A Practical SSL Server Performance Improvement Algorithm Based on Batch RSA Decryption

The secure socket layer/ transport layer security（SSL/TLS） handshake protocol uses public key cryptographic algorithms such as RSA for key establishment. Typically, public key cryptographic algorithm is computational intensive due to the modular multiplications. Therefore, SSL/TLS servers often become swamped while performing public key decryptions when the simultaneous requests increase quickly. A batch RSA decryption algorithm was proposed. The novel algorithm provides the reasonable response time and optimizes server performance significantly. The decryption speedup is proportional to the batch size b, for instance, the speedup factor is 4, while in Shacham＇s scheme the acceleration rate is only 2.5 when b = 4.     

On constructing certificateless proxy signature from certificateless signature

In proxy signature schemes, an original signer A delegates its signing capability to a proxy signer B, in such a way that B can sign message on behalf of A.The recipient of the final message verifies at the same time that B computes the signature and that A has delegated its signing capability to B.Recently many identity-based(ID-based) proxy signature schemes have been proposed, however, the problem of key escrow is inherent in this setting.Certificateless cryptography can overcome the key escrow problem.In this paper, we present a general security model for certificateless proxy signature scheme.Then, we give a method to construct a secure certificateless proxy scheme from a secure certificateless signature scheme, and prove that the security of the construction can be reduced to the security of the original certificateless signature scheme.     

Strong key-insulated signature in the standard model

The only known construction of key-insulated signature (KIS) that can be proven secure in the standard model is based on the approach of using double signing. That is, the scheme requires two signatures: a signature with a master key and a signature with the signer’s secret key. This folklore construction method leads to an inefficient scheme. Therefore it is desirable to devise an efficient KIS scheme. We present the first scheme with such a construction. Our construction derives from some variations of the Waters’ signature scheme. It is computationally efficient and the signatures are short. The scheme is provably secure based on the difficulty of computational Diffie-Hellman (CDH) problem in the standard model.     

Threshold signature scheme with threshold verification based on multivariate linear polynomial

Secret sharing schemes are multi-party protocols related to key establishment. They also facilitate distributed trust or shared control for critical activities (e.g., signing corporate cheques and opening bank vaults), by gating the critical action on cooperation from t(t ∈ Z ⁺) of n(n ∈ Z ⁺) users. A (t, n) threshold scheme (t < n) is a method by which a trusted party computes secret shares Γ _i (1 ⩽ i ⩽ n) from an initial secret Γ ₀ and securely distributes Γ _i to user. Any t or more users who pool their shares may easily recover Γ ₀, but any group knowing only t−1 or fewer shares may not. By the ElGamal public key cryptophytes and the Schnorr’s signature scheme, this paper proposes a new (t, n) threshold signature scheme with (k,m) (k,m ∈ Z ⁺) threshold verification based on the multivariate linear polynomial.     

一种高效的基于身份的代理盲签名方案

在代理签名中,原始签名人能将数字签名的权力委托给代理签名人;而在盲签名方案中,签名者不能看到被签消息的内容。签名被接受者得到后,签名者不能追踪签名,结合代理签名与盲签名的优点,利用基于椭圆曲线上的Weil配对（WeilPair—ing）的双线性映射,构造了一个高效的基于身份的代理盲签名方案．分析表明,该方案不仅满足代理盲签名所要求的所有性质,而且其效率也优于已有同类方案．     

Efficient Dynamic Threshold Group Signature Scheme Based on Elliptic Curve Cryptosystem

The short secret key characteristic of elliptic curve cryptosystem （ECC） are integrated with the （ t, n ） threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang＇s conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.     

An Efficient Provable Secure ID-Based Proxy Signature Scheme Based on CDH Assumption

IntroductionMambo, et al.[1]first introduced the conceptof proxy signature. In their scheme, an originalsigner delegates his signing right to a proxy signerin such a way that the proxy signer can sign anymessage on behalf of the original signer and theverifier can verify and distinguish proxy signaturefrom original signature. Proxy signature is of greatuse in such a case that a manager needs to autho-rize his secretary to sign documents on behalf ofhimself before his leaving for a vacation. Du…     

Constrained Run-to-Run Optimization for Batch Process Based on Support Vector Regression Model

Introduction Batch and semi-batch processes are very im-portant in the fine chemicals industry to manufac-ture the low-volume and high-value products suchas biochemicals, crystals and speciality chemicals.In the control of batch process, the major objectiveis to improve the end-of-batch product properties.When the control objective is to optimize a perfor-mance index at the end of batch cycle, the problemis called the end-point optimization problem. Tosolve the problem,the traditional approach…     

An Efficient Forward Secure Signature Scheme

Introduction Exposureofsecretkeysthreatensthesecurity ofadigitalsignaturegreatly.Totacklethisprob-lem,severaldifferentmethodshavebeenpro-posed,includingsecretsharing[1],thresholdsigna-ture[2],andproactivesignature[3].Thesemethods,however,needcooperativeandinteractivecompu-tationsinmultiplesevers,whicharequitecostly.Forwardsecuresignatureschemecanreducethe damageofkeyexposurewithoutcooperativeand interactivecomputations.Intheparadigmoffor-wardsecuresignature,thewholelifetimeofsigna-tureisdivid…     

Code-aided interference suppression in direct sequence spread spectrum systems with eigenvector sign spreading code

For direct sequence spread spectrum (DSSS) communication systems suffering interference, it is known that code-aided interference suppression technique outperforms all of the previous linear or nonlinear methods. In this paper, we proposed an improved code-aided technique which can improve the system performance greatly by using the eigenvector sign (EVS) spreading sequence which depends on the statistical characteristics of the interference and the thermal noise. Foundation item: the National Natural Science Foundation of China (No. 60772100)     

Wavelength reservation scheme with switch fabric status in distributed mesh optical networks

A new wavelength reservation scheme is proposed to mitigate the connection setup time and minimize the reconfiguration times of optical cross-connects (OXCs) for WDM optical networks in this study. In this scheme, we consider the reconfiguration information of switch fabrics in the signaling protocol, which is designated as the signaling with switch fabric status (SWFS). Distributed reservation algorithms will reserve the wavelength with minimum of reconfiguration times of OXCs along the route. Simulation results indicate that the proposed schemes with switch fabrics status have shorter setup time, lower switching ratio as well as better blocking performance than those of the traditional classic schemes. Moreover, the proposed schemes with SWFS significantly reduce the number of switch fabrics that need to be reconfigured. Foundation item: the National Natural Science Foundation of China (Nos. 60632010 and 60572029) and the National High Technology Research and Development Program (863) of China (No. 2006AA01Z251)     

DESIGN OF A DIGITAL SIGNATURE SCHEME BASED ON FACTORING AND DISCRETE LOGARITHMS

Objective Focusing on the security problem of authentication and confidentiality in the context of computer networks, a digital signature scheme was proposed based on the public key cryptosystem. Methods Firstly,the course of digital signature based on the public key cryptosystem was given. Then, RSA and ELGamal schemes were described respectively. They were the basis of the proposed scheme. Generalized ELGamal type signature schemes were listed. After comparing with each other, one scheme, whose Signature equation was (m r)x=j s modФ(p) , was adopted in the designing. Results Based on two well-known cryptographic assumptions, the factorization and the discrete logarithms, a digital signature scheme was presented. It must be required that s“ was not equal to p‘q“ in the signing procedure, because attackers could forge the signatures with high probabilities if the discrete logarithms modulo a large prime were solvable. The variable public key “e“ is used instead of the invariable parameter “3“ in Ham‘s signature scheme to enhance the security. One generalized ELGamal type scheme made the proposed scheme escape one multiplicative inverse operation in the signing procedure and one modular exponentiation in the verification procedure.Conclusion The presented scheme obtains the security that Harn‘s scheme was originally claimed. It is secure if the factorization and the discrete logarithms are simultaneously unsolvable.     

A simulation study of service differentiation for the bandwidth request scheme in fixed IEEE 802.16 network

Various flexible mechanisms related to quality of service (QoS) provisioning have been specified for uplink traffic at the medium access control (MAC) layer in the IEEE 802.16 standards. Among the mechanisms, contention based bandwidth request scheme can be used to indicate bandwidth demands to the base station for the non-real-time polling and best-effort services. These two services are used for most applications with unknown traffic characteristics. Due to the diverse QoS requirements of those applications, service differentiation (SD) is anticipated over the contention based bandwidth request scheme. In this paper we investigate the SD with the bandwidth request scheme by means of assigning different channel access parameters and bandwidth allocation priorities at different packets arrival probability. The effectiveness of the differentiation schemes is evaluated by simulations. It is observed that the initial backoff window can be efficient in SD, and if combined with the bandwidth allocation priority, the SD performances will be better. Foundation item: the National Basic Research Program (973) of China (No. 2005C13321804)     

On-line Batch Process Monitoring and Diagnosing Based on Fisher Discriminant Analysis

Introduction Nowadays, it has been paying more attentionto the batch or semi-batch process which producedthe high added value and high quality products inchemical industry, such as polymer, pharmaceuti-cal and semiconductor industry.The aim of the batch process monitoring is tokeep the product quality uniform and consistentunder batch-to-batch process and meet specifica-tion limits. The direct approach is to monitor cru-cial product quality variables in batch process.However, quality variables…     

Reputation-based collaborative spectrum sensing scheme in cognitive radio networks

Collaborative spectrum sensing is proposed to improve the detection performance in cognitive radio (CR) networks. However, most of the current collaborative sensing schemes are vulnerable to the interference of the malicious secondary users (SUs). In this paper we propose a reputation-based collaborative spectrum sensing scheme to improve the security of cooperative sensing by mitigating the impacts of misbehaviors. The fusion center calculates the reputation rating of each SU according to their history reports to weight their sensing results in the proposed scheme. We analyze and evaluate the performance of the proposed scheme and its advantages over previous schemes in expansibility and integrity. Simulation results show that the proposed scheme can minimize the harmful influence from malicious SUs.     

Provably Secure Short Proxy Signature Scheme from Bilinear Maps

An enhanced formal model of security for proxy signature schemes is presented and a provably secure short proxy signature scheme is proposed from bilinear maps. The proposed proxy signature scheme is based on two short secure signature schemes. One is used for delegating the signing rights and computing the standard signature; the other is used for computing proxy signature. Finally, a security proof of the proposed proxy signature scheme is showed by reducing tightly the security of the proposed proxy signature scheme to the security of the two basic signature schemes. The proposed proxy signature scheme has the shortest ordinary signatures and proxy signatures. Moreover, the proxy signature generation needs no pairing operation and verification needs just two pairing operation.     

基于椭圆曲线的不可否认门限代理签名方案

针对已有的门限代理签名方案不能有效地抵抗签名人协作攻击和伪造攻击,以及在某些场合实用性不强的缺点提出了改进方案.在代理签名生成阶段要求每个实际签名人提供自己的私钥信息,在形成的代理签名中不仅包含每个代理签名人的秘密信息,还包含了每个实际签名人的秘密信息,从而能有效抵抗协作攻击和伪造攻击.另外,用椭圆曲线密码机制替换了已有的方案中用的ElGamal离散对数密钥机制,使系统效率更高.     

Filling the gap between voters and cryptography in e-voting

Cryptography is an important tool in the design and implementation of e-voting schemes since it can provide verifiability, which is not provided in the traditional voting. But in the real life, most voters can neither understand the profound theory of cryptography nor perform the complicated cryptographic computation. An e-voting system is presented in this paper to leverage the use of cryptography. It combines the advantages of voting scheme of Moran-Naor and voting scheme based on homomorphic encryption. It makes use of the cryptographic technique, but it hides the details of cryptographic computation from voters. Compared with voting scheme of Moran-Naor, the new system has three advantages: the ballots can be recovered when the voting machine breaks down, the costly cut-and-choose zero-knowledge proofs for shuffling votes made by the voting machine are avoided and the partial tally result in each voting machine can be kept secret. Foundation item: the National Natural Science Foundation of China (No. 60673076) and the National High Technology Research and Development Program (863) of China (No. 2008AA01Z403)     

海空协同的远海岛礁战储物资供给优化模型与算法

针对远海岛礁战储物资的战时供给问题，利用海空协同运输的优势，以系统总时间最短、 物资保障成本最低为目标，构建两阶段优化模型(2E-MLRP)，并利用解的结构特征改进拥挤度比较算子和精英保留策略，形成有针对性的改进遗传算法。算例分析结果表明：利用本文所建模型及算法求解得到的最优方案符合“性价比”的要求；相对于全海运模型，海空协同的系统总时间降低53.15%，而成本增幅仅为22.27%，且第一批物资送达时间也减少2.95 d。算法对比结果显示： 改进后算法得到的SP指标值与MSP指标值均优于传统遗传算法，可知改进后算法求得的Pareto 解集具有更好的分布性。本文运输方案与其他方案相比，成本大幅降低，运送时长增幅较小，可保证运输装备的高效利用，且单个航线内待补给岛数量合理，可满足战储物资运送的要求，为战时远海岛礁战储物资供给方案的制定提供参考。     

TCP Upload and Download Fairness over IEEE 802.11 Wired-cum-Wireless Heterogeneous Networks

IntroductionThe interaction between wireless and wired net-works is becoming important with the growth ofdeployment of wireless networks. Gopal andRaychaudhuri[1]investigated the TCP simultaneous-send problem in infrastructure mode 802.11 wirelesslocal ar…