An identity-based encryption scheme with compact ciphertexts

This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).     

Can the Polynomial Based Key Predistribution Scheme Be Used Many Times in One Wireless Sensor Network Key Establishment Protocol？

Key establishment is the basic step for the wireless sensor network (WSN) security. The polynomial based key predistribution scheme of Blom and Blundo et al. has been the basic ingredient for the key establishment for WSNs. It is tempting to use many random and different instances of polynomial based key predistribution scheme for various parts of the WSN to enhance the efficiency of WSN key establishment protocols. This paper indicates that it is not secured in general to use many instances of Blom-Blundo et al. polynomial based key predistribution scheme in a WSN key establishment protocol. Thus the previously constructed group-based type WSN key predistribution schemes using polynomial based key predistribution scheme are insecure. We propose new generalized Blom-Blundo et al. key predistribution schemes. These new generalized Blom-Blundo et al. key predistribution schemes can be used many times in one WSN key establishment protocol with only a small increase of cost. The application to group-based WSN key predistribution schemes is given.     

Strong key-insulated signature in the standard model

The only known construction of key-insulated signature (KIS) that can be proven secure in the standard model is based on the approach of using double signing. That is, the scheme requires two signatures: a signature with a master key and a signature with the signer’s secret key. This folklore construction method leads to an inefficient scheme. Therefore it is desirable to devise an efficient KIS scheme. We present the first scheme with such a construction. Our construction derives from some variations of the Waters’ signature scheme. It is computationally efficient and the signatures are short. The scheme is provably secure based on the difficulty of computational Diffie-Hellman (CDH) problem in the standard model.     

广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。     

Robust password and smart card based authentication scheme with smart card revocation

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee＇s sctleme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.     

具有可追查性的抗合谋攻击(t,n)门限签名方案

在分析王斌和李建华的无可信中心门限签名方案(王-李方案)以及X ie-Yu改进方案安全缺陷的基础上,提出了一种新的具有可追查性的抗合谋攻击(t,n)门限签名方案;对新方案的安全性进行了分析,并与现有方案的效率进行了比较.结果表明:该方案不仅能够从根本上抵抗合谋攻击和伪造签名攻击,而且在保证匿名性的前提下,能够真正实现签名成员身份的可追查性,同时通过构造安全的分布式密钥生成协议保证群私钥的不可知性,因此比现有方案具有更高的安全性.此外,新方案的计算量和通信量与王-李方案接近,但优于X ie-Yu方案.     

铁路旅客列车开行方案问题的探讨

市场经济条件下,如何合理优化旅客列车开行方案以满足不同旅客的需求成为一个关键问题。现从优化旅客列车开行方案出发,着重阐述了一种新的运量预测方法以及制订列车开行方案时应注意的一些原则。     

无线传感器网络密钥管理方案研究

从无线传感器网络的安全分析人手,在分类描述无线传感器网络密钥管理方案并分析其优缺点的基础上,结合树型密钥管理结构,提出了一种新的分簇式密钥管理方案,因不同的消息类型有不同的安全需求,该方案建立了4种通信密钥类型：个体密钥,点对密钥,簇密钥和组密钥．其中点对密钥的建立采用了基于临时认证密钥的方法,加强了对节点的身份认证功能,提高了方案的安全性．     

水上箱梁吊装方案的监理审核依据及要点

结合工程实际,从监理审核的要点出发,较为详细地阐述对钢箱梁吊装方案监理审核的依据,可供监理同行审核类似方案或施工单位编制方案时参考.     

Certificateless strong key-insulated signature without random oracles

It is important to ensure the private key secure in cryptosystem. To reduce the underlying danger caused by the private key leakage, Dodis et al. (2003) introduced the notion of key-insulated security. To handle the private key leakage problems in certificateless signature schemes, we propose a new certificateless strong key-insulated signature scheme. Our scheme has two desirable properties. First, its security can be proved without utilizing the random oracle model. Second, it solves the key escrow problems in identity-based key-insulated signatures (IBKISs).     

基于VISSIM仿真的平面交叉口信号配时方案比选分析

信号交叉口是城市路网的节点和交通关键,它的配时方法对缓解交通拥挤起到决定作用。首先介绍国内外信号配时模型,在对哈尔滨实际交叉El交通调查的基础上,运用4种模型进行配时方案设计,应用VISSIM软件进行仿真分析,得出美国HCM配时方法是最优配时模型。     

廊坊至涿州高速公路标线及护栏设计的技术要点

通过项目的标线及护栏设计实践,阐述标线及护栏设计的技术要点,结果证明,项目提出的设计方案是成功之举,值得同行借鉴。     

对两种代理盲签名体制的密码学分析

代理盲签名结合了代理签名与盲签名的优点，而多级代理签名实现了签名权利在许可范围内逐级向下代理的要求。利用椭圆曲线上的双线性对，陈玲玲等人提出了一种基于身份的代理盲签名方案，胡江红等人提出了一种基于身份的多级强代理盲签名方案。给出了这两个方案的密码学分析，指出在陈玲玲等人的方案中，代理签名人可以利用授权证书计算得到原始签名人的私钥，从而可直接伪造原始签名人的签名或授权，同时指出所提的两个方案也无法满足不可追踪性．代理签名人可以将自己在签名协议中的签名和签名的消息联系起来从而跟踪消息的拥有者，从而证明了这两个方案是不安全的。     

An Efficient Forward Secure Signature Scheme

Introduction Exposureofsecretkeysthreatensthesecurity ofadigitalsignaturegreatly.Totacklethisprob-lem,severaldifferentmethodshavebeenpro-posed,includingsecretsharing[1],thresholdsigna-ture[2],andproactivesignature[3].Thesemethods,however,needcooperativeandinteractivecompu-tationsinmultiplesevers,whicharequitecostly.Forwardsecuresignatureschemecanreducethe damageofkeyexposurewithoutcooperativeand interactivecomputations.Intheparadigmoffor-wardsecuresignature,thewholelifetimeofsigna-tureisdivid…     

DESIGN OF A DIGITAL SIGNATURE SCHEME BASED ON FACTORING AND DISCRETE LOGARITHMS

Objective Focusing on the security problem of authentication and confidentiality in the context of computer networks, a digital signature scheme was proposed based on the public key cryptosystem. Methods Firstly,the course of digital signature based on the public key cryptosystem was given. Then, RSA and ELGamal schemes were described respectively. They were the basis of the proposed scheme. Generalized ELGamal type signature schemes were listed. After comparing with each other, one scheme, whose Signature equation was (m r)x=j s modФ(p) , was adopted in the designing. Results Based on two well-known cryptographic assumptions, the factorization and the discrete logarithms, a digital signature scheme was presented. It must be required that s“ was not equal to p‘q“ in the signing procedure, because attackers could forge the signatures with high probabilities if the discrete logarithms modulo a large prime were solvable. The variable public key “e“ is used instead of the invariable parameter “3“ in Ham‘s signature scheme to enhance the security. One generalized ELGamal type scheme made the proposed scheme escape one multiplicative inverse operation in the signing procedure and one modular exponentiation in the verification procedure.Conclusion The presented scheme obtains the security that Harn‘s scheme was originally claimed. It is secure if the factorization and the discrete logarithms are simultaneously unsolvable.     

Identity-based threshold decryption on access structure

For the applied limitation of the existing threshold decryption schemes based on the (t, n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares. The generation and distribution of private key shares, the encryption, the decryption and the combination are introduced in detail. The validity and security of the scheme are proved and analyzed. Comparisons with the existing schemes show that the proposed scheme is more flexible.     

代理签字算法在智能卡认证环境中的应用

智能卡可作为理想的密钥存储介质，但由于资源有限，在其内部做公钥运算效率较低。为解决这个问题，结合智能卡的特点，给出了一个基于代理签字算法的安全解决方案。实验表明，与其它方案相比具有高效的特点，同时又能保证卡内密钥信息的安全。     

传感器网络概率密钥预分配模型的安全弹性比较

提出了一种针对节点沦陷情况下的随机密钥预分配模型的细粒度分析方法．为3种具有代表性的密钥预分配模型：基础密钥预分配模型、q—composite随机密钥预分配模型和非平衡密钥预分配模型,在节点沦陷的情况下,提出了一种更适宜的威胁模型和安全弹性定义．本文的分析工作比以往关于密钥预分配模型的分析更为精确．     

Provably secure authenticated Diffie-Hellman key exchange for resource-limited smart card

Authenticated Diffie-Hellman key agreement is quite popular for establishing secure session keys. As resource-limited mobile devices arc becoming more popular and security threats are increasing, it is desirable to reduce computational load for these resource-limited devices while still preserving its strong security and convenience for users. In this paper, we propose a new smart-card-based user authenticated key agreement scheme which allows users to memorize passwords, reduces users＇ device computational load while still preserves its strong security. The proposed scheme effectively improves the computational load of modular exponentiations by 50%, and the security is formally proved.     

基于椭圆曲线的不可否认门限代理签名方案

针对已有的门限代理签名方案不能有效地抵抗签名人协作攻击和伪造攻击,以及在某些场合实用性不强的缺点提出了改进方案.在代理签名生成阶段要求每个实际签名人提供自己的私钥信息,在形成的代理签名中不仅包含每个代理签名人的秘密信息,还包含了每个实际签名人的秘密信息,从而能有效抵抗协作攻击和伪造攻击.另外,用椭圆曲线密码机制替换了已有的方案中用的ElGamal离散对数密钥机制,使系统效率更高.