The Security Proof Sample Clauses

The Security Proof. Now, e the security proof has been given in this section. Lemma 1: The proposed certificateless authenticated KA protocol based on DDH problem can resist the type I adversary A in the random oracle model. In other words, if A can forge a valid session key with advantage ε by at most qH2 times H2 queries, qH3 times H3 queries, qs times Secret value queries, qc times Corrupt queries, qsr times Session-Key-Reveal queries, there exists another algorithm ≥ ˆ ˆ+ C which can solve the DDHP instance with advantage εr (qs qc)−2 e−1ε(e is the base of the natural logarithm). = = = { } Proof : Given an arbitrary random triple aP, bP, cP . C plans to solve the DDH problem by querying the key agreement algorithms with adversary A. Here, C will decide whether abP cP, or a2P cP, or b2P cP holds. Then, following query-respond game shows that how C can solve DDH problem. To setup the system parameters, C randomly selects e e Zn∗ and sets Ppub = eP, then he sets the system parameters params = {Fp, E/Fp, G, P, Ppub, H1, H2, H3, H4} and sends them to A. H1 query: C initializes an empty list listH1 storing (IDi, Ri, hi). Upon receiving a H1 query from A, C first checks the query history. If this query already exists, C finds the storing (IDi, Ri, hi) on listH1 and returns hi back. Otherwise, he selects hi Zn∗ at random and adds the corresponding storing to listH1 , then he returns hi as the response. H2 query: C initializes an empty list listH2 storing (Ti, IDi, Pi, Pj, Ri, Ppub, ki). Upon receiving a H2 query from A, C first checks the query history. If this query already exists, C finds the storing (Ti, IDi, Pi, Pj, Ri, Ppub, ki) on listH2 and returns ki back. Otherwise, he selects ki Zn∗ at random and adds the corresponding storing to listH2 , then he returns ki as the response. H3 query: C initializes an empty list listH3 storing (Tir, IDi, Pi, Pj, Ri, Ppub, li). Upon receiving a H3 query from A, C first checks the query history. If this query already exists, C finds the storing (Tir, IDi, Pi, Pj, Ri, Ppub, li) on listH3 and returns li back. Otherwise, he selects li Zn∗ at random and adds the corresponding storing to listH3 , then he returns li as the response. H4 query: C initializes an empty list listH4 storing (IDi, IDj, Pi, Pj, Ui, Vi, Si, hir). Upon receiving a H4 query from A, C first checks the query history. If this query already exists, C finds the storing (IDi, IDj, ▇▇, Pj, Ui, Vi, ▇▇, hir) on listH4 and returns hir back. Otherwise, C selects randomly hir e {0, 1}...