Parallel Key-insulated Signature： Framework and Construction

To deal with the key-exposure problem in signature systems, a new framework named parallel key-insulated signature （PKIS） was introduced, and a concrete PKIS scheme was proposed. Compared with traditional key-insulated signature （KIS） schemes, the proposed PKIS scheme allows a frequent updating for temporary secret keys without increasing the risk of helper key-exposure. Moreover, the proposed PKIS scheme does not collapse even if some （not all） of the helper keys and some of the temporary secret keys are simultaneously exposed. As a result, the security of the PKIS scheme is greatly enhanced, and the damage caused by key-exposure is successfully minimized.     

Certificateless strong key-insulated signature without random oracles

It is important to ensure the private key secure in cryptosystem. To reduce the underlying danger caused by the private key leakage, Dodis et al. (2003) introduced the notion of key-insulated security. To handle the private key leakage problems in certificateless signature schemes, we propose a new certificateless strong key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved without utilizing the random oracle model. Second, it solves the key escrow problems in identity-based key-insulated signatures (IBKISs).     

Certificateless message recovery signatures providing girault’s level-3 security

A digital signature with message recovery is a signature that the message itself (or partial of the message) is not required to be transmitted together with the signature. It has the advantage of small data size of communication comparing with the traditional digital signatures. In this paper, combining both advantages of the message recovery signatures and the certificateless cryptography, we propose the first certificatelss signature scheme with message recovery. The remarkable feature of our scheme is that it can achieve Girault’s Level-3 security while the conventional certificateless signature scheme only achieves Level-2 security. The security of the scheme is rigorously proved in the random oracle model based on the hardness of the k bilinear Diffie-Hellman inverse (k-BDHI) problem.     

Identity-based key-insulated proxy signature without random oracles

In an identity based proxy signature (IBPS) scheme, a designated proxy signer can generate the signature on behalf of an original signer. Traditional IBPS schemes normally rely on the assumption that private keys are kept perfectly secure. However, due to viruses, worms or other break-ins allowed by operating-system holes, key exposure seems inevitable. To minimize the damage caused by key exposure in IBPS, we propose an identity-based key-insulated proxy signature (IBKIPS) scheme in the standard model, i.e. without random oracles.     

Efficient democratic group signatures with threshold traceability

Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t − 1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Z _q , except the PVSS output.     

Strong key-insulated signature in the standard model

The only known construction of key-insulated signature (KIS) that can be proven secure in the standard model is based on the approach of using double signing. That is, the scheme requires two signatures: a signature with a master key and a signature with the signer’s secret key. This folklore construction method leads to an inefficient scheme. Therefore it is desirable to devise an efficient KIS scheme. We present the first scheme with such a construction. Our construction derives from some variations of the Waters’ signature scheme. It is computationally efficient and the signatures are short. The scheme is provably secure based on the difficulty of computational Diffie-Hellman (CDH) problem in the standard model.     

Threshold signature scheme with threshold verification based on multivariate linear polynomial

Secret sharing schemes are multi-party protocols related to key establishment. They also facilitate distributed trust or shared control for critical activities (e.g., signing corporate cheques and opening bank vaults), by gating the critical action on cooperation from t(t ∈ Z ⁺) of n(n ∈ Z ⁺) users. A (t, n) threshold scheme (t < n) is a method by which a trusted party computes secret shares Γ _i (1 ⩽ i ⩽ n) from an initial secret Γ ₀ and securely distributes Γ _i to user. Any t or more users who pool their shares may easily recover Γ ₀, but any group knowing only t−1 or fewer shares may not. By the ElGamal public key cryptophytes and the Schnorr’s signature scheme, this paper proposes a new (t, n) threshold signature scheme with (k,m) (k,m ∈ Z ⁺) threshold verification based on the multivariate linear polynomial.     

Identity-based threshold decryption on access structure

For the applied limitation of the existing threshold decryption schemes based on the (t, n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares. The generation and distribution of private key shares, the encryption, the decryption and the combination are introduced in detail. The validity and security of the scheme are proved and analyzed. Comparisons with the existing schemes show that the proposed scheme is more flexible.     

基于椭圆曲线的具有消息恢复的数字签名方案

基于椭圆曲线离散对数问题(ECDLP)和平方剩余问题,本文提出了一种新的具备消息自动恢复特性的数字签名方案,同时对该方案进行了各种安全性分析,得出结论:该方案具有前向安全性,而且在第三方仲裁时无需泄露密钥(即具有零知识特性).     

广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。     

Directed proxy signature in the standard model

A directed signature is a type of signature with restricted verification ability. Directed signatures allow only a designated verifier to check the validity of the signature issued to him, and at the time of trouble or if necessary, any third party can verify the signature with the help of the signer or the designated verifier. Directed signature schemes are widely used in situations where the receiver’s privacy should be protected. Proxy signatures allow an entity to delegate its signing capability to another entity in such a way that the latter can sign message on behalf of the former when the former is not available. Proxy signature schemes have found numerous practical applications such as distributed systems and mobile agent applications. In this paper, we firstly define the notion of the directed proxy signature by combining the proxy signature and directed signature. Then, we formalize its security model and present a concrete scheme in the standard model. Finally, we use the techniques from provable security to show that the proposed scheme is unforgeable under the gap Diffie-Hellman assumption, and invisible under the decisional Diffie-Hellman assumption.     

Fully secure revocable attribute-based encryption

Distributed information systems require complex access control which depends upon attributes of protected data and access policies. Traditionally, to enforce the access control, a file server is used to store all data and act as a reference to check the user. Apparently, the drawback of this system is that the security is based on the file server and the data are stored in plaintext. Attribute-based encryption (ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism, even though the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example paying TV. More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters. And few of previous ABE constructions realize revocation of the users’ key. This paper presents an ABE scheme that supports revocation and has full security in adaptive model. We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.     

Improved ID-Based Signature Scheme Solving Key Escrow

Introduction Inatraditionalpublickeycryptosystem(PKC),theassociationbetweenauser'sidentity andhispublickeyisobtainedthroughadigitalcer-tificateissuedbyacertificationauthority(CA).TheCAchecksthecredentialsofauserbeforeis-suingacertificatetohim.Tosimplifythecertifi-catemanagementprocess,Shamir[1]introducedthe conceptofID-basedcryptosystemin1984,which allowedforauser'sidentityinformationsuchas hisname,IPaddress,telephonenumber,email address,etc.toserveashispublickey.Sucha publickeyisclearlyb…     

无线传感器网络密钥管理方案研究

从无线传感器网络的安全分析人手,在分类描述无线传感器网络密钥管理方案并分析其优缺点的基础上,结合树型密钥管理结构,提出了一种新的分簇式密钥管理方案,因不同的消息类型有不同的安全需求,该方案建立了4种通信密钥类型：个体密钥,点对密钥,簇密钥和组密钥．其中点对密钥的建立采用了基于临时认证密钥的方法,加强了对节点的身份认证功能,提高了方案的安全性．     

Provably Secure Short Proxy Signature Scheme from Bilinear Maps

An enhanced formal model of security for proxy signature schemes is presented and a provably secure short proxy signature scheme is proposed from bilinear maps. The proposed proxy signature scheme is based on two short secure signature schemes. One is used for delegating the signing rights and computing the standard signature; the other is used for computing proxy signature. Finally, a security proof of the proposed proxy signature scheme is showed by reducing tightly the security of the proposed proxy signature scheme to the security of the two basic signature schemes. The proposed proxy signature scheme has the shortest ordinary signatures and proxy signatures. Moreover, the proxy signature generation needs no pairing operation and verification needs just two pairing operation.     

Provably secure authenticated Diffie-Hellman key exchange for resource-limited smart card

Authenticated Diffie-Hellman key agreement is quite popular for establishing secure session keys. As resource-limited mobile devices arc becoming more popular and security threats are increasing, it is desirable to reduce computational load for these resource-limited devices while still preserving its strong security and convenience for users. In this paper, we propose a new smart-card-based user authenticated key agreement scheme which allows users to memorize passwords, reduces users＇ device computational load while still preserves its strong security. The proposed scheme effectively improves the computational load of modular exponentiations by 50%, and the security is formally proved.     

Identity-based broadcast encryption with shorter transmissions

This paper describes two identity-based broadcast encryption(IBBE) schemes for mobile ad hoc networks.The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)-size ciphertexts.Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network.Finally, the proposed schemes are provable security under the decision generalized bilinear Di?-Hellman(GBDH) assumption in the random oracles model.     

Identity-based verifiably committed signature scheme without random oracles

An identity-based verifiably committed signature scheme （IB-VCS） was proposed, which is proved secure in the standard model （i.e., without random oracles）. It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman （CDH） problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt＇s identity based signature （IBS） scheme is secure, which is proven true based on the CDH assumption in the standard model.     

ID-based Key-insulated Authenticated Key Agreement Protocol

The basic idea behind an ID-based cryptosystem is that end user's public key can be determined by his identity information.Comparing with the traditional certificate-based cryptography,identity-based cryptography can eliminate much of the overhead associated with the deployment and management of certificate.However,exposure of private keys can be the most devastating attack on a public key based cryptosystem since such that all security guarantees are lost.In this paper,an ID-based authenticated key agreement protocol was presented.For solving the problem of key exposure of the basic scheme,the technique of key insulation was applied and a key insulated version is developed.     

Codes From Strongly Regular （α,β）-reguli

Strongly regular (α, β)-reguli are a class of incidence structures with given conditions which were introduced by Hamilton and Mathon. We introduce two classes of codes constructed from strongly regular (α, β)-reguli within PG(k − 1, q). The codes are related with two-weight codes intimately. Foundation item: the Scientific Research Start-up Foundation of Qingdao University of Science and Technology in China (No. 0022327)