Instantiate random oracles in OAEP with pseudorandom functions

This paper focuses on the instantiation of random oracles in public key encryption schemes. A misunderstanding in the former instantiations is pointed out and analyzed. A method of using this primitive as a substitution of random oracles is also proposed. The partial and full instantiations of random oracles in optimal asymmetric encryption padding （OAEP） implemented by pseudorandom functions are described and the resulted schemes are proven to be indistinguishable secure against adaptive chosen ciphertext attack （IND-CCA2） secure. Using this method, one can transform a practical public key encryption scheme secure in the random oracle model into a standard-model secure scheme. The security of the scheme is based on computational assumptions, which is weaker than decisional assumptions used in Cramer- Shoup like schemes.     

Universal designated multi verifier signature scheme without random oracles

In this paper, we re-formalize the security notions of universal designated multi verifier signature （UDMVS） schemes. Then the first UDMVS scheme is presented in the standard model （i.e. without random oracles） based on Waters＇ signature scheme. In this setting, a signature holder can to designate the signature to multi verifiers. Moreover, the security of our proposed scheme is based on the Gap Bilinear Difffie-Hellman assumption.     

A secure and efficient ( t, n ) multi-secret sharing scheme

Based on Shamir's secret sharing, a (t, n) multi-secret sharing scheme is proposed in this paper.p secrets can be shared amongn participants, andt or more participants can co-operate to reconstruct these secrets at the same time, butt−1 or fewer participants can derive nothing about these secrets. Each participant's secret shadow is as short as each secret. Compared with the existing schemes, the proposed scheme is characterized by the lower complexity of the secret reconstruction and less public information. The security of this scheme is the same as that of Shamir's threshold scheme. Analyses show that this scheme is an efficient, computationally secure scheme. Foundation item: Supported by the Special Funds for Major State Basic Research Program of China (973 Program) (G19990358-04) Biography: PANG Liao-jun(1978-), male, Ph. D candidate, research direction: Internet security, cryptography, secure mobile agent system and e-commerce security technology.     

A practical identity-based signature scheme

Many identity-based signature （IBS） schemes solving key escrow were proposed, But the updating of the private keys wasn＇t discussed in these literatures. For the problem of key update, an identity-based key-insulated signature scheme with secure key-updates has been proposed. But their scheme inherited the key escrow property. In this paper, we propose a new identity-based strong key-insulated signature scheme without key escrow. It makes the IBS scheme more applicable to the real world. After analyzing the security and the performance, an application example in E-passport passive authentication scenario is described.     

Another ID-Based Proxy Signature Scheme and Its Extension

So fur, the security of many proxy signatures has seldom been considered in a formal way and most of them cannot satisfy nonepudiation. In this work, a novel ID-based （Identity-based） proxy signature scheme is proposed by combining the proxy signature with ID-based public cryptography, and they formalize the notion of security for ID-based proxy signature schemes. And show that the security of the proposed scheme is secure. Compured with other proxy signature schemes, it does not need a secure channel. Thus, it is particularly suitable for the unreliable network computation environment. Finally, they extend proposed scheme to a proxy multi-signature which has the following advantages （1） the size of proxy multi- signature is independent of the number of delegating users; （2） the computation cost of proxy multi-signature only need two Weil paring.     

An efficient identity-based anonymous signcryption scheme

Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter＇s privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.     

Efficient hierarchical identity based signature scheme in the standard model

Hierarchical identity based cryptography is a generalization of identity based encryption that mirrors an organizational hierarchy. It allows a root public key generator to distribute the workload by delegating public key generation and identity authentication to lower-level public key generators. Most hierarchical identity based signature schemes are provably secure in the random oracle model or the weak models without random oracles such as gauntlet-ID model. Currently, there is no hierarchical identity based signature scheme that is fully secure in the standard model, with short public parameters and a tight reduction. In this paper, a hierarchical identity based signature scheme based on the q-SDH problem that is fully secure in the standard model is proposed. The signature size is independent of the level of the hierarchy. Moreover, our scheme has short public parameters, high efficiency and a tight reduction.     

Provably Secure Convertible Directed Partially Blind Signatures

Combining the concept of partially blind signature with the concept of directed signature, we introduce a new concept of convertible directed partially blind signature （CDPBS）, in which only the signer and the user can verify, confirm and disavow the validity of given signatures and convert given signatures into universally verifiable ones, to meet the need of signing personally or commercially sensitive messages. We give a formal definition of CDPBS and propose a concrete provably secure CDPBS scheme. The proposed scheme is efficient and secure, in which its unforgeability is the same as that of the Schnorr＇s signature scheme and its untransferability relies on the hardness of the decisional Diffie-Hellman problem. Furthermore, by letting the user＇s private key be a common constant, the proposed scheme can be used as a normal partially blind signature scheme.     

Efficient privacy enhanced software registration with ID-based blind signatures

In existing software registration schemes, the privacy of users is not taken into account and may be in the risks of abuses. In this paper, we proposed a novel software registration system which can greatly reduce unauthorized use of software while keeping the privacy of users. To the best of our knowledge, this is the first system that the privacy of users is guaranteed in software registration. Our system enjoys a modular design and can be implemented by any secure ID-based partially blind signature scheme. Furthermore, the proposal allows flexible registration information definition. This feature makes our scheme flexible and practical for more software registration applications.     

Publicly Verifiable Distributed Proxy Blind Signature Scheme

In this present paper, we propose a new proxy blind signature scheme, which is publicly verifiable distributed. The algorithm uses the idea of secret sharing schemes to distribute original signer＇s ability and the power of the proxy signer, and ensure the property of publicly verifiable secret sharing schemes. A new concept ＂verifiable time period＂ is also introduced to reduce the time cost in the period of verifications and increases the efficiency of our scheme.     

Comment Fail-Stop Blind Signature Scheme Design Based on Pairings

Fail-stop signature schemes provide security for a signer against forgeries of an enemy with unlimited computational power by enabling the signer to provide a proof of forgery when a forgery happens. Chang et al proposed a robust fail-stop blind signature scheme based on bilinear pairings. However, in this paper, it will be found that there are several mistakes in Chang et al＇s fail-stop blind signature scheme. Moreover, it will be pointed out that this scheme doesn＇t meet the property of a fail-stop signature： unconditionally secure for a signer. In Chang et al＇s scheme, a forger can forge a valid signature that can＇t be proved by a signer using the ＂proof of forgery＂. The scheme also doesn＇t possess the unlinkability property of a blind signature.     

A new certificateless public key encryption scheme

Certificateless public key cryptography （CL-PKC） enjoys the advantage of identity based cryptography without suffering from its inherent key escrow problem. In this paper, a new efficient certificateless public key encryption scheme is proposed and its security can reach chosen-ciphertext （CCA2） secure in the random oracle model assuming the CDH and p-BDHI problem are difficult. A comparison shows that the efficiency of the proposed scheme is better than all known paring-based certificateless public key encryption schemes in the random oracle model.     

A new secure password authentication scheme using smart cards

Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed. The new scheme can satisfy all the listed ideal security requirements and has the following merits： （1） it can resist all the attacks listed in introduction; （2） less storage memory requirement due to no verification table stored in server; （3） low computational cost due to hash functions based operations; （4） even if the smart card is lost, the new system is still secure; （5） As user identity is anonymous, this scheme is more practical. The new proposed scheme can be applied in source constraint networks.     

An Improved Identity-Based Society Oriented Signature Scheme with Anonymous Signers

In this paper, we present an improved identity-based society oriented signature scheme with anonymous signers, which satisfies： （1） when members leave or join an organization, the public verification key and the signature verification procedure are unchanged; （2） a user participates in several organizations at the same time, her secret key is only related with her identity. However, no previous schemes have these two properties.     

An Efficient and Secure Multi-Secret Sharing Scheme with General Access Structures

A multiple secret sharing scheme can share a group of secrets in each sharing session, which is very useful especially in sharing large secrets. However, most of the existing multiple secret sharing schemes are （t, n） threshold schemes, so they are fit for only threshold applications and unfit for the applications of general access structures. Due to the fact that a （t, n） threshold scheme could only handle a small fraction of the secret sharing idea, a novel multi-secret sharing scheme is proposed, which is designed based on general access structures. The security of this scheme is the same as that of Shamir＇s threshold secret sharing scheme. Compared with the existing multiple secret sharing schemes, the proposed scheme can provide greater capabilities for many applications because it is able to deal with applications of general access structures.     

A niche-based evolutionary Tabu search algorithm for optimal coordination of protection relays in power networks

In this paper, refusal of operation and the degree of constraint violation are considered as one part of the objective function for optimizing the protection relay setting coordination of over current relays in power systems; a new expression of objective function in this optimization problem is proposed. To combine the advantages of both Tabu search (TS) and evolutionary algorithms (EAs), a new niche-based evolutionary Tabu search algorithm (named NETS) is presented to solve this optimization problem. Moreover, in two cases of power networks, comparisons between NETS and two published algorithms are given. Experimental results show the expression of the objective function for protection relay setting is feasible and reasonable, and the proposed algorithm NETS exhibits a good performance. Biography: YUAN Rongxiang (1965–), male, Professor, Ph. D., research direction: safety and stability in distributed power networks, relay protection, information and intelligent of power system.     

Escrow-Free Certificate-Based Authenticated Key Agreement Protocol from Pairings

Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement （CB-AK） protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart＇s protocol.     

A New ID-Based Proxy Multi-Signature Scheme from Bilinear Pairings

ID-based public key cryptosystem can be a good alternative for certifieate-based public key setting. This paper provides an efficient ID-based proxy multi signature scheme from pairings. In the random oracle model, we prove that our new scheme is secure against existential delegation forgery with the assumption that Hess＇s scheme-1 is existential unforgeable, and that our new scheme is secure against existential proxy multi-signature forgery under the hardness assumption of the computational Diffie-Hellman problem.     

Building Intrusion Tolerant Software System

In this paper, we describe and analyze the hypothesis about intrusion tolerance software system, so that it can provide an intended server capability and deal with the impacts caused by the intruder exploiting the inherent security vulnerabilities. We present some intrusion tolerance technology by exploiting N-version module threshold method in con-structing multilevel secure software architecture, by detecting with hash value, by placing an ““““““““antigen““““““““ word next to the return address on the stack that is similar to human immune system, and by adding ““““““““Honey code““““““““ nonfunctional code to disturb intruder, so that the security and the availability of the software system are ensured.     

A new efficient blind signcryption

In a blind signcryption, besides the functions of digital signature and encryption algorithm for authentication and confidentiality, a user can delegates another user＇s capability with the anonymity of the participants guaranteed. Some blind signcryptions were proposed but without a blind signcryption with public public verifiability. In this paper, verifiability that is proved to be efficient and secure is proposed. Through the security analysis, we proved that the scheme can offer confidentiality, integrity, unforgeability, non-repudiation and public verifiability. The coming research direction is also summarized.