Two-Party Authenticated Key Agreement in Certificateless Public Key Cryptography

0 Introduction To simplify the management of certificates of tradi- tional PKI, Shamir[1] proposed the identity-based public key cryptography (ID-PKC) in which the public key of each party is derived directly from certain aspects of its identity, for exam…     

A new certificateless public key encryption scheme

Certificateless public key cryptography （CL-PKC） enjoys the advantage of identity based cryptography without suffering from its inherent key escrow problem. In this paper, a new efficient certificateless public key encryption scheme is proposed and its security can reach chosen-ciphertext （CCA2） secure in the random oracle model assuming the CDH and p-BDHI problem are difficult. A comparison shows that the efficiency of the proposed scheme is better than all known paring-based certificateless public key encryption schemes in the random oracle model.     

基于验证元的多密钥跨域交换协议

摘要:跨域的口令密钥交换协议(C2C-PAKE),可以使处于不同区域的用户通过不同的口令协商出共享会话密钥。本文针对大多数现存的跨域交换协议均需要依赖公钥密码算法效率较低的情况,在一个高效的三方密钥交换协议的基础上,提出了一个基于验证元的跨域密钥交换协议,该协议执行一次就能生成四把会话密钥,且无需使用公钥密码算法,与同类协议相比具有很高的效率。通过安全性分析证明,本文提出的协议能够抵御已知的各种攻击。     

An efficient two-party key exchange protocol with strong security

Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman (DDH) assumption. The protocol can keep the session key secret from the adversary except that one party’s ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.     

An Improved ID-Based Group Key Agreement Protocol

ID-based constant-round group key agreement protocols are efficient in both computation and communication, but previous protocols did not provide valid message authentication. An improvement based on attack analysis is proposed in this paper. The improved method takes full advantage of the data transmitted at various stages of the protocol. By guaranteeing the freshness of authentication messages, the authenticity of the generator of authentication messages, and the completeness of the authenticator, the improved protocol can resist various passive and active attacks. The forward secrecy of the improved protocol is proved under a Katz-Yung （KY） model. Compared with existing methods, the improved protocol is more effective and applicable.     

基于半直积的密钥交换协议的群论密码分析

群论密码学被认为是抗量子计算机攻击的一种现代密码候选解决方案,而因特网上的密钥交换协议是保障通信安全的基元之一.不同于所有Diffie-Hellman类协议的工作原理,2016年Habeeb等人基于两群的半直积而安全性基于比目前"离散对数难题"更强的计算群论假设,提出了一个带宽高效的密钥交换协议.严格证明其代数系统成群,并构建该群到经典定义的半直积群之间的一个同构.结果表明,其半直积系统并非真正创新的代数系统,从而其被动安全性在未来具有一定的脆弱性.     

基于Pairing的可认证的群密钥协商协议

基于Pairing计算和密钥树提出了一种高效的动态群密钥协商方案.通过引入群公钥证书并在群密钥中结合群以及成员的长期密钥和临时密钥,提供了隐含密钥认证,以有效地对抗中间人攻击.此外,该方案的设计思想可以作为一种通用方法,把可认证两方Diffile-Hellman协议扩展到群环境.     

基于身份的移动网动态可认证群组密钥协商协议

群组密钥协商是保证无线网络群组安全通信的重要工具之一。2007年,Tseng等提出一种适合无线移动网络的高效群组密钥协商协议。对Tseng协议安全性进行分析,发现Tseng协议不具备认证性,不能抵御主动攻击。因此,通过改进Tseng协议,提出一种新的动态可认证群组密钥协商协议。该协议基于身份的公钥密码体制,降低了建立和管理公钥基础设施的代价;同时,协议支持节点间的相互认证。分析结果表明：协议满足群组密钥所要求的安全准则,降低了普通节点的计算和通信成本。     

自同构群在公钥密码学中的应用

综述了近年来自同构群在公钥密码学中的应用及其最新进展。MOR密码系统是ElGamal密码系统在非交换群上的推广,更具有一般性。以几类经典的非交换群(如单位三角矩阵群、特殊线性群、幂零群、有限p群等)为主线,介绍了MOR密码系统在这些非交换群的自同构群下的研究成果及自同构群的一个应用:密钥交换协议。为了实现安全、高效的MOR密码系统,最后给出了仍需深入研究的一些问题。     

基于HFE公钥密码的单向壳核函数构造方案

针对构造公钥密码时, 出现函数单向性和陷门性矛盾的问题, 提出了一种新型的公钥密码体制单向壳核函数。根据HFE公钥密码的设计思想和结构特征, 给出了单向壳核函数的构造方案, 并研究了其能抵抗现有的主要攻击方法。与传统公钥密码体制相比, 单向壳核函数包容性更广, 变化更多, 安全性更高, 为人们提供了一种灵活性更强的公钥密码体制。     

由群论中换位子实现的密钥交换及其应用

密钥交换协议能够在两个人或多个人之间通过一个协议取得密钥并用于进一步的数据加密.基于群论中换位子的思想设计密钥交换协议,探讨置换群和矩阵群中由换位子实现的密钥交换及其应用.     

基于可编程逻辑器件的单向壳核函数构造方法

针对构造公钥密码时出现函数单向性和陷门性矛盾的问题, 通过引入单向壳核函数新型公钥密码体制, 根据可编程逻辑器件PLD的设计思想和结构
特征, 给出一种单向壳核函数的构造方法, 其安全性等同于一次一密. 与传统公钥密码体制相比, 单向壳核函数具有更广的包容性和更高的安全性, 是一种灵活性更强的公钥密码体制.     

异构无线网络混合认证模型

在分析现有异构无线网络认证方法的优点和不足的基础上,提出一种结合证书公钥和身份公钥的混合认证模型.在该认证模型中,用户与本地认证服务器及外地认证服务器之间的认证采用身份公钥体制,本地认证服务器与外地认证服务器之间采用证书公钥体制.该混合认证模型具有匿名性,可扩展性好,降低了资源消耗,符合异构无线网络的应用需求.安全性分析表明该模型在C-K模型下是安全的.     

Trust Authentication Protocol on the Web

0 IntroductionTihner ter aedxiitsitosn aal c cloosmepdu cteernt esrys tmeamna.g eEmacehnt e snetictuyri tiny idto musaeinsone or more identities to act . The basic assumption in thissystemis the entities had been known.Inclosed systems ,thelegiti mate users had been known,andthe association betweenrights of users and resources was established. Trust relation-ship had been existed actuallyinit .Purpose of authenticationis to distinguish whether or not the users had beenauthorized.However ,it …     

一个有效的基于身份的群密钥协商协议

针对Bae Eun Jung协议需要2轮广播的问题,提出了一个有效的基于身份的群密钥协商协议.新协议适于动态群,当群中有用户加入或退出时仅需计算2次MB协议,而且消息广播只用了1轮.与Bae Eun Jung协议相比,降低了通信量.     

Authenticated Diffie-Hellman key agreement protocol with forward secrecy

Forward secrecy is an important security property in key agreement protocol. Based on Ham＇s protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Ham＇s protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user＇s secret key and it is very beneficial to today＇s communication with portable devices.     

基于签密技术的可认证密钥协商协议

对Zheng的可认证密钥协商协议进行改进，提出基于身份签密的可认证密钥协商协议。该协议具有签密技术的优点，在同一个逻辑步内同时实现了认证和加密两项密码功能，提高了协议的效率；基于身份的公钥密码系统的使用，降低了建立和管理公钥基础设施的代价，用户无需存储、管理和传输公钥及其证书；另外，椭圆曲线上双线性对使协议能以短的密钥和小的计算量实现同等安全要求。文中所提的可认证密钥协商协议具有计算量和传输量小，安全性高的特点。     

一种安全高效的认证密钥协商协议

SAKA协议不具有密钥泄露安全性。为此，按照L．Law所定义的认证密钥协商协议的安全特性，提出一种基于椭圆曲线密码体制的安全高效认证密钥协商协议——SEAK协议。对本协议的安全性进行分析，证明了它在ECDH难解的前提下是安全的协议；因为SEAK协议平均只需2个整乘和2次信息交换次数，所以它是一个高效率的协议。     

Escrow-Free Certificate-Based Authenticated Key Agreement Protocol from Pairings

Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement （CB-AK） protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart＇s protocol.     

群密钥协商协议的效率分析

给出了两类群密钥协商协议的效率比较,它们分别是基于口令群密钥协商协议和基于双线性对群密钥协商协议。比较的结果为对密钥协商协议的安全性分析,形式化证明及设计更有效、更安全的群密钥协商协议提供了很大的帮助。