基于MGSW15方案的分组密码电路的同态运算

全同态加密(FHE)允许在不知道秘密信息的前提下对密文进行任意运算,已成为大数据和云安全背景下的热门研究方向,近年来取得了重大进展.但在实际应用中全同态加密仍面临诸多问题,其中严重的密文扩张给密文传输带来了巨大压力,通过将全同态加密方案与对称密码相融合可以有效解决这一问题.GSW类型的全同态加密方案效率较高,且进行同态计算不需要再线性化技术,本文选取了支持并行操作的MGSW15方案,其密文可以转化为任意基于LWE的FHE方案的密文.给出了在云计算背景下基于MGSW15方案实现密文压缩的基本框架,并利用该方案分别同态计算实现了分组密码AES-128、PRINCE、SIMON-64/128电路,根据每种分组密码的结构特点对其明文分组采用多种切割方式以提高同态运算效率,最后对效率和安全性进行了分析.结合AES算法的安全性、通用性以及轻量级分组密码算法PRINCE和SIMON的高效性,本文的工作在实际应用中效率更高、应用范围更广,密文传输量与明文规模的比值趋近于1,且传输1比特明文只需进行O(1)次同态乘法.     

An Improved Ciphertext Retrieval Scheme Based on Fully Homomorphic Encryption

In order to guarantee the user's privacy and the integrity of data when retrieving ciphertext in an untrusted cloud environment, an improved ciphertext retrieval scheme was proposed based on full homomorphic encryption. This scheme can encrypt two bits one time and improve the efficiency of retrieval. Moreover, it has small key space and reduces the storage space. Meanwhile, the homomorphic property of this scheme was proved in detail. The experimental results and comparisons show that the proposed scheme is characterized by increased security, high efficiency and low cost.     

标准模型下高效的基于身份的加密方案

基于身份的加密是一类很重要的公钥加密.给出了一个高效的基于身份的加密方案,提出的方案在标准模型下是针对选择密文攻击完全安全的,并运用线性无关的思路基于q-ABDHE假设证明了方案的安全性.方案具有高效性、公钥参数较短及配对计算较少的特点.     

New chaotic image encryption algorithm based on cross-mapping

Chaotic cryptography has been applied to image encryption;however,only the traditional low-dimensional chaotic systems has been widely analyzed or deciphered,which does not show satisfied security and efficiency.To solve this problem,a new algorithm based on cross-chaos map has been created in this article.The image pixels are scrambled under control of high-dimensional chaotic sequence,which is generated by cross chaotic map.The image pixels are substituted by ciphertext feedback algorithm.It can relate encryption required parameters with plaintext and can make a plaintext byte affect more ciphertext bytes.Proved by theoretical analysis and experimental results,the algorithm has higher complex degree and has passed SP800-22 pseudo-random number standard tests,and it has high encryption speed,high security,etc.It can be widely applied in the field of image encryption.     

视觉盲计算技术研究进展

 云计算和大数据的广泛应用使得多媒体数据的隐私保护面临越来越严峻的挑战,而多方计算、同态密码、函数加密等密码技术为数据在密文下的盲计算奠定了基础。视觉盲计算是在不接触图像、视频等视觉数据原始内容的情况下对其进行检测、识别、检索及更复杂的处理,是计算机视觉与密码学等领域学科交叉的新方向,在视频监控、多媒体数据共享、云计算、移动计算等领域有广泛的应用前景。本文回顾视觉盲计算技术的发展历史,从隐私保护的视频监控、人脸检测、人脸识别、人脸检索、机器学习等方面综述了该领域关键技术的发展情况,展望了视觉盲计算技术的发展趋势。     

New constructions of identity-based threshold decryption

In this paper, based on the verifiable pair and identity-based threshold cryptography, a novel identity-based (ID-based) threshold decryption scheme (IDTDS) is proposed, which is provably secure against adaptive chosen ciphertext attack under the computational bilinear Diffie-Hellman (CBDH) problem assumption in the random oracle. The pubic checkability of ciphertext in the IDTDS is given by simply creating a signed ElGamal encryption instead of a noninteractive zero-knowledge proof. Furthermore, we introduce a modified verifiable pairing to ensure all decryption shares are consistent. Our scheme is more efficient in verification than the schemes considered previously.     

用于实现医学图像对比度增强的密文域可逆信息隐藏算法

针对现有密文域医学图像可逆信息隐藏算法存在解密图像视觉质量较低的问题,提出了一种基于差值直方图平移的密文域可逆信息隐藏算法。首先,发送方采用具有同态密文比较性质的加密算法对原始医学图像进行加密,从而保证医学图像的隐私内容不被泄露。然后,嵌入方利用同态性质对接收到的密文图像计算差值直方图,并通过平移差值直方图在密文图像中嵌入信息。为了获得较大的嵌入率,嵌入方可对密文图像进行多轮次信息嵌入。最后,接收方根据拥有的密钥种类对接收到的含有嵌入信息的密文图像进行信息提取、图像解密和图像恢复。实验结果表明,本文算法提升了解密医学图像的视觉质量,同时具有较高的嵌入率和安全性。     

A Practical Approach to Attaining Chosen Ciphertext Security

Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications （e. g. key transport）, and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the （adaptively） chosen eiphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.     

基于Paillier和PSI的多关键字可搜索加密方案

围绕多关键字的高效密文搜索和数据安全性保障问题,展开分析与研究,基于同态加密和私有集合交集技术,提出一种面向多关键字的高效的保护搜索模式的可搜索加密方案.该方案使用随机数填充和Paillier同态加密方法构造安全索引和陷门,保护了索引隐私和陷门隐私,进而保护了搜索模式;该方案通过私有集合交集技术进行连接多关键字搜索,搜索中只使用到了乘法和指数运算,与其他方案相比大大提高了效率;安全性和性能分析表明,该方案具有可搜索加密的语义安全性,可以高效地实现对密文的多关键字搜索,且具有良好的计算代价.     

完全安全匿名的身份型广播加密方案

针对现有的广播加密方案效率与安全性难以兼顾的事实,利用Waters双系统密码技术及混合阶群双线性运算的正交性,提出了一个双系统密码技术下的公钥匿名的身份型广播加密方案.该方案建立在标准模型下,具有尺寸固定的短的密文与密钥,更无需使用任何哈希函数及随机标签,具有较高的计算效率与存储效率,其安全性依赖于3个简单的静态假设.证明结果显示,所提出的方案达到了匿名性及完全安全性的高安全级别要求.     

数据库系统中一种更安全的加密机制

针对数据库中数据的保密性问题,分析了目前已有的一些加密机制,提出了一种基于密文索引的新的查询方法.此方法在查询速度上比全表或属性段脱密的方法快,在保密性上解决了基于密文索引的查询方法所存在的信息泄漏问题,并指出了基于密文索引的数据库加密机制需要进一步研究和解决的若干问题.     

云存储安全关键技术分析

随着云计算的流行,云存储也得到了广泛的关注和支持。但云存储自身的数据安全问题阻碍其推广应用,云存储的安全问题也不仅仅是传统安全能够完全解决的,这其中涉及到一些新的关键技术和管理技术。本文主要对云存储安全中的数据加密存储与检索、密文访问控制等关键技术进行了分析。     

一种基于Kolmogorov方程与ICMIC的图像加密方案

针对图像传输的安全性问题,利用Kolmogorov方程解的Markov性以及无限折叠的迭代混沌映射(iterative chaotic map with infinite collapses, ICMIC)的混沌性,提出了一种可以抵御选择明文攻击的对称加密方案。首先通过设置Kolmogorov方程的系数矩阵与初始状态作为密钥参数产生转移概率矩阵,其次将转移概率矩阵输入ICMIC并由得到的结果确定密钥序列,最后由密钥序列与明文图像做模2加法运算生成密文图像。通过Matlab程序对加密方案进行实验仿真,密文图像信息熵为7.99以上,NPCR值超过99%,UACI值超过33%。实验结果表明该加密方案具有较高安全性,可以有效抵御统计攻击与差分攻击等。     

一种用于终端小型设备的轻量级椭圆曲线加密算法

针对物联网系统终端小型设备微处理器低运算效率和低存储空间的特点,本文提出一种基于椭圆曲线加密 (elliptic curve cryptography,ECC)的轻量级加密算法。首先在确定的椭圆曲线上随机选取两个不同点生成密钥,然后在加密过程中用点加、点减与倍点运算代替标量乘运算,最后对密文进行加盐处理。实验结果表明,与目前广泛应用的基于ECC的ElGama加密算法相比,改进后的加密算法密文长度减少25%,加解密速率提高200%。     

Instantiate random oracles in OAEP with pseudorandom functions

This paper focuses on the instantiation of random oracles in public key encryption schemes. A misunderstanding in the former instantiations is pointed out and analyzed. A method of using this primitive as a substitution of random oracles is also proposed. The partial and full instantiations of random oracles in optimal asymmetric encryption padding （OAEP） implemented by pseudorandom functions are described and the resulted schemes are proven to be indistinguishable secure against adaptive chosen ciphertext attack （IND-CCA2） secure. Using this method, one can transform a practical public key encryption scheme secure in the random oracle model into a standard-model secure scheme. The security of the scheme is based on computational assumptions, which is weaker than decisional assumptions used in Cramer- Shoup like schemes.     

基于超混沌与圆锥曲线的混合加密算法

为解决数据安全问题,通过对超混沌加密与圆锥曲线加密算法进行研究,设计了一种基于超混沌与圆锥曲线的混合加密算法。首先运用两个超混沌系统产生一个无关联性的超混沌序列,然后将明文与超混沌序列执行异或操作实现首次加密,再将加密后的密文作为圆锥曲线加密的明文进行二次加密。通过实验对比分析可知,一方面该算法具有密钥空间大、密文统计特性良好、密钥敏感性高的优点;另一方面经过双重加密后的明文与密文之间没有直接联系,无法通过选择特殊的明文、密文对的办法破解密钥序列,且算法中的非线性运算,能抵御选择明文攻击,可见提高了算法安全性。     

A novel fully homomorphic encryption scheme bsed on LWE

Although the learning with errors(LWE)-based full homomorphic encryption scheme was the first example of deviation from the original Gentry’s blueprint, the scheme did not give detailed conversion process of circuit layer structure, and must rely on bootstrapping technique to achieve full homomorphism. Therefore, through modifying the re-linearization technique proposed by the above scheme, a technique called non-matrix key switching is presented, which includes key switching with re-linearization and pure key switching. The complex matrix operations of existing key switching technique are removed. Combining this technique with modulus switching, a (leveled) fully homomorphic encryption scheme without bootstrapping from LWE is constructed. In order to make circuit layer structure clear, the scheme gives detailed refresh door operation. Finally, we use bootstrapping to upgrade arithmetic circuit to any layer, and make the homomorphic computing capability of the scheme have nothing to circuit depth.     

A new certificateless public key encryption scheme

Certificateless public key cryptography （CL-PKC） enjoys the advantage of identity based cryptography without suffering from its inherent key escrow problem. In this paper, a new efficient certificateless public key encryption scheme is proposed and its security can reach chosen-ciphertext （CCA2） secure in the random oracle model assuming the CDH and p-BDHI problem are difficult. A comparison shows that the efficiency of the proposed scheme is better than all known paring-based certificateless public key encryption schemes in the random oracle model.     

基于Ring-LPN的高效公钥加密方案

LPN(Learning Parity With Noise)问题是构造后量子密码方案的基础问题之一。基于LPN构造的密码方案具有计算速度快和抗量子计算攻击的优点,但基于普通LPN构造的密码方案存在密钥空间大这一影响其可用性的缺点。基于结构化的LPN（比如Ring-LPN、 Toepliz-LPN等）构造公钥密码可以降低存储要求,进一步提高方案的效率。因此,利用Ring-LPN的特有优势并结合标签加密构造技术,提出并证明了环上的背包问题,设计了一个基于Ring-LPN且CCA（Chosen-Ciphertext-Attacks）安全的公钥加密方案。与基于普通LPN的同类型密码方案相比较,所提出的方案以环多项式向量为公私钥,在计算上采取快速傅里叶变换,可以大幅提高加解密速率,因此方案具有更小的计算开销和存储开销;与达到相同安全级别的LPN方案相比,所需的样本数更少,密文扩展率更小。同时,方案的CCA安全性在标准模型下归约到了Ring-LPN假设。     

Efficient hierarchical identity based signature scheme in the standard model

Hierarchical identity based cryptography is a generalization of identity based encryption that mirrors an organizational hierarchy. It allows a root public key generator to distribute the workload by delegating public key generation and identity authentication to lower-level public key generators. Most hierarchical identity based signature schemes are provably secure in the random oracle model or the weak models without random oracles such as gauntlet-ID model. Currently, there is no hierarchical identity based signature scheme that is fully secure in the standard model, with short public parameters and a tight reduction. In this paper, a hierarchical identity based signature scheme based on the q-SDH problem that is fully secure in the standard model is proposed. The signature size is independent of the level of the hierarchy. Moreover, our scheme has short public parameters, high efficiency and a tight reduction.