可撤销的公钥加密方案的形式化分析

通常的密码系统,IBE或者PKI都必须提供从系统中撤销用户私钥的途径,同样PEKS也应该提供撤销陷门的方式.本文研究了可高效撤销的无需安全信道的带关键字搜索公钥加密方案的形式化定义及安全模型.基于BDH问题,可证明方案的安全性.     

VANET中面向安全通信的隐私保护协议

车载网VANETs(vehicular ad hoc networks)的隐私安全问题,提出隐私保护安全通信协议PPSCP(privacy preserving secure communication protocol)。PPSCP匿名地认证安全消息,从而保护车辆隐私,阻止非法车辆跟踪,并且平衡了隐私与身份识别的关系。同时PPSCP采用了有效的撤销机制,降低了撤销列表的尺寸。此外,PPSCP能够防御重放攻击和拒绝服务攻击。通过与S3P的安全性能对比分析,结果表明,PPSCP有效地降低了安全消息处理时延,减少了撤销列表尺寸,占用带宽少,提高数据传输率。     

基于ElGamal的概率加密公钥体制

本文基于E1Gamal体制,以迭代加密的思想,利用构造安全有效的概率公开钥密码体制的一般方法,建立了一种新的概率加密公钥体制。     

可支持属性撤销的基于 CP-ABE 可搜索加密方案

针对目前基于属性的可搜索加密方案存在密钥泄露以及不支持属性撤销的问题,提出了一种云环境下,安全高效、可支持属性撤销的基于 CP-ABE （ciphertext-policy attribute based encryption）的可搜索加密方案。该方案不仅可支持细粒度的访问控制,具有较高的计算效率,且用户密钥使用随机值盲化后提交服务器,保证了用户密钥的保密性和安全性。该方案支持用户属性的撤销,并在属性撤销过程中,将密文更新的大部分工作转移给云服务提供商完成,方案在保证安全性的前提下,进一步降低了用户的计算代价。方案的安全性基于 DL（decisional linear）假设,在通用模型下具有选择明文攻击安全,抗合谋攻击,前向安全和后向安全。     

An improved traitor tracing scheme based on bilinear map

T6 et al presented a bilinear-map-based traitor tracing scheme（TSZ scheme） with revocation, but it is a symmetric scheme because it does not provide non-repudiation. In this paper, an improved TSZ scheme was proposed by using oblivious polynomial evaluation （OPE） protocol and service parameters. Under the recondition of general sameness capabilities of both TSZ and improved TSZ scheme, the new scheme adds some advantages such as providing multi-service capability, user＇s non-repudiation and data provider＇s no-framing innocent users. Furthermore, it is also proved to be semantically secure under the decisional bilinear Diffie-Hellman （DBDH problem） assumption.     

Threshold Subliminal Channel Based on Designated Verifier Signature

The subliminal channel is used to send a secret message to an authorized receiver; the message cannot he discovered by any unauthorized receivers. Designated verifier signature （DVS） provide authentication of a message, we design a DVS scheme with message recovery mechanism and use it as a subliminal channel. In order to share a message among n users securely and allows t or more users can reconstruct the secret in dynamic groups, we combine both subliminal channel and （t, n） threshold cryptography. Then we proposed a threshold subliminal channel which can convey a subliminal message to a group of users based on message-recovery designated verifier signatures. Reconstructing the subliminal message relies on the cooperation of t or more users in the group and they can verify the validity of the subliminal message. Security and performance analysis show that the proposed scheme is secure and efficient.     

Privacy Preserving and Delegated Access Control for Cloud Applications

In cloud computing applications, users' data and applications are hosted by cloud providers. This paper proposed an access control scheme that uses a combination of discretionary access control and cryptographic techniques to secure users' data and applications hosted by cloud providers. Many cloud applications require users to share their data and applications hosted by cloud providers. To facilitate resource sharing, the proposed scheme allows cloud users to delegate their access permissions to other users easily. Using the access control policies that guard the access to resources and the credentials submitted by users, a third party can infer information about the cloud users. The proposed scheme uses cryptographic techniques to obscure the access control policies and users' credentials to ensure the privacy of the cloud users. Data encryption is used to guarantee the confidentiality of data. Compared with existing schemes, the proposed scheme is more flexible and easy to use. Experiments showed that the proposed scheme is also efficient.     

Dynamic broadcast encryption scheme with revoking user

Currently, there still lacks an efficient methodology to revoke user’s ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Second, the scheme also works when users dynamically join. Especially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user’s ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Decisional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.     

支持追责和用户撤销的属性基加密方案

针对当前属性基加密系统中用户与中心滥用密钥以及用户解密权限的撤销问题, 提出一种支持追责和用户撤销的属性基加密方案. 该方案使用“不动点”作为密钥拥有者的标识符, 实现了对恶意用户的身份追踪; 通过用户与中心交互生成解密密钥, 解决了半信任中心滥用密钥的问题; 利用完全子集方案和自更新加密方案实现了用户的即时撤销, 并达到了前向/后向安全性; 同时使用Paillier加密体制, 避免了追踪过程中的存储代价. 该方案无需在系统建立阶段预先确定属性个数, 且在标准模型下被证明是选择明文安全的.     

一种非对称数据传输方案及其在管理信息系统中的应用

从分析加密算法国际标准和流行的商业加密系统入手,结合实际管理信息系统的数据及操作特点,基于先进加密标准（AES）、非对称公钥系统（RSA）和信息摘要Hash算法（MD5）提出了一种非对称数据安全传输方案,并利用C#语言开发了相应的程序并进行了系统测试。结果表明,该混合加密系统结构设计合理、完整,实现了管理信息系统数据的安全存储和安全传输,在具有足够加密强度的前提下,优化了操作流程,提高了系统性能。     

Efficient hierarchical identity based signature scheme in the standard model

Hierarchical identity based cryptography is a generalization of identity based encryption that mirrors an organizational hierarchy. It allows a root public key generator to distribute the workload by delegating public key generation and identity authentication to lower-level public key generators. Most hierarchical identity based signature schemes are provably secure in the random oracle model or the weak models without random oracles such as gauntlet-ID model. Currently, there is no hierarchical identity based signature scheme that is fully secure in the standard model, with short public parameters and a tight reduction. In this paper, a hierarchical identity based signature scheme based on the q-SDH problem that is fully secure in the standard model is proposed. The signature size is independent of the level of the hierarchy. Moreover, our scheme has short public parameters, high efficiency and a tight reduction.     

支持用户撤销的多授权机构的属性加密方案

目前多数基于属性加密的云存储访问控制研究是基于单授权机构,系统内仅有一个授权机构为用户颁发属性密钥,可信而好奇的单授权机构会凭借用户提交的属性对用户的身份、职业等隐私信息进行判断和推测,特别是在单授权机构不可信或遭受恶意攻击的情况下,可能造成密钥泄露而导致云端数据被非法解密。为了避免上述两种安全问题,结合现有的多授权机构的思想,使不同权限的授权机构管理不同属性并进行属性相关密钥分发,大大降低了单一信任机构的工作量,解决了单授权机构下的密钥泄露或滥用问题,同时提高了用户的隐私数据保护;通过访问树技术实现了AND、OR及Threshold灵活访问策略,且将用户身份标识设置在访问树中来实现用户的撤销,撤销出现后只需更新部分密文而无需更新属性密钥,因而减少了计算开销。在标准模型下证明了该方案在选择身份属性攻击模型下是安全的,其安全性规约到判定性双线性Diffie-Hellman(decisional bilinear Diffie-Hellman, DBDH)问题。     

可撤销属性的格基属性加密方案

针对量子环境下属性加密体制中属性撤销的问题,结合Zhang等提出的格上基于密文的属性加密方案,在格上构建了一个可撤销属性的格基属性加密方案。通过属性撤销列表,在二叉树结构下将未被撤销属性对应的密钥进行更新,从而达到撤销属性的目的。利用Shamir门限秘密共享的思想,实现了门限访问控制策略。该方案在随机预言机模型下是选择性安全的,安全性规约到错误学习问题。分析表明该方案在量子攻击下是安全的,并且支持灵活的门限访问控制策略。     

一种优化的多变量加密方案

在对原MFE加密方案进行了分析，它不能抵抗SOLE攻击；在原有基础上改进了原方案的中心映射，改进的方案使攻击者不能得到相关的线性化方程，从而抵抗SOLE攻击；分析表明新方案不仅能够抵御SOLE攻击，而且能抵御秩攻击和Grobner攻击，是一种更为安全的多变量公钥加密方案。     

Attribute-Based Encryption for Circuits on Lattices

In the previous construction of attributed-based encryption for circuits on lattices, the secret key size was exponential to the number of AND gates of the circuit. Therefore, it was suitable for the shallow circuits whose depth is bounded. For decreasing the key size of previous scheme, combining the techniques of Two-to-One Recoding （TOR）, and sampling on lattices, we propose a new Key-Policy Attribute-Based Encryption （KP-ABE） scheme for circuits of any arbitrary polynomial on lattices, and prove that the scheme is secure against chosen plaintext attack in the selective model under the Learning With Errors （LWE） assumptions. In our scheme, the key size is proportional to the number of gates or wires in the circuits.     

基于秘密共享的多播密钥管理技术研究

多播密钥管理是确保多播安全通信的核心问题.目前,多播密钥管理多采用基于密钥树的方法,存在控制复杂、难于分布式管理、可靠性和安全性差、密钥存储量大等问题.介绍了基于秘密共享机制进行多播密钥管理的研究进展和相关成果,主要内容包括无条件安全的多轮撤消方案、基于秘密共享的多播密钥管理、多服务组密钥管理以及具有容侵能力的多播密钥管理技术.该研究为解决目前多播密钥管理存在的问题提出了新的思路和方法.     

可快速撤销的基于椭圆曲线的代理签名

针对椭圆曲线离散对数问题的困难性提出一个具备快速撤销功能的代理签名方案.该方案引入一个安全中介SEM,生成部分代理签名,再由指定代理签名人生成完整的代理签名.代理签名人只有与SEM合作才能生成有效的签名,使得方案具有快速撤销的功能.     

An ideal lattice based IBE scheme in the standard model

Under the standard model,an IND-sID-CPA secure IBE (Identity Based Encryption) scheme is proposed,which is based on an improved trapdoor generation function over ring and decisional R-LWE (ring-learning with errors) assumption,thus the hardness of recovering system master key can be reduced to solve the Ideal-SIS (small integer solution) problem,and the attack to the ciphertext is equivalent to solving the SVP (the shortest vector problem) in the worst case on ideal lattice to within a fixed poly(n) factor.Moreover,the proposed scheme has advantages of high encryption and decryption speed and low encryption blowup factor compared with all known IBE scheme from the standard lattice under the standard model.     

异构信任域的跨域授权

针对跨IBE(基于身份加密)和PKI(公开密钥基础构架)异构域可信互联,提出一种实现跨域授权的解决方案.该方案将PKG和CA作为各自域TPKG和TCA内用户的代理,并把它们注册到对方域内成为特殊用户ClientPKG和ClientCA,借助映射后的ClientPKG和ClientCA构成跨异构域信任链,真实、客观地实现了PKI和IBE域内任意用户的跨域授权.     

基于单向函数树的高效分布式组密钥管理方案

针对集中式组密钥管理方案具有单失效点和密钥非公平产生等问题提出了一种基于单向函数树的高效分布式组密钥管理方案(D-OFT)。在该方案中,组密钥由所有合法用户共同协商产生,避免了不公平性;同时,该方案中采用分布式管理,不会形成单失效点;密钥更新消息长度保持在O(log n),具有良好的密钥更新效率;此外,方案中提供的用户加入组、离开组、组合并、组分裂等密钥更新算法均满足前向、后向安全性要求。结果表明:D-OFT方案非常适用于无中央控制节点且组成员关系动态变化的中小规模分布式安全组通信系统。