A practical identity-based signature scheme

Many identity-based signature （IBS） schemes solving key escrow were proposed, But the updating of the private keys wasn＇t discussed in these literatures. For the problem of key update, an identity-based key-insulated signature scheme with secure key-updates has been proposed. But their scheme inherited the key escrow property. In this paper, we propose a new identity-based strong key-insulated signature scheme without key escrow. It makes the IBS scheme more applicable to the real world. After analyzing the security and the performance, an application example in E-passport passive authentication scenario is described.     

Escrow-Free Certificate-Based Authenticated Key Agreement Protocol from Pairings

Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement （CB-AK） protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart＇s protocol.     

A new certificateless public key encryption scheme

Certificateless public key cryptography （CL-PKC） enjoys the advantage of identity based cryptography without suffering from its inherent key escrow problem. In this paper, a new efficient certificateless public key encryption scheme is proposed and its security can reach chosen-ciphertext （CCA2） secure in the random oracle model assuming the CDH and p-BDHI problem are difficult. A comparison shows that the efficiency of the proposed scheme is better than all known paring-based certificateless public key encryption schemes in the random oracle model.     

An efficient identity-based anonymous signcryption scheme

Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter＇s privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.     

密文明文长度比可变的多变量公钥加密方案

多变量公钥密码体系是一种能保证后量子通信安全的重要方法。现今,能投入到实际应用、高效且安全的多变量公钥签名方案有很多,加密方案却很少。2013年后量子密码会议上,Tao等人提出了简单矩阵加密方案。该方案在保证安全性的前提下,具有较高的效率,但该方案的密文明文长度比固定为2。针对这一情况,对简单矩阵加密方案进行改进,提出Cubic AB加密方案。在该方案中,矩阵A的各元素由随机二次多项式构成;并选用一个扁长的矩阵来取代原方案中的B、C矩阵。使得该方案在能抵抗秩攻击的同时,密文明文长度比能灵活改变。并且随着安全性的提高,密文明文长度会相应减小,解密过程也随之加快。     

基于身份的并行增量移动云存储方案

针对移动云计算环境中的数据存储问题,提出了一种基于身份的并行增量移动云存储方案.该方案引用了并行计算思想,使用密文聚合技术,充分挖掘了现有移动客户端的性能,在效率和能耗之间达到了平衡;使用增量代理重加密算法,在将部分计算迁移至云计算中心的同时,提高其整体性能;不使用传统公钥证书,既减少了密钥管理压力,也实现了信息的保密性和完整性.实验表明,该方案提高了CPU的使用率,具有较强的可用性.     

An Improved Identity-Based Society Oriented Signature Scheme with Anonymous Signers

In this paper, we present an improved identity-based society oriented signature scheme with anonymous signers, which satisfies： （1） when members leave or join an organization, the public verification key and the signature verification procedure are unchanged; （2） a user participates in several organizations at the same time, her secret key is only related with her identity. However, no previous schemes have these two properties.     

无线传感器网络CPKAI密钥管理方案

公钥能提供对称密钥无法提供的高安全等级。基于身份的加密技术密钥管理简单、无需第三方参与,但计算复杂度较高,不适用于无线传感网;组合公钥技术存储要求低而认证规模巨大,可在芯片级实现认证,适合无线传感网,但存在合谋攻击问题。基于身份的组合公钥认证方案,将上述技术进行优势整合,采用密钥因子矩阵取代双线性映射生成密钥,有效地降低了加密/解密计算的复杂度,从而节省了网络能耗;密钥因子矩阵基于簇生成,极大地减少了密钥存储空间,并抵御了合谋攻击。从理论上分析了方案的安全性,并通过仿真实验,证明方案在计算复杂度和能效方面具有较大的优势。     

Public Key Cryptography Based on Ergodic Matrices over Finite Field

A new public key encryption scheme is proposed in this paper, which is based on a hard problem over ergodic matrices. The security of this scheme is equal to the MQ-problem： multivariate quadratic equations over finite fields. This problem has been shown to be NP-complete and can＇t be solved with polynomial time algorithm.     

A general pairwise key predistribution scheme for wireless sensor networks

This paper develops a general hypercube-based key predistribution scheme for establishing pairwise keys between sensor nodes using polynomials, which is parameterized by the dimension of hypercube and the Hamming distance threshold variables. The scheme addresses the weaknesses of existing key predistribution schemes, which have either worse security or lower efficiency. It exhibits a nice property--when the Hamming distance between any two neighboring sensor nodes is less than the pre-defined threshold, the pairwise key can be established directly. Extensive performance and security analysis shows that by increasing Hamming distance threshold value, we can trade off the resilience against node capture attack for higher probability of direct pairwise key establishment, so as to save the energy consumption which is the most important issue for sensor networks.     

Applying evolutionary algorithm to public key cryptosystems

A best algorithm generated scheme is proposed in the paper by making use of the thought of evolutionary algorithm, which can generate dynamically the best algorithm of generating primes in RSA cryptography under different conditions. Taking into account the factors of time, space and security integrated, this scheme possessed strong practicability. The paper also proposed a model of multi-degree parallel evolutionary algorithm to evaluate synthetically the efficiency and security of the public key cryptography. The model contributes to designing public key cryptography system too. Foundation item: Supported by the Hi-Tech Research and Development Foundation item: Supported by the Hi-Tech Research and Development Biography; Tu Hang (1975-), male, Ph. D candidate, research directions: Biography; Tu Hang (1975-), male, Ph. D candidate, research directions:     

标准模型下高效的基于身份的加密方案

基于身份的加密是一类很重要的公钥加密.给出了一个高效的基于身份的加密方案,提出的方案在标准模型下是针对选择密文攻击完全安全的,并运用线性无关的思路基于q-ABDHE假设证明了方案的安全性.方案具有高效性、公钥参数较短及配对计算较少的特点.     

A certificateless threshold public key encryption scheme

The decryption participant’s private key share for decryption is delegated by key generation center in the threshold IBE scheme.However,a key generation center which is absolutely trustworthy does not exist.So the author presents a certificateless threshold public key encryption scheme.Collaborating with an administrator,the decryption participant generates his whole private key share for decryption in the scheme.The administrator does not know the decryption participant’s private key share for decryption.Making use of q-SDH assumption,the author constructs a certificateless threshold public key encryption scheme.The security of the scheme is eventually reduced to the solving of Decisional Bilinear Diffie-Hellman problem.Moreover,the scheme is secure under the chosen ciphertext attack in the standard model.     

基于格的公钥加密与证书基加密简

证书基加密(CBE)结合了基于身份加密和公钥基础设施的各自优点,然而基于传统数学假设的CBE不能有效抵御量子算法的攻击.为此构建了一个基于格的CBE方案,可有效抵御量子算法的攻击.首先构建出一个基于格的公钥加密(PKE)方案,之后利用该PKE构建出基于格的CBE方案.该方案可被规约为格上的学习误差(LWE)问题,因此得到的CBE为随机不可区分选择明文攻击安全的.该方案是目前为止已知的第一个基于格的CBE方案.     

一个CCA安全的基于身份的门限加密方案

提出一个非交互的基于身份的门限加密方案,该方案在随机预言器模型下可证明是CCA安全的.首先利用一个简单的提高安全性的方法,得到一个将一般的基于身份加密方案的安全性从CPA提高至CCA的通用方法,接着运用该转化方法,构造了一个CCA安全的基于身份的门限加密方案实例且密文的传输效率较之前的方法有大幅提高.     

混合云模式下数据安全存储方案

针对混合云模式下数据安全存储与共享使用的问题,提出一种适用于混合云模式下的高效数据安全共享方案,该方案采用密文策略的属性基加密机制加密数据,通过私有云将密文数据存储在公有云上;移动用户访问云数据时,采用匿名密钥协商技术和委托加解密方法,保证用户对数据的快速访问.实验结果表明,本方案能够保证公有云上数据的安全存储,支持细粒度的访问控制,同时将大部分解密计算委托给私有云,减少移动云用户访问云数据的处理时间,使得其加解密时间为恒定值,不会随着属性的增多而线性增长.      

多PKG环境下无双线性对的基于身份AKA协议

提出一种多PKG环境下无双线性对的基于身份AKA协议, 且在随机预言模型下, 将协议的安全性证明规约到标准的计算性CDH假设。提出了相应的基于身份XCR与DCR签名体制, 通过对两处体制进行安全性证明, 实现对新协议的安全性证明。通过与已有协议的相关性能比较体现了新协议的优点。     

基于CP-ABE的自定义读写策略的云数据共享方案

为解决现有研究中用户权限分类的云存储数据共享的研究少,且已存研究算法复杂、通信开销大、安全漏洞多等问题,提出一种去中心化的用户自定义读写权限的数据安全共享方案.本文采用密文政策的基于属性的加密算法与短群签名相结合,使数据拥有者自定义只读用户和修改用户的属性条件,并将条件绑定密文托管至云服务器中,使得符合条件的用户能够自行解密数据.实验结果表明,所提云数据共享方案保证数据读写机密性,算法简单、计算量通信量小、参数少、签名长度短并且能弥补同类方案的安全漏洞.      

A new efficient blind signcryption

In a blind signcryption, besides the functions of digital signature and encryption algorithm for authentication and confidentiality, a user can delegates another user＇s capability with the anonymity of the participants guaranteed. Some blind signcryptions were proposed but without a blind signcryption with public public verifiability. In this paper, verifiability that is proved to be efficient and secure is proposed. Through the security analysis, we proved that the scheme can offer confidentiality, integrity, unforgeability, non-repudiation and public verifiability. The coming research direction is also summarized.     

一个高效安全的空间加密方案

将空间向量对应于合数群上的元素，基于三素数子群判定问题，利用双系统技术构造了一个在自适应的模型下更加有效、安全的空间加密方案.结果表明，由于不需要进行大量的矩阵运算，所提出的加密方案具有较高的效率和良好的性能.