一个单方加密-多方解密的公钥加密方案

以Shamir的门限秘密共享方案和对称密码算法为基础,基于椭圆曲线上的双线性变换提出了一个具有多个解密者的单方加密-多方解密公钥加密方案.在该方案中,消息发送者具有一个唯一的加密密钥,而每个消息接收者都具有不同的解密密钥.使用加密密钥所加密的密文可以被任意解密密钥所解密,得到同样的明文信息.分析发现,该加密方案不仅安全有效,同时,它还具备前向保密性,即使加密者的主密钥泄露,也不会影响之前加密信息的安全性.文中方案具有非常重要的应用价值,尤其可以用来实现安全广播/组播和会议密钥的安全分发.     

入侵弹性的电子货币系统

基于入侵弹性的密码进化方案构造了一个入侵弹性的电子货币系统。在该系统中,银行公钥保持不变,在每个时间段内可多次随机的刷新密钥,使密钥泄漏带来的危害达到最小,且为货币赋予生命周期,从而降低重复花费检测与存储的代价。     

基于证书的抗泄露的安全加密方案

近期实践表明密码系统容易受到各种攻击而泄漏密钥等相关秘密信息, 泄漏的秘密信息破坏了以前的已证明安全的方案, 因此设计抗泄漏的密码学方案是当前密码研究领域的一个热点研究方向。设计一个基于证书的加密方案, 总的设计思想是使用一个基于证书的哈希证明系统, 这个证明系统包含一个密钥封装算法, 用这个密钥封装算法结合一个提取器去加密一个对称加密所用的密钥, 那么得到的加密方案就是可以抵抗熵泄漏并且是安全的。对方案的安全性分析和抗泄漏性能分析, 表明本方案在抵抗一定量的密钥泄漏和熵泄漏时可以保持安全性。     

基于密码隔离的信息泄漏防御方案

针对传统访问控制模型受限于访问控制策略的高效性和完整性问题,提出一种基于密码隔离的信息泄漏防御方案,方案包含一个信息泄漏防御模型和一个密钥分配方案.信息泄漏防御模型基于密码学原理,克服了逻辑隔离易被旁路的脆弱性,通过引入安全通道部件,为出入单级域的信息进行加解密,以实现不同安全级别信息之间的密码隔离.为达到密码隔离的目的,通过构建安全标签树,基于安全等级和安全范畴分别设计了一套密钥分配方案,实现了对敏感信息的双重加密,分析表明,两种密钥分配方案安全性较高.     

可证明安全的多接收者公钥加密方案设计与分析

针对现有安全广播协议密钥分发效率较低的问题,提出了一种通过多接收者公钥加密实现安全广播的方法.以Shamir的门限秘密共享方案为设计基础,首先提出了一个基于椭圆曲线上双线性变换的具有抗不可区分选择明文攻击(IND-CPA)安全性的多接收者公钥加密方案,然后对所提方案进行安全扩展,在此基础上最终提出了一个具有抗不可区分自适应选择密文攻击(IND-CCA2)安全性的多接收者公钥加密方案.基于双线性判定Diffie- Hellman假设和双线性间隙Diffie-Hellman假设,对上述所声称的IND-CPA安全性和IND-CCA2安全性进行了证明.同时,对方案的正确性及性能等进行了分析和证明.分析发现,该方案是一个安全、有效的公钥加密方案.由一个加密密钥所加密的密文可以被多个解密密钥解密而得到其所对应的明文,这使得该方案具有非常重要的应用,尤其是可以用来实现安全广播,以便在不安全的、开放的网络环境中安全地广播敏感信息.     

密文策略的属性基并行密钥隔离加密

对于公钥密码体制来说,私钥泄漏是一种十分严重的威胁.传统密码系统可以通过撤销公钥来应对私钥泄漏,但在属性基密码系统里,公钥由属性集合表示,对这些属性集合的撤销不太可行.目前,密钥隔离机制是减轻密钥泄漏所带来危害的一种有效方法.为了处理属性基密码系统中的密钥泄露问题,将并行密钥隔离机制引入到密文策略的属性基加密中,提出了密文策略的属性基并行密钥隔离加密(ciphertext policy attribute-based parallel keyinsulated encryption,简称CPABPKIE)的概念.在给出CPABPKIE的形式化定义和安全模型的基础上,构建了一个不需要随机预言机模型的选择ID安全的CPABPKIE方案.所提方案允许较频繁的临时私钥更新,同时可以使协助器密钥泄漏的几率保持较低,因此增强了系统防御密钥泄漏的能力.     

标准模型下可证安全的多身份单密钥解密方案

多身份单密钥解密方案是基于身份加密方案的一个变体,用户的一个解密密钥可以对应于多个公钥(身份),即单一的密钥可以解密多个不同公钥加密下的密文。在双线性对,提出标准模型下可证安全的多身份单密钥解密方案。在判定性q-TBDHE假设下,证明了所提方案在适应性选择密文和身份攻击下是不可区分的。     

可证安全的入侵容忍签名方案

提出了一种可证安全的入侵容忍签名方案,方案具有比前向安全签名和密钥隔离签名更强的安全性,满足无论签名者和基地被入侵多少次,只要入侵不是同时发生的,其他任何时间段的签名都是安全的.另外,即使入侵者同时入侵签名者和基地,获得所有秘密信息,仍然不能伪造以前时间段的签名.方案具有良好的平均性能,所有费用参数包括密钥产生、基密钥(用户密钥)演化、基密钥(用户密钥)更新、签名、验证的时间和签名长度、公钥长度和基地(用户)存储空间大小的复杂性都不超过O(logT).最后证明,假定CDH问题是     

密钥弹性泄漏安全的通配模板层次委托加密机制

传统的密码方案假定密钥对可能的攻击者来说是完全隐藏的(只有算法是公开的),敌手无法获得有关密钥的任何信息.但在实际系统中,攻击者可在噪声信道或由侧信道攻击获得有关密钥的部分信息.密钥弹性泄漏安全的加密方案通过改进密码算法达到在密钥存在可能部分泄漏情况下的语义安全性.设计了一个抗密钥弹性泄漏的可委托层次模板加密方案.在该方案中,用户身份关联到含有通配符的身份模板,并可以实现再次密钥委托.该方案是抗泄漏的层次身份加密方案(hierarchical identity-based encryption,简称HIBE)和隐藏向量加密方案(hidden vector encryption,简称HVE)的一般扩展,可有效地抵抗密钥弹性泄漏,并达到自适应语义安全性.同时给出该方案的安全性证明和系统抗泄漏性能,分析显示,该方案具有较好的密钥泄漏容忍性.     

一种新的基于多素数RSA认证加密方案

根据RSA加密系统和中国剩余定理,提出了一种新的基于多密钥的RSA认证加密方案。该方案与通常的RSA加密系统不同,每个用户只有一个加密密钥,但解密密钥由两个以上的短密钥组成,大大地加快了解密的速度。在解密过程中,巧妙地运用了中国剩余定理,减少了求逆元的个数,提高了效率。特别地,根据该方案可得到改进的Paixao方案和Boneh方案,计算速度更快,效果更好。分析表明,此方案可以有效地减少计算复杂度,并且不会降低其安全性,十分适合智能卡之间、智能卡和终端之间的认证和信息交换。     

Intrusion-resilient identity-based signature: Security definition and construction

Traditional identity-based signatures depend on the assumption that secret keys are absolutely secure. Once a secret key is exposed, all signatures associated with this secret key have to be reissued. Therefore, limiting the impact of key exposure in identity-based signature is an important task. In this paper, we propose to integrate the intrusion-resilient security into identity-based signatures to deal with their key exposure problem. Compared with forward-secure identity-based signatures and key-insulated identity-based signatures, our proposal can achieve higher security. The proposed scheme satisfies that signatures in any other time periods are secure even after arbitrarily many compromises of base and signer, as long as the compromises do not happen simultaneously. Furthermore, the intruder cannot generate signatures pertaining to previous time periods, even if she compromises base and signer simultaneously to get all their secret information. The scheme enjoys nice average performance. There are no cost parameters including key setup time, key extract time, base (signer) key update time, base (signer) key refresh time, signing time, verifying time, and signature size, public parameter size, base (signer) storage size having complexity more than O(log T) in terms of the total number of time periods T in this scheme. We also give the security definition of intrusion-resilient identity-based signature scheme and prove that our scheme is secure based on this security definition in the random oracle model assuming CDH problem is hard.     

Key continual-leakage resilient broadcast cryptosystem from dual system in broadcast networks

In order to tolerate possible leakage of secret keys, leakage-resilient cryptosystem models a class of attractive leakage output by allowing an adversary to provide any computable leakage function and learning the partial keys or other possible internal states from the output of function. In this work, we present an adaptively secure broadcast encryption resilient to key continual leakage in the standard model. Our scheme provides the tolerance of continual leakage, in which any user can generate multiple private keys per user by periodically updating the key. We use the dual system encryption mechanism to implement the leakage resilience and adaptive security, and intrinsically set an algorithm to refresh a key and produce a same distributed new key. We also give the evaluation of the leakage bound and leakage fraction, and the simulations show that our scheme can tolerate about 71% leakage fraction with 3.34 × 10^-52 failure probability in standard 80-bit security level when we adjust the leakage factor to allow the private key to be 100 Kb.     

New forward-secure public-key encryption without random oracles

Forward-secure public-key cryptography is an important technique for protecting private keys. It provides the benefits of frequent updating private keys without changing public keys. The most attractive property of forward security is that even if an attacker obtains the private key for the current time period, she still cannot compromise the private keys for the past time. In this paper, we newly present a forward-secure public-key encryption scheme without random oracles and prove it to be chosen-ciphertext secure in the standard model. In the proposed scheme, the ciphertext size and the decryption time have no correlation with the number of time periods and other performance indices have at most poly logarithmic complexities in terms of the number of time periods. As far as we know, it is the first forward-secure public-key encryption scheme that achieves direct chosen-ciphertext security in the standard model.     

不可信更新的前向安全公钥加密方案：安全性模型和构造

已提出的不可信更新的前向安全公钥加密方案没有安全性证明,因此对方案的安全性存在质疑。对前向安全公钥加密方案进行扩展,给出首个具有可证明安全的不可信更新前向安全公钥加密方案。首先给出了不可信更新的前向安全公钥加密的方案定义和形式化安全性模型;根据方案定义,运用双线性映射技术以及高效的对称加密机制,提出一个不可信更新的前向安全公钥加密方案,并在随机预言机模型下证明了该方案的安全性。通过分析,该方案具有定长密文,定长私钥,固定加/解密开销,固定密钥更新开销的特点,具有一定的实用性。     

An efficient ID-based cryptographic encryption based on discrete logarithm problem and integer factorization problem

ID-based encryption (identity-based) is a very useful tool in cryptography. It has many potential applications. The security of traditional ID-based encryption scheme wholly depends on the security of secret keys. Exposure of secret keys requires reissuing all previously assigned encryptions. This limitation becomes more obvious today as key exposure is more common with increasing use of mobile and unprotected devices. Under this background, mitigating the damage of key exposure in ID-based encryption is an important problem. To deal with this problem, we propose to integrate forward security into ID-based encryption. In this paper, we propose a new construction of ID-based encryption scheme based on integer factorization problem and discrete logarithm problem is semantically secure against chosen plaintext attack (CPA) in random oracle model. We demonstrate that our scheme outperforms the other existing schemes in terms of security, computational cost and the length of public key.     

高效的适应性选择密文安全公钥加密算法

安全高效的公钥加密算法是信息系统安全的重要保障技术,文中利用陷门承诺函数的思想实现对密文完整性的保护,由此在标准模型下给出一个可证明适应性选择密文攻击安全的公钥加密算法.新算法与著名的CS98公钥加密算法相比公钥参数数量减少20%,私钥参数减少80%;与BMW05公钥加密算法比较,公、私钥参数数量大为减少且安全规约效率...     

Adaptive CCA broadcast encryption with constant-size secret keys and ciphertexts

We consider designing public-key broadcast encryption schemes with constant-size secret keys and ciphertexts, achieving chosen-ciphertext security. We first argue that known CPA-to-CCA transforms currently do not yield such schemes. We then propose a scheme, modifying a previous selective CPA secure proposal by Boneh, Gentry, and Waters. Our scheme has constant-size secret keys and ciphertexts, and we prove that it is selective chosen-ciphertext secure based on standard assumptions. Our scheme has ciphertexts that are shorter than those of the previous CCA secure proposals. Then, we propose a second scheme that provides the functionality of both broadcast encryption and revocation schemes simultaneously using the same set of parameters. Finally, we show that it is possible to prove our first scheme adaptive chosen-ciphertext secure under reasonable extensions of the bilinear Diffie–Hellman exponent and the knowledge-of-exponent assumptions. We prove both of these extended assumptions in the generic group model. Hence, our scheme becomes the first to achieve constant-size secret keys and ciphertexts (both asymptotically optimal) and adaptive chosen-ciphertext security at the same time.     

混沌系统在网络保密通信中的应用方法

混沌保密通信是当今研究信息安全的热门课题之一。该文就混沌系统应用于保密通信的基本理论,编码方式和密钥等内容作一简要讨论,并采用一次一密密码机制,用Lorenz系统的混沌输出作为密钥对文本文件进行加密和解密。这种一次一密加密方式具有很强的抗破译性。