An identity-based encryption scheme with compact ciphertexts

This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).     

基于Pairing抗选择密文攻击的新门限密码体制

为提高Baek-Zheng方案的解密效率,用逆运算代替Baek-Zheng方案中所用的点乘运算设计验证过程.由于验证过程只需1次Pairing操作,故在保持Baek-Zheng方案的加密速度以及密文和解密碎片的长度的前提下,新方案将每个门限解密参与者的效率提高了近1倍.新方案在O rac le D iffie-Hellm an假设下被证明可以抗选择密文攻击.     

Fully secure revocable attribute-based encryption

Distributed information systems require complex access control which depends upon attributes of protected data and access policies. Traditionally, to enforce the access control, a file server is used to store all data and act as a reference to check the user. Apparently, the drawback of this system is that the security is based on the file server and the data are stored in plaintext. Attribute-based encryption (ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism, even though the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example paying TV. More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters. And few of previous ABE constructions realize revocation of the users’ key. This paper presents an ABE scheme that supports revocation and has full security in adaptive model. We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.     

基于身份的电子政务网上申报安全体系

针对目前电子政务中项目管理的新需求,采用基于身份的密码体制和椭圆曲线加密算法,提出了一种安全高效的电子政务网上申报体系模型.该模型以基于身份的密码体制为基础,从而避免了基于传统PKI的认证框架的多种弊端,实现了基于互联网的网上申报和敏感政务信息交互.同时分析了该方案的安全性和执行效率,分析表明该方案是安全且高效的.     

Strong key-insulated signature in the standard model

The only known construction of key-insulated signature (KIS) that can be proven secure in the standard model is based on the approach of using double signing. That is, the scheme requires two signatures: a signature with a master key and a signature with the signer’s secret key. This folklore construction method leads to an inefficient scheme. Therefore it is desirable to devise an efficient KIS scheme. We present the first scheme with such a construction. Our construction derives from some variations of the Waters’ signature scheme. It is computationally efficient and the signatures are short. The scheme is provably secure based on the difficulty of computational Diffie-Hellman (CDH) problem in the standard model.     

Chosen ciphertext secure identity-based broadcast encryption in the standard model

To give concurrent consideration both the efficiency and the security (intensity of intractable problem) in the standard model, a chosen ciphertext secure identity-based broadcast encryption is proposed. Against the chosen ciphertext security model, by using identity (ID) sequence and adding additional information in ciphertext, the self-adaptive chosen identity security (the full security) and the chosen ciphertext security are gained simultaneously. The reduction of scheme’s security is the decisional bilinear Diffie-Hellman (BDH) intractable assumption, and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption. So the security level is improved, and it is suitable for higher security environment.     

A Secure Session Key Distribution Scheme for Group Communications

Introduction Inrecentyears,groupcommunicationshave becomethefocusofresearchandapplicationsde-velopment[1-4].Usingminimumresources,wecan employbroadcasttechniquescanbeemployedto transmitdatatoallngroupmemberssimultane-ously.Themajorsecuritychallengeforgroupcom-municationistoprovideefficientmethodsforcon-trollingauthorizedaccess.Anefficientmethodoflimitingaccessto broadcastmessagesisthroughasymmetricencryp-tion.Asymmetricencryptionusestransposition andsubstitutionskillstoprocesstheoriginalmes-s…     

New constructions of dynamic threshold cryptosystem

This study deals with the dynamic property of threshold cryptosystem. A dynamic threshold cryptosystem allows the sender to choose the authorized decryption group and the threshold value for each message dynamically. We first introduce an identity based dynamic threshold cryptosystem, and then use the Canetti- Halevi-Katz （CHK） transformation to transform it into a fully secure system in the traditional public key setting. Finally, the elegant dual system encryption technique is applied to constructing a fully secure dynamic threshold cryptosystem with adaptive security.     

Identity-based verifiably committed signature scheme without random oracles

An identity-based verifiably committed signature scheme （IB-VCS） was proposed, which is proved secure in the standard model （i.e., without random oracles）. It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman （CDH） problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt＇s identity based signature （IBS） scheme is secure, which is proven true based on the CDH assumption in the standard model.     

The gap between intractable problem and adaptive chosen ciphertext security

To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security are studied. This paper points out that the construction of IND-CCA2 secure schemes is essentially to bridge these gaps. These gaps are categorized, analyzed and measured. Finally the methods to bridge these gaps are described. This explains the existing design approaches and gives an intuition about the difficulty of designing IND-CCA2 secure public key encryption schemes based on different types of assumptions.     

A Provably Secure Asynchronous Proactive RSA Scheme

The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols： initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.     

An Efficient Provable Secure ID-Based Proxy Signature Scheme Based on CDH Assumption

IntroductionMambo, et al.[1]first introduced the conceptof proxy signature. In their scheme, an originalsigner delegates his signing right to a proxy signerin such a way that the proxy signer can sign anymessage on behalf of the original signer and theverifier can verify and distinguish proxy signaturefrom original signature. Proxy signature is of greatuse in such a case that a manager needs to autho-rize his secretary to sign documents on behalf ofhimself before his leaving for a vacation. Du…     

Identity-based broadcast encryption with shorter transmissions

This paper describes two identity-based broadcast encryption(IBBE) schemes for mobile ad hoc networks.The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)-size ciphertexts.Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network.Finally, the proposed schemes are provable security under the decision generalized bilinear Di?-Hellman(GBDH) assumption in the random oracles model.     

Distributed certificateless key encapsulation mechanism secure against the adaptive adversary

This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.     

Provably Secure Short Proxy Signature Scheme from Bilinear Maps

An enhanced formal model of security for proxy signature schemes is presented and a provably secure short proxy signature scheme is proposed from bilinear maps. The proposed proxy signature scheme is based on two short secure signature schemes. One is used for delegating the signing rights and computing the standard signature; the other is used for computing proxy signature. Finally, a security proof of the proposed proxy signature scheme is showed by reducing tightly the security of the proposed proxy signature scheme to the security of the two basic signature schemes. The proposed proxy signature scheme has the shortest ordinary signatures and proxy signatures. Moreover, the proxy signature generation needs no pairing operation and verification needs just two pairing operation.     

GSM-R系统的安全策略研究与改进

由于网络结构与用户终端移动性本身的制约,GSM-R本身存在着一些网络安全隐患,本文旨在提出GSM-R系统安全策略的改进方案.文章结合GSM-R系统在铁路上的应用,简要阐述了现有GSM-R系统所采用的安全机制和存在的安全缺陷.针对GSM-R系统采用的单向认证和信息加密的局部性两个方面分别提出了相应的改进方案,即系统的双向认证和端到端加密,并详细描述了认证过程和加密过程.     

基于CKKS加密方案的区块链集成风险评价模型

针对区块链平台中存在的多方数据交互不可信以及隐私数据易泄露等问题，基于CKKS (Cheon-KimKim-Song）全同态加密方案，提出了一种集成风险评价模型，把同态加密算法应用到风险评价中，将多种评价模型与同态加密结合起来.首先，利用三角模糊综合评价方法确定各评价指标的权重，通过多种评价方法处理分布式数据库中的样本数据，获得相关节点对同一交易事件的风险评价结果；其次，利用公钥对评价结果进行加密并进行同态运算，获得密文综合评价结果，以避免风险评价过程中的数据泄露；再次，利用私钥对评价结果进行解码，获得明文综合评价结果；最后，选取5 000个中欧班列企业的样本数据作为案例，利用决策树模型、Adaboost模型、Bagging模型、ExtraTree极端随机数模型、GBDT (gradient boosting regression trees）模型、KNN(K-nearest neighbor）模型、随机森林模型、SVM (support vector machine）模型等最为常见的评价模型进行风险评价，并将经CKKS方案加密后的综合评价结果与明文直接计算的综合评价结果和经BFV (...     

An Efficient Forward Secure Signature Scheme

Introduction Exposureofsecretkeysthreatensthesecurity ofadigitalsignaturegreatly.Totacklethisprob-lem,severaldifferentmethodshavebeenpro-posed,includingsecretsharing[1],thresholdsigna-ture[2],andproactivesignature[3].Thesemethods,however,needcooperativeandinteractivecompu-tationsinmultiplesevers,whicharequitecostly.Forwardsecuresignatureschemecanreducethe damageofkeyexposurewithoutcooperativeand interactivecomputations.Intheparadigmoffor-wardsecuresignature,thewholelifetimeofsigna-tureisdivid…     

On constructing certificateless proxy signature from certificateless signature

In proxy signature schemes, an original signer A delegates its signing capability to a proxy signer B, in such a way that B can sign message on behalf of A.The recipient of the final message verifies at the same time that B computes the signature and that A has delegated its signing capability to B.Recently many identity-based(ID-based) proxy signature schemes have been proposed, however, the problem of key escrow is inherent in this setting.Certificateless cryptography can overcome the key escrow problem.In this paper, we present a general security model for certificateless proxy signature scheme.Then, we give a method to construct a secure certificateless proxy scheme from a secure certificateless signature scheme, and prove that the security of the construction can be reduced to the security of the original certificateless signature scheme.     

一种基于网络安全的复合加密算法的研究

加密技术是保护网络安全的主要手段之一.在传统的DES RSA复合加密算法中,DES不仅存在着弱密钥和半弱密钥,而且在代数结构上存在着互补对称性,在一定程度上降低了破解密文的难度.文中提出一种新的复合加密算法TRA,在提高加密强度的前提下,解决以上问题.描述了TRA的模型和加密过程,并通过相关数据对该算法进行测试,分析了该算法的正确性、复杂度、安全性和效率等,并与传统的复合加密算法进行比较.