1 ) goods requesti, ( wi, i ) wn: random number n: suitable number of coin to pay D: current date
6 h h h h

Shop

verify M h(w1) ? w0 = ? h(wi) = wi-1

goods …



Rivest and Shamir' s PayWord (4/4)
redeem

Shop
M, (wj, j)

Bank

verify M and wj update account

7

Problems of PayWord
Consumer certificate abuse attack
M1

Shop 1 Shop 2 ….. Bank

Consumer
Mv

M2

Shop v

Bank impersonates an unexistent consumer

8

Proposed protocol (1/2)
Payment
Consumer
wn → wn-1 →…→ w1 →w0 M = {IDS, CU, w0, n, E}SKU M IDU,M, r verify M pool money CU’ request i,(wi, i) CU’={ IDU, M, YES, r, I }SKB
h h h h

Shop

Bank

E: expiration date of M r: random number I: additional information
9

Proposed protocol (1/2)
Redeem
Shop
M, (wk, k) verify M and wk retrieve pooled money

Bank

10

Conclusion
The authors proposed a modification on PayWord to overcome 2 security problems.

11


相关文章:
华工密码学考试提纲及重点考试题目一览
Hash function Collision resistance Digital Signatures Replay Attacks Kerberos pk X.509 ? Kerberos implementation? What are the key items of certificate? How ...
信息安全术语中英文词条对照表
(冲突)散列函数 collision resistant hash-function 混合型防火墙 combination ...ground grid ground resistance grounding grounding electrode grounding system 5 ...
Workshop 04
... ? an hash function H meets the requirement of strong collision resistance? Why or why not? 2) Consider the ElGamal signature scheme. Suppose (S1...
网络安全基本知识
Hash Function(Used for MAC Used MAC) Weak collision resistance eak Computationally infeasible to find y≠x such that H(y) = H(x) tationally y≠ ...
hash存储
h(j)=h(k), so the next hash function, h1 is used. A second collision occurs, so h2 is used. Clustering Linear probing is subject to a ...
单向杂凑函数
(Cryptographic Hash Function) ,為一種可以將任意長...因此,一個可以抗拒碰撞(Collision-Resistance)的單向...文件長度 H n :最後一個壓縮函數的輸出值 GOST ...
Hash函数MD5攻击技术研究
Hash function MD5 Collision attack Preimage attack 创新性声明 秉承学校严谨的...对于 RIPEMD 算法,H.Dobbertin 能够以 231 的复杂性找到两 圈 RIPEMD 的碰 ...
数据结构英文试题(修改)
12,19,17,14,10,24,15 Hash function h(k)=k mod 5. (a)Determine the hash addresses and resolute collision by chaining. (b)Write a function in C...
物联网中轻量级对称密码算法的研究与设计2.0
(block cipher, hash function, stream cipher); ... (second) pre-image and collision resistance etc...Feistel 结构是由 H.Feistel[52]设计的一种迭代...
数据结构试题答案(修改版)
12,19,17,14,10,24,15 Hash function h(k)=k mod 5. (a)Determine the hash addresses and resolute collision by chaining. 0 10-15 1 2 12-17 3 ...
更多相关标签:
hash collision | hash function | java hash function | python hash function | hash.h | hash map.h | geohash helper.h | function v h f |