Abstract
In this paper we describe a provably secure authentication protocol for resource limited devices. The proposed algorithm performs whole-network authentication using very few rounds and in a time logarithmic in the number of nodes. Compared to one-to-one node authentication and previous proposals, our protocol is more efficient: it requires less communication and computation and, in turn, lower energy consumption.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
e.g. temperature, pressure, image, sound.
- 2.
e.g. when \(\mathbb {G} = \mathbb {Z}_p\), if prime p is chosen such that \(q = (p-1)/2\) is also prime, then we only lower the security margin by 1 bit.
- 3.
Random number generations are denoted by RNG.
- 4.
Traditionally, in the case of cbdh, the generator is denoted by P instead of g.
References
Cogliani, S., et al.: Public key-based lightweight swarm authentication. In: Koç, Ç.K. (ed.) Cyber-Physical Systems Security, pp. 255–267. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98935-8_12
Crandall, R., Pomerance, C.: Prime Numbers: A Computational Perspective. Springer (2005). https://doi.org/10.1007/0-387-28979-8
Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. J. Cryptol. 1(2), 77–94 (1988)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)
Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Des. Codes Cryptogr. 28(2), 119–134 (2003)
Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249–263. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052240
Maimuţ, D., Teşeleanu, G.: A generic view on the unified zero-knowledge protocol and its applications. In: Laurent, M., Giannetsos, T. (eds.) WISTP 2019. LNCS, vol. 12024, pp. 32–46. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41702-4_3
Maurer, U.: Unifying zero-knowledge proofs of knowledge. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 272–286. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02384-2_17
Mooij, A.J., Goga, N., Wesselink, J.W.: A distributed spanning tree algorithm for topology-aware networks. Technische Universiteit Eindhoven, Department of Mathematics and Computer Science (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Computational Bilinear Diffie-Hellman Swarm Protocol
Computational Bilinear Diffie-Hellman Swarm Protocol
In this section we provide the reader with a swarm protocol based on a different security assumption. Namely, the computational bilinear Diffie-Hellman assumption.
Definition 5
(Computational Bilinear Diffie-Hellman -cbdh). Let \(\mathbb {G}\) be a cyclic group of order q, P a generator of \(\mathbb {G}\) and \(e : \mathbb {G} \,\times \, \mathbb {G} \rightarrow \mathbb {G}_T\) a cryptographic bilinear map, where \(G_T\) is a cyclic group of order q. We will use the convention of writing \(\mathbb {G}\) additively and \(\mathbb {G}_T\) multiplicatively. Let A be a probabilistic PPT algorithm that returns an element from \(\mathbb {G}_T\). We define the advantage
If \({ADV}_{\mathbb {G},g,e}^{\textsc {cbdh}}(A)\) is negligible for any PPT algorithm A, we say that the computational bilinear Diffie-Hellman problem is hard in \(\mathbb {G}\).
We further assume that the group \(\mathbb {G}\) admits a computationally efficient bilinear map \(e(\cdot , \cdot )\) such that cbdh is hard in \(\mathbb {G}\). Using the same setupFootnote 4 as in the case of \(CDH\text {-}Swarm\), we present below the full details of the bilinear version of the swarm protocol (denoted by \(CBDH\text {-}Swarm\)):
-
1.
Let be the private keys given to node \(\mathcal {N}_i\) and \(z_i \leftarrow x_iP\), \(w_i \leftarrow y_iP\) the node’s public keys. After the network is set, \(\mathcal {T}\) sends an authentication request message to all the \(\mathcal {N}_i\) nodes directly connected to it. The request message contains a challenge \(c \leftarrow kP\), where .
-
2.
After receiving an authentication request message:
-
Each \(\mathcal {N}_i\) computes \(t_i \leftarrow e(c, P)^{x_iy_i}\);
-
The \(\mathcal {N}_i\) nodes send authentication messages to all their (existing) children;
-
After the children respond, \(\mathcal {N}_i\) nodes compute \(t_i \leftarrow t_i \cdot \left( \prod _j t_j \right) \) and send the result up to their parents. Note that the \(t_j\) values are sent by the nodes’ children.
Such a construction permits the network to compute the product of all the \(t_i\) values and send the result \(t_c\) to the top of the tree in d steps, where d represents the degree of the spanning tree.
-
-
3.
After receiving the response \(t_c\), \(\mathcal {T}\) authenticates the whole network if and only if \(t_c = \left( \prod _{i=1}^{n} e(z_i, w_i)\right) ^k\) holds.
Remark 3
Note that the hash based variant of the \(CDH\text {-}Swarm\) protocol can also be easily adapted to the \(CBDH\text {-}Swarm\) version.
We further link the security of the \(CBDH\text {-}Swarm\) protocol to the cbdh assumption.
Theorem 3
The \(CBDH\text {-}Swarm\) protocol is a proof of knowledge if and only if the cbdh assumption holds. Moreover, the protocol is zero knowledge.
Proof
(sketch). We will only prove that the scheme is sound, since the remaining security requirements are proven similarly to Theorem 2. Hence, we have
\(\square \)
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Teşeleanu, G. (2022). Lightweight Swarm Authentication. In: Ryan, P.Y., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2021. Lecture Notes in Computer Science, vol 13195. Springer, Cham. https://doi.org/10.1007/978-3-031-17510-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-17510-7_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17509-1
Online ISBN: 978-3-031-17510-7
eBook Packages: Computer ScienceComputer Science (R0)