International Journal of Computer Applications (0975 – 8887) Volume 132 – No.15, December2015 13 Secret Handshakes based on Shortened Versions of DSS Preeti Kulshrestha Department of Mathematics, Statistics and Computer Science G.B. Pant University of Agriculture and Technology Pantnagar, India Arun Kumar Department of Mathematics, Statistics and Computer Science G.B. Pant University of Agriculture and Technology Pantnagar, India ABSTRACT Balfanz et al. in 2003 introduced secret handshakes as mechanisms designed to prove group membership and share a secret key between two fellow group members. A secret handshake protocol allows two users to mutually verify another’s authenticity without revealing their own identity. In a secret handshake Verification if the verification succeeds the users may compute a common shared key for further communication. Thus secret handshakes can be appropriately turned into an authenticated key exchange protocol. The present paper proposes two secret handshakes scheme based on variations DSS-1 and DSS-2 of DSS signature. It is shown that proposed schemes are secure under the random oracle model along with comparison of computational complexity of proposed schemes with existing schemes. General Terms Secret Handshakes, Signature, Security, Random Oracle Model, Computational Complexity. Keywords Secret Handshakes, Credential, ElGamal, DSA, DSS-1, DSS- 2, Computational Complexity. 1. INTRODUCTION A secret handshake (SH) between two users was first introduced by Balfanz et al. [2] in 2003, to simultaneously prove to each other possession of membership of a certain group. In SH two participating users authenticate each other in a way that no one reveals his own membership or credential unless the peer’s legitimacy was already ensured of and share a common key for further communication. A SH can be appropriately turned into an authenticated key exchange but an authenticated key exchange does not necessarily imply a SH. Users are not able to perform a successful handshake without the appropriate credentials. Protocol exchanges are often untraceable and anonymous. The protocol makes sure that an outsider or an illegitimate group member does not learn anything by interacting with a legitimate user or by eavesdropping on protocol exchanges. In a SH verification is only possible by legitimate group member because it relies on unique SH. Balfanz et al. [2] introduced the notion of privacy in public key based authentication schemes and proposed the first two- party SH schemes based on bilinear maps secure under the Gap Diffie- Hellman (GDH) assumption. Using CA-Oblivious public key encryption Castellucia et al. [3] developed an efficient SH scheme secure under the Computational Diffie- Hellman (CDH) assumption. Vergnaud [9] presented two SH schemes inspired by two RSA-based key agreement protocols first introduced byOkamoto-Tanaka [8] and second by Girault [5]. Zhou et al. [12] proposed three round SH schemes based on ElGamal signature and extends their scheme to a DSA based SH which also requires only three rounds. Wen et al. [10] proposed two party SH schemes from ID-based message recovery signature (MRS). In all these schemes, the players use one time certificates to achieve unlinkability. If the players re use their certificates it’s possible to trace multiple occurrences of the same party. Ateniese et al. [1] extended the SH with dynamic matching in which each party can reuse their credential. Inspired by [1] Kulshrestha et al. [7] proposed a SH with dynamic matching which is based on ZSS signature. In this paper two new SH schemes based on variations DSS-1 and DSS-2 of DSS signature [11] are proposed. In this work computational complexity of proposed schemes along with comparison with known SH schemes based on ElGamal and DSA by Zhou et al. [12] is discussed. The present study is arranged in the following manner: section 2 defines basic terminology and brief account of the work of Zhou. In section 3 two new SH schemes based on shortened versions of DSS along with security has been discussed. Section 4 compares the computational complexity of all the schemes. 2. SECRET HANDSHAKES SCHEMES In SH scheme their exists three entities for a group G, a user, a member which is a user which belongs to the group and a group administrator (GA) who creates and adds members into the group, and issues certificate in a form of secret key to members. 2.1 The SH scheme consists of three following algorithms Create Group is an algorithm run by a GA, which takes Params (a set of parameters) as input and generates a key pair GP k (group public key) and GS k (group secret key). Add User is an algorithm between a user U and the GA of some group. It takes Params and GA’s secret GS k as input and outputs a public key P k and secret key S k for U and makes U a valid member of the group. Handshake is executed between users, say, A and B, who want to authenticate each other on the public inputs ID A , ID B and Params. The private input of each party is their secret credential, and the output of the protocol for either party is either reject or accept. 2.3 The SH scheme have the following security properties Completeness/ Correctness: If two honest members belonging to the same group and perform handshake protocol with valid credentials, then both members always output accept.