Nội dung

IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.1, January 2010 51 New Digital Multisignature Scheme with Distinguished Signing Responsibilities Luu Hong Dung and Nguyen Hieu Minh Faculty of Information Technology, Le Qui Don Technical University 100 Hoang Quoc Viet, Ha Noi, Viet Nam Summary A multisignature scheme is a digital signature scheme that allows multiple signers to generate a single signature in a collaborative and simultaneous manner. In this paper we first review of the digital multisignature schemes using elliptic curvers and elliptic curve version of the multisignature scheme with distinguished signing responsibilities. Then, we propose a new multisignature scheme with distinguished signing responsibilities. In this scheme, each group member has distinguished signing responsibility and partial contents of the message can be verified without revealing the whole message. Our proposed scheme is more efficient than the scheme reviewed and capable of application in practice. Keywords Multisignature scheme, Elliptic curve, Distinguished signing responsibilities. I. INTRODUCTION Digital signatures can be classified into two main categories: single signature and multiple signature (or multisignature). Single signature refers to the cases where only one party signs a document, while multiple signature refers to the cases where more than one party sign a single document. The digital signature schemes in use today can be classified according to the hard underlying mathematical problem which provides the basis for their security [1]: 1. Integer Factorization schemes, which base their security on the intractability of the integer factorization problem. Examples of these include the RSA and Rabin signature schemes. 2. Discrete Logarithm schemes, which base their security on the intractability of the (ordinary) discrete logarithm problem in a finite field. Examples of these include the ElGamal, Schnorr, DSA, and NybergRueppel signature schemes. 3. Elliptic Curve schemes, which base their security on the intractability of the elliptic curve discrete logarithm problem. For example, in American standard ECDSA and Russian standard GOST R 34-2001. The indicated problems are hard, if the used primes and elliptic curves satisfy special requirements [2, 3]. In 1983, Itakura and Nakamura [4] proposed the first multisignature scheme. It let multiple signers Manuscript received January 5, 2010 Manuscript revised January 20, 2010 collaboratively sign the same message and the resultant multisignature can be verified by a group of verifiers to check whether it is valid or not. Since then, several multisignature schemes have been proposed [5-7]. The application of digital multisignature can be found in some secret sharing applications. For example, a company's policy may require multiple managers to sign any business contract. Digital multisignature scheme enables this internal policy effectively. Each manager has to use his individual secret key to sign the same document and all individual signatures can be combined into a single multisignature. However, to any external verifier, this multisignature is just a normal signature that can be verified by using the company's public key, which is a product of all public keys of the signers. In the multisignature schemes proposed in [8], all group members hold the same responsibility of signing the document. In fact, there are some applications that need to use multisignatures with distinguished signing responsibilities. For example, a company releases a document that may involve financial department, engineering department and program office. Each entity is responsible of preparing and signing a particular section of the document. The signing responsibility of engineering department may have no interest to read the content prepared by the financial department. However, the combination of all sections represents the company's document. The company's document should be easily verified by any outsider using company's public key. For the sake of confidentiality, same verifier may be restricted to access and verify only some sections of the document. In this paper, we first review of the digital multisignature schemes using elliptic curvers [8] and elliptic curve version of the multisignature scheme with distinguished signing responsibilities [9]. Then, we propose a new multisignature scheme with distinguished signing responsibilities. We will organize this paper as follows: In section II, we will introduce elliptic curve digital schemes. Brief reviews of the digital multisignature schemes using elliptic curvers in [8] will be introduced in Section III. In Section IV, we will describe the elliptic curve version of the multisignature scheme with distinguished signing responsibilities proposed IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.1, January 2010 52 in [9]. In Section V, we will propose a new multisignature scheme with distinguished signing responsibilities. Section VI, we will present example for our scheme. Finally, a conclusion will be given in Section VII. II. the interval [1, q - 1] and computes a corresponding public key as the point: Qi = diP. Compute the public key Q for all signers, which is equal to the sum of all individual public keys Q = Q1+ Q2 + ... + Qt = dP = (xQ, yQ), where d = d1 + d2 + ... + dt (mod q). Let H be a one-way hash function such as SHA-1. 2. ELLIPTIC CURVE DIGITAL SIGNATURE SCHEMES Many researchers have examined elliptic curve cryptosystems, which were firstly proposed by Miller [10] and Koblitz [11]. The elliptic curve cryptosystems which are based on the elliptic curve logarithm over a finite field have some advantages than other systems: the key size can be much smaller than the other schemes since only exponential-time attacks have been known so far if the curve is carefully chosen [2], and the elliptic curve discrete logarithms might be still intractable even if factoring and the multiplicative group discrete logarithm are broken. Elliptic curve cryptosystem is widely used in several digital signature schemes, such as threshold signature scheme, proxy signature scheme, blind signature, and so on. For the elliptic curve over finite field see more details in [12]. III. DIGITAL MULTISIGNATURE SCHEMES USING ELLIPTIC CURVES In this section we describe the elliptic curve version of the multisignature scheme proposed in [8]. It contains three phases: key generation, multisignature generation, and multisignature verification. We review their scheme briefly as follows: We assume that there are t signers, 1 ≤ i ≤ t to sign the same message m ∈ {0, 1}*. A. Key Generation Firstly, we choose elliptic curve domain parameters ([2, 12]): 1. Choose p a prime and n an integer. Let f(x) be an irreducible polynomial over GF(p) of degree n, generating finite field GF(pⁿ) and assume that α is a root of f(x) in GF(pⁿ). 2. Two field elements a, b ∈ GF(pⁿ), which define the equation of the elliptic curve E over GF(pⁿ) (i.e., y² = x³ + ax + b in the case p > 3, where 4a³ + 27b² ≠ 0). 3. Two field elements xp and yp in GF(pⁿ), which define a finite point P = (xp, yp) of prime order q in E(GF(pⁿ)) (P ≠ O, where O denotes the point at infinity). 4. The converting function c(x): GF(pⁿ) → Zpⁿ which is given by: n −1 3. B. Generating the Multisignature Each signer Ui, 1 ≤ i ≤ t executes next steps: 1. Randomly selects a number ki ∈ [1, q - 1] and computes: Ri = kiP = ( x Ri , y Ri ), 1≤ i ≤ t. 2. Converting the x-coordinate of point Ri into the integer ri = c( x Ri ), where c(x) is the converting function. The values ri is broadcast to the other signer. 3. Once ri, 1 ≤ i ≤ t, are available through the broadcast channel, each signer computes the commitment r as r = r1 + r2 + ... + rt (mod q). 4. Uses his secret keys, di and ki, to sign the message m. The signer Ui computes si = diH(m) - kir (mod q). 5. Transmits the pair (m, si) to the clerk. Once the clerk receives the individual signature (ri, si) from Ui, he needs to verify the validity of this individual signature. The verification procedure is to compute the point -1 -1 (r H(m) mod q)Qi - (r si mod q)P = ( xei , yei ), 1 ≤ i ≤ t and check ri = ( xei , y ei ) (mod q), 1 ≤ i ≤ t. Once all individual signatures are received and verified by the clerk, the multisignature of the message m can be generated as (r, s), where s = s1 + s2 + ... + st (mod q). C. Verifying the Multisignature Since individual signatures (ri, si), 1 ≤ i ≤ t, satisfy -1 -1 (r H(m) mod q)Qi - (r si mod q)P = ( xei , yei ),1 ≤ i ≤ t. Adding the above equations from 1 through t, we obtain -1 -1 (r H(m) mod q)Q - (r s mod q)P = ( xe , ye ). where s = s1 + s2 + ... + st (mod q), Q = Q1 + Q2 + ... + Qt = c( x) = ∑ ck p i ∈ Z p n , x = ∑ ck α i ∈ GF ( p n ), 0 ≤ ci ≤ p. dP = (xQ, yQ) and r = c(xe)(mod q). In other words, the The operation of the key generation is as follows: 1. Each signer randomly selects an integer di from c(xe)(mod q). If this is true, then (r, s) is accepted as the i =0 verifier computes the point (xe, ye) and check if r = IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.1, January 2010 valid multisignature of the message m signed by the users Ui, 1 ≤ i ≤ t. 53 commitment r as r = r1 + r2 + ... + rt (mod q). 4. Each signer Ui, uses his secret keys, di and ki, to sign the message M = H(H(m1), H(m2), ... , H(mt)), where H(H(m1), H(m2), ... , H(mt)) means the hash value of the concatenation of H(H(m1), H(m2), ... , H(mt)). The signer Ui computes si = diM - kir (mod q). and transmits the pair (M, si) to the clerk. Once the clerk receives the individual signature (ri, si) from Ui, he needs to verify the validity of this individual signature. The verification procedure is to compute the point -1 -1 (r M mod q)Qi - (r si mod q)P = ( xei , yei ), 1 ≤ i ≤ t and check Figure 1. The graph of multisignature scheme. ri = ( xei , y ei ) (mod q), 1 ≤ i ≤ t. By Figure 1, we can see that all signers send their partial multisignature to the clerk. The clerk checks all partial multisignature, construct them into a multisignature and sends it to the verifier(s). Of course the clerk is either a participant in signer group or the third trusty authority. Once all individual signatures are received and verified by the clerk, the multisignature of the message m = (m1, m2, …, mt) can be generated as (r, s), where s = s1 + s2 + ... + st (mod q). Since each signer is responsible of preparing a section of message m, the pair (r, s) is a digital multisignature with distinguished signing responsibilities. IV. MULTISIGNATURE SCHEME WITH DISTINGUISHED SIGNING RESPONSIBILITIES In this section we describe the elliptic curve version of the multisignature scheme with distinguished signing responsibilities proposed in [9]. It contains three phases: key generation, multisignature generation, and multisignature verification. We review their scheme briefly as follows: The elliptic curve domain and the key generation are the same as in Section III. A. Generating the Multisignature We assume that there are t signers Ui, 1 ≤ i ≤ t. Instead of signing the same message m directly, each signer should prepare a section of message m ∈ {0, 1}* that he is responsible of and broadcast H(mi) to all other signers, where H is the one way hash function. The operation of generating the multisignature with distinguished signing responsibilities is as follow: 1. 2. 3. The signer Ui, 1 ≤ i ≤ t, randomly selects a number ki ∈ [1, q - 1] and computes Ri = kiP = ( x Ri , y Ri ), 1 ≤ i ≤ t. Converting the x-coordinate of point Ri into the integer ri = c( x Ri ), where c(x) is the converting function. The values ri is broadcast to the other signer. Once ri, 1 ≤ i ≤ t, are available through the broadcast channel, each signer computes the B. Verifying the Multisignature The verifier computes the point -1 -1 (r M mod q)Q - (r s mod q)P = ( xe , ye ). where s = s1 + s2 + ... + st (mod q), Q = Q1 + Q2 + ... + Qt = dP = (xQ, yQ) and r = c(xe)(mod q). In other words, the verifier computes the point (xe, ye) and check if r = c(xe)(mod q). If this equality holds, the pair (r, s) is a digital multisignature with distinguished signing responsibilities of the message m. Instead of signing the message H(m1, m2, ..., mt), each signer needs to sign the message M = H(H(m1), H(m2), ..., H(mt)). The computation of H(H(m1), H(m2), ..., H(mt)) is faster than that of H(m1, m2, ..., mt) because each signer needs only to compute his own H(mi) and the other H(mj), j ≠ i, 1 ≤ i, j ≤ t, has been computed by the other signer. In the case some verifies only allowed to access partial contents of the message, the partial contents can still be verified using the group public key without revealing whole message. This feature can be achieved by just providing the one way hash values of the inaccessible contents to the verifier. But in fact this is very difficult to implement because of the complexity of verifying procedures at each verifier. So this scheme is not high realistic. IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.1, January 2010 54 In the next section, we will propose a new digital multisignature scheme allows overcoming the drawbacks pointed out by this scheme. V. OUR PROPOSED SCHEME In this section we describe the proposed multisignature scheme with distinguished signing responsibilities. The elliptic curve domain is the same as in Section III. In this scheme, instead of signing the message M = H(H(m1), H(m2), ..., H(mt)), each signer just needs to sign the message H(mi) their respective. A. Key Generation 1. Each signer randomly selects an integer di from the interval [1, q - 1] and computes a corresponding public key as the point: Qi = diP. 2. Compute the public key Q for all signers, which is equal to the sum of all individual public keys C. Verifying the Multisignature 1. Using the pair (e, s) compute value R': R’ = eQ + sP 2. Compute e’ = xR’ mod δ. 3. Compare values e' and e. If this equality holds, the pair (e, s) is a digital multisignature with distinguished signing responsibilities of the message m. Proof formula in the process of verifying the multisignature: The public key Q for all signers, which is equal to the sum of all individual public keys hash value of ith signer. Let H be a one-way hash function such as SHA-1. Q = ∑ H (mi )Qi = ∑ H (mi )d i P . i =1 B. Generating the Multisignature 1. The signer Ui, 1 ≤ i ≤ t, randomly selects a number ki ∈ [1, q - 1] and computes Ri = kiP = ( x Ri , y Ri ), 1 ≤ i ≤ t. Once Ri, 1 ≤ i ≤ t, are available through the broadcast channel, each signer computes the commitment R as R = R1 + R2 + ... + Rt (mod q). 3. The first part e of the signature (e, s) is computed using formula: e = ( x R ) mod δ , where choose δ is a prime greater than or equal to 160 bits [13]. 4. Each signer Ui, uses his secret keys, di and ki, to sign the message H(mi) their respective. The signer Ui computes si = (k i − eH (mi )d i ) mod q and transmits si to the clerk. Once the clerk receives the individual signature (ri, si) from Ui, he needs to verify the validity of this individual signature. The verification procedure is to compute the point 2. ( ( x Ri ) mod δ )Qi + siP = ( xei , yei ), 1 ≤ i ≤ t and check Ri = ( xei , y ei ) (mod q), 1 ≤ i ≤ t. 5. i =1 The multisignature of the message m = (m1, m2, …, mt) can be generated as (e, s). Since each signer is responsible of preparing a section of message m, the pair (e, s) is a digital multisignature with distinguished signing responsibilities. Q = ∑ H (mi )Qi = (xQ, yQ), where H(mi) mean the t 3. t s = ∑ si mod q Compute the second part s of the signature: t t i =1 i =1 Value si calculated by the formula: si = (k i − eH (mi )d i ) mod q Thus t t t i =1 i =1 i =1 ∑ si ≡ ∑ k i − e ∑ H (mi )Qi mod q Value R' used to calculate the first part of the verify equation, calculated by the following formula: t t t i =1 i =1 i =1 R’ = eQ + sP = e ∑ H (mi )Qi + ( ∑ k i − e ∑ H (mi )d i ) P t t t i =1 i =1 i =1 = e( ∑ H (mi )d i ) P + ( ∑ k i − e ∑ H (mi )d i ) P t = ∑ ki P = R . i =1 Next, e’ = xR’ mod δ = xR mod δ = e, i. e, the correctness of the procedures for generating and verifying digital signature is proved. In this scheme, instead of signing the message M = H(H(m1), H(m2), ..., H(mt)) of each signer, each signer just needs to sign the message H(mi) their respective. The computation of H(mi) is faster than that of H(H(m1), H(m2), ..., H(mt)) because each signer needs only to compute his own H(mi). IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.1, January 2010 Since not calculated inverse element in process of veriying as well as the operation of the scheme done faster. However, in the case some verifies only allowed to access partial contents of the message, this scheme also has disadvantages such scheme in Section IV (must provide the one way hash values of the inaccessible contents to the verifier). The proposed scheme possess the following advantages: the digital signature length is sufficiently small and does not depend on number of signers (the multisignature length is equal to the length of individual signature provided by the underlying signature algorithm); 2. the standard public key infrastructure (PKI) is used; 3. the scheme can be efficiently used in practice for simultaneous signing a contract with distinguished signing responsibilities; 4. the secure is as secure as elliptic curve schemes is secure. The last fact can be proved using the technique applied in [14] to prove security of the collective DS regarding to the following two types of general attacks. 1. The attack of the first type corresponds to forgery of the multisignatue. The second type attack corresponds to scenario of the calculating the secret key of one of the signers, which shares a multisignature. In the first attack it is assumed that t − 1 legitimate signers attempt to create a multisignatue corresponding to t signers. In the second attack it is assumed that t − 1signers that shares some multisignatue (e, s) with the tth signer are trying to compute the private key of the tth signer. It has been proved [14] that any successful method to perform any of the attacks allows breaking the underlying DS algorithm. A modification of this scheme allows integrity checking more efficient and capable of application in practice is proposed as follows: All steps are implemented remain, except the following changes: With t signers Ui, 1 ≤ i ≤ t, instead of signing the message H(mi) their respective, (t – 1) signer needs to sign the message H(mi) their respective, 1 ≤ i ≤ t – 1, where message m = (m1, m2, …, mt-1). The last signer (who authorized the highest) needs to sign the message H(m). On the receipt, the verifier entitled to receive the full message will check the signature on behalf of the whole group. 55 VI. EXAMPLE This example illustrates the signature generation and verification procedures in the digital multisignature scheme proposed. The parameters used in the example to ensure sufficient magnitude to be applied in practice. In the example shown simultaneously with the three signer signed the three documents in a contracts (t = 3, m = (m1, m2, m3)). A. Key Generation Firstly, we choose elliptic curve domain parameters as follows: a = 552176786573763455539041630059977662234733335 9784, b = 9717196, p = 552176786573763455539041630059977662234733335 9787. This elliptic curve contains the number of points equal to the prime number V = 552176786573763455539041622878388691333982384 1723, i. e any of its point of order q, equal to the value V, i. e q = V. B. Generating the Multisignature 1. Generate elliptic curve with the parameters listed above. 2. Each signer randomly selects an integer di from the interval [1, q - 1]: d1 = 8182108890892890101467333434019; d2 = 3952504539403758278808581024791; d3 = 9763160941600092631935520658071. 3. Computes a corresponding public key as the point: Qi = diP a. Generate a point P of order q: P = (4058138998817699569976678358233335958495037 969465, 76856892633603682571849521891630868249411614416 0); b. Generate points Q1, Q2, Q3 according to the formula Qi = diP, where i = 1, 2, 3: Q1 = (2406767665928158899446906165821747218883574 602371,562377648521692290689031507205008060 205345636991); Q2 = (3487081083780270853573894140448252379226835 10732,1402026191996080196399482770468472598 076052599809) IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.1, January 2010 56 Q3 = (4307166077833519301063322533024162005091025 R1 = (4533360075292446608850664400364711592205136 020313,528029631254915602814890591421557065 618460,11750613370622321795843486864773247621011 5514986217509). 64050095); 4. Compute the public key Q for all signers, which is equal to the sum of all individual public keys t Q = ∑ H (mi )Qi R2 = (1958279223827902047379336465285895435330140 185477,88365089082562329551442342429704943185648 52573); i =1 a. Accepts three messages, submitted H1, H2 and H3: H1= 13570809221559791016831415475191722063371217 H2= 38124989900288191553165713506343766528143317 3. R3 = (503861602885295987750955408178966743685 3794753557,2096131579330446779245516884845347130 38841468913). 4. Generate the R-point formula R = R1 + R2 + R3 (mod q): R = (2597097970263610863546069436833994580002105 70527; 418569,33049150401044008138023742824739855500155 H3= 89259990268711451315203376121177786806591925 21973383). 76033. 5. The first part e of the signature (e, s) is computed using formula: e = ( x R ) mod δ , δ = 7118198218659321028989011; 8686; b. Forms the collective public key in the form of point Q t by the formula Q = ∑ H (mi )Qi i =1 H1Q1 = (1386084349002545424511668926945575066838 e = 5079008233076932087473789. H2Q2 = (2992114315324190264281413933953962887786 6. Each signer Ui, uses his secret keys, di and ki, to sign the message H(mi) their respective. The signer Ui computes si = (k i − eH (mi )d i ) mod q s1 = 13344496387533338892374318727147312291544320 94972469,530032709442115487602206494687620629685 5289; 3312043729) s2 = 18876616532038479447102824508356125516200814 H3Q3 = (4523528487954522900878694877895556963796 27016; 345154180,41008261034809727989809969091965261993 s3 = 48506961619559911255593180845550213355803021 27733122181) 89827. P=(22842653948590033809093887809046461154863825 7. 4406,1202278174553095231135389060209649902535727 s = ∑ si mod q 407867380,45436337319588401011248458187718410043 74561021017) 110543). C. Generating the Multisignature 1. The first, second and third signer generates random k1, k2 and k3, respectively: k1 = 2090880922625982683584460167862382379; k2 = 5360383526856663700583896205266418341; k3 = 7677118810723142352012317453400887449. 2. Then the first, second and third signer generates points R1, R2 and R3, respectively, according to the formula Ri = kiP = ( x Ri , y Ri ): Compute the second part s of the signature: t i =1 s = 13500349132975379038029274938782200967760029 80409. 8. The pair (e, s) is a digital multisignature with distinguished signing responsibilities (5079008233076932087473789,135003491329753790380 2927493878220096776002980409). D. Verifying the Multisignature 1. Using the pair (e, s) compute value R': R’ = eQ + sP eQ = (455684817959588714140072672389132143860230 7875189,2883779289574756983177387955618073719731 329543379); IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.1, January 2010 sP = (1360352815531577166684912233134001496389816 081366,35432697872472357819008974041042793416447 52005600); R′= (2597097970263610863546069436833994580002105 418569,33049150401044008138023742824739855500155 21973383); 2. Compute e’ = xR’ mod δ δ = 7118198218659321028989011: e’ = 5079008233076932087473789. 3. Compare values e' and e. e’ = 5079008233076932087473789 = e. The comparison shows that the parameters e’ and e coincide. The coincidence of the values of e’ and e means that the digital multisignature is authentic. VII. CONCLUSION 57 [12] A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, 1993. [13] Minh N. H. and Moldovyan N. A., “Protocols for Simultaneous Signing Contracts,” 2009 IEEE International Conference on Advanced Technologies for Communications, October 12-14, 2009, Hai Phong, Vietnam. [14] Minh N. H., Moldovyan N. A., Minh N. L, “New Multisignature Protocols Based on Randomized Signature Algorithms,” 2008 IEEE International Conference on Research, Innovation and Vision for the Future in computing & Communication Technologies, University of Science - Vietnam National University, Ho Chi Minh City, July 1317, 2008. Proc. PP. 23.pdf, 2008. Luu Hong Dung is a Lecturer with the Le Qui Don Technical University (Ha Noi, Viet Nam). His research interests include cryptography, communication and network security. He has authored or co-authored more than 15 scientific articles, books chapters, reports and patents, in the areas of his research. He received his Master from the Le Qui Don Technical University (2001). A new multisignature scheme with distinguished signing responsibilities have been proposed. In this scheme, each group member has distinguished signing responsibility and partial contents of the message can be verified without revealing the whole message. Thus the proposed scheme is efficient as solutions of the problems of simultaneous signing a contract and package of contract, which suites well for practical application.. REFERENCES [1] Don Johnson, Alfred Menezes and Scott Vanstone, “The Elliptic Curve Digital Signature Algorithm (ECDSA),” Certicom, 2001. [2] N. Koblitz, A Course in Number Theory and Cryptography, Springer-Verlag. Berlin, 2003. - 236 p. [3] Pieprzyk J., Hardjono Th., and Seberry J., Fundamentals of Computer Security, Springer-Verlag. Berlin, 2003. - 677 p. [4] K. Itakara and K. Nakamura, “A Public Key Cryptosystem Suitable for Digital Multisignatures,” NEC Res. Dev. 71 1983, pp. 1-8. [5] L. Harn and T. Kiesler, “New Scheme for Digital Multisignature,” IEEE Electron. Lett. Vol. 25 (15), 1989, pp. 1002-1003. [6] K. Ohta and T. Okamoto, “A Digital Multisignature Scheme Based on The Fiat-Shamir Scheme,” ASIACRYPT’91, 1991, pp. 139-148. [7] T. Wu and S. Chou, “Two ID-based Multisignature Protocols for Sequential and Broadcasting Architecture,” Comput. Commun. Vol. 19 (10), 1996, pp. 851-856. [8] L. Harn, “Group-oriented (t,n) Threshold Signature and Multisignature,” IEEE Proceedings Computer and Digital Techniques, Vol. 141, No. 5, pp. 307-313, 1994. [9] C. Popescu, “A Digital Multisgnature Scheme with Distinguished Signing Responsibilities,” Studies in Informatics and Control, Vol .12, No. 3, Sep 2003. [10] V. Miller, “Uses of Elliptic Curves in Cryptography,” In Advances in Cryptology, Proceedings of Crypto'85, Lecture Notes in Computer Sciences, Springer-Verlag, pp. 417-426, 1986. [11] N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, Vol. 48, pp. 203-209, 1987. Nguyen Hieu Minh is a Lecturer with the Le Qui Don Technical University (Ha Noi, Viet Nam). His research interests include cryptography, communication and network security. He has authored or co-authored more than 30 scientific articles, books chapters, reports and patents, in the areas of his research. He received his Ph.D. from the Saint Petersburg Electrical Engineering University (2006).