对一种基于椭圆曲线加密体制的安全性分析

本文对一种椭圆曲线环上的陷门离散对数加密体制的安全性进行分析,指出它存在的安全缺陷,攻击者通过选择适当的明文加密,在得到相应的解密明文后,能够分解模数,从而成功地攻击此加密体制,因此该体制不能抵抗选择密文攻击.     

密钥动态选择机制的图像加密算法

构造了一个六维离散混沌系统，并在此混沌系统的基础上设计了一个伪随机数生成器。基于该伪随机数生成器提出了一种密钥动态选择机制的图像加密方案。该加密方案采用了经典的置乱-扩散加密结构。在该加密方案中，置乱序列与明文图像的像素总和相关，而在扩散阶段的扩散密钥流是根据每个像素值动态变化的，因此算法能抵抗选择明文（密文）的攻击。解密时的密钥只是混沌系统的初始值，明文图像的像素的总和是不需要的，因此克服了“一次一密”加密方案（加密不同明文所用密钥不同）中密钥管理的难度。实验结果和安全性分析表明：该算法具有密钥空间大、密文没有明显的统计特性、密文对明文和密钥非常敏感、能够抵抗差分攻击和选择明（密）文的攻击等优点，具有良好应用前景。     

标准模型下选择密文安全的基于身份加密方案

Waters在欧密2005上提出的基于身份加密方案是选择明文安全的,这就使得该方案很难应用于一些安全性要求较高的环境中。针对这一问题,设计了一个标准模型下选择密文安全的基于身份的加密扩展方案。该扩展方案基于Waters的方案,其密文中增加一个附加信息,而扩展方案是选择密文安全的,所以解决了Waters方案仅达到选择明文安全的问题。在标准模型下,扩展方案的安全性归约为判定性双线性Diffie-Hellman困难假设。安全性分析表明,扩展方案抵抗自适应选择密文攻击是不可区分的。     

抗密钥泄露的在线/离线身份基加密机制

目前已有的在线离线身份基加密（IBOOE）方案无法抵抗边信道攻击,引起密码系统秘密信息泄露问题。新方案通过将随机提取器嵌入在线加密算法来隐藏私钥泄露和密文之间的关系,提出首个有界泄露模型下安全的IBOOE方案;新方案基于合数阶双线性群上的三个静态假设,利用双系统加密技术在标准模型下抵抗选择明文攻击达到完全安全性和泄露弹性。此外,与传统的IBOOE方案相比较,新方案特别适用于敏感数据存储且资源受限的场景。     

ECC joins first time with SC-FDMA for Mission “security”

The recent advancements in the internet technology have created the urgency in developing critical data security framework around the globe. One of the most shared multimedia objects is the image which is safeguarded through a task called image encryption. An integrated approach to image encryption is the need of the hour which can combine algorithm and communication model. In this context, this work presents the first- of- its- kind approach addressing Elliptic Curve Cryptography (ECC) to encrypt and decrypt the images to enhance their security during transmission via Single Carrier Frequency Division Multiple Access (SC-FDMA) communication systems. The uniqueness of this work is to combine the encryption scheme and subsequent wireless transmission. Modified Huffman coding has been employed to achieve compression. The viability of the proposed approach was tested and the performance metrics namely Entropy, PSNR, Histogram, correlation coefficient, differential attack, NIST test, and occulation attack analyses were evaluated. The simulation results prove the efficiency of the proposed integrated encryption – compression – communication schema.

     

移动云环境下的多授权机构属性基加密方案

针对移动云数据的访问控制进行了研究,提出一种高效的、无需CA的多授权机构密文策略属性基加密方案。通过借助外部资源,在数据加密和解密过程分别增加预加密操作和可验证外包解密操作,从而降低用户的加解密计算量,并采用双因子身份认证机制实现对用户的匿名认证。安全性分析表明,新方案基于判断性q-BDHE（decisional q-parallel Bilinear Diffie-Hellman Exponent）假设可证明是选择明文安全的,并且方案能够抵抗合谋攻击。仿真实验表明,新方案有效降低了数据加密、解密的计算开销以及对密文的通信开销。因此,新方案能够实现对移动云数据安全、高效的访问控制。     

Security analysis of reversible logic cryptography design with LFSR key on 32-bit microcontroller

This paper presents a detailed security analysis of the research article on the digital image encryption scheme entitled "Reversible Logic Cryptography Design (RLCD) with Linear Feedback Shift Register (LFSR) key" (Karunamurthi S, and Natarajan VK, Microprocessors and Microsystems, 2019). Although the inadequate length of its 4-bit LFSR key makes the scheme extremely vulnerable to quick brute force attack, analyzing the various error metrics concerning the security of the encrypted images, this scheme provides statistically pleasing results. The major shortcoming identified on this RLCD-LFSR scheme is the traceable patterns that appear on its encrypted images due to the absence of confusion to break the pixels' correlation. In addition to the chosen plaintext attack, edge detection based cryptanalysis proposed in this paper to be sufficient to crack the RLCD-LFSR scheme. The enhancement made by the insertion of a confusion module in RLCD-LFSR scheme wipes out the perceptible patterns and edges from the encrypted images to resist the attacks. The failure of enhanced RLCD-LFSR under NIST tests confirms the flaws in the design of the Reversible Logic Gate (RLG) based diffusion process and its ineffectiveness for image encryption. Besides the security analysis, the performance of RLCD-LFSR scheme and the proposed improved version of the same is implemented on a 32-bit microcontroller to evaluate their suitability for real-time embedded applications.     

一种基于多线性映射的身份类广播加密方案*

利用多线性映射具有随机化编码的特点来构造密码方案是近几年研究的热点之一。本文针对Delerablee在随机预言机模型下提出的动态广播加密方案中选择明文攻击安全性问题,提出了标准模型下具有选择密文攻击安全的基于身份广播加密。首先建立多线性映射改进了私钥提取算法;然后在方案中加入消息验证码机制;最后,在标准模型下证明了该方案是不可区分静态选择密文攻击安全(indistinguishable-static ID-chosen ciphertext attack ,IND-sID-CCA)。分析表明,本文提出的方案保留了动态特性并提高了安全性。     

云环境下可搜索加密技术安全机制及应用陷阱

为了能在云计算环境下安全地使用可搜索加密技术,针对近几年来可搜索加密技术的研究成果,总结了云计算环境下对称/非对称可搜索加密技术的主要算法模型与安全模型,分析了安全方案的安全缺陷,并分析了基本可搜索加密方案与加入了密文安全传输、匿名性、第三方代理、隐私保护协议的四类增强方案在基于选择关键字攻击、字典攻击、统计分析攻击、选择明文攻击四类攻击模型下的安全性。最后,总结了可搜索加密技术的应用陷阱,并提出了当前可搜索加密技术面临的安全性挑战。     

FS-IBEKS: Forward secure identity-based encryption with keyword search from lattice

Public Key Encryption with Keyword Search (PEKS) makes it possible for a cloud server (CS) to match a trapdoor and a ciphertext. However, with the upgrowth of quantum techniques, most of the existing PEKS schemes will be broken by quantum computers in the coming future. Moreover, they are also under the threat of potential key exposure. Lattice-based forward secure PEKS scheme (FS-PEKS) overcomes the two problems above by combining the techniques of forward security and lattice-based cryptography. However, FS-PEKS schemes work in public key infrastructure (PKI), which will incur complicated certificate management procedures. In this work, to overcome the key management issue but still guarantee security even when attackers corrupt the keys, we extend the FS-PEKS scheme into the identity-based framework and present a forward secure identity-based encryption with keyword search (FS-IBEKS) scheme from lattice. The proposed scheme is secured under the selective identity against chosen plaintext attack (IND-sID-CPA) in the random oracle model. To further improve the security, we present another FS-IBEKS scheme into the standard model and give concrete security proof under the adaptive identity against chosen plaintext attack (IND-ID-CPA). The comprehensive performance evaluation demonstrates that our FS-IBEKS schemes are feasible for cloud computing.     

Networked hardware assisted key image and chaotic attractors for secure RGB image communication

In multimedia communication, significance of the images for data representation is noteworthy. In this context, secure transmission of images over open channel has become a challenging task. Creation of different strategies in improving the secure image transmission always has a demand. The proposed work suggests an RGB image encryption with the confluence of attractors and hardware triggered key image in which confusion and diffusion were accomplished by Lorenz, Lü and Cellular Automata attractors. The uniqueness of proposed encryption scheme is a key image generation module through cascaded Ring Oscillator circuit which creates M?×?N key image for diffusion of pixels. Facilitating the authenticated networked access to key image generation hardware enables the secure server-client architecture for a variety of secure image transfer applications. The proposed approach is a hardware – software codesign which possesses a good keyspace, improved key sensitivity and satisfies the various statistical parameters thus offering substantial resistance to differential, occlusion and chosen plaintext attacks on RGB images.     

基于区块链的属性基多关键词排序搜索方案

对云数据进行访问控制能够限制非法访问、提高数据隐私安全,属性基可搜索加密是实现数据细粒度访问控制的关键技术之一。针对云数据访问中单一授权性能瓶颈、搜索功能局限等问题,提出一种基于区块链的属性基多关键词排序搜索方案。该方案采用多授权机制降低了系统计算负担,同时将属性基可搜索加密技术与区块链技术相结合,实现了云数据的细粒度访问控制与公平搜索;此外,引入向量空间模型和TF-IDF加权技术实现了多关键词搜索结果排序,提高了搜索效率。安全性分析、性能分析表明,该方案能够抵抗选择明文攻击和关键词猜测攻击,并具备较低的通信和计算开销。     

The identical operands commutative encryption and watermarking based on homomorphism

Aiming at the requirement of comprehensive security protection for multimedia information, this paper proposes a new algorithm to realize the combination of encryption and watermarking based on the homomorphism. Under the proposed algorithm scheme, the plaintext watermark embedding operations are mapped to the ciphertext domain by homomorphism to achieve the plaintext watermark embedding in the ciphertext domain; at the same time, the embedded plaintext watermarks are also mapped to the ciphertext domain by homomorphism to achieve the ciphertext watermarking embedding. According to the experimental results, by the proposed algorithm, the order of watermark embedding and data encrypting does not affect the production of the same encrypted-watermarked data, meanwhile, whether the encrypted-watermarked data being decrypted or not does not affect the extraction of embedded watermark. For the operands of encryption and watermarking being the same data, the proposed algorithm has higher security compared with the existing mainstream independent operands based communicative encryption and watermarking.     

An efficient ID-based cryptographic encryption based on discrete logarithm problem and integer factorization problem

ID-based encryption (identity-based) is a very useful tool in cryptography. It has many potential applications. The security of traditional ID-based encryption scheme wholly depends on the security of secret keys. Exposure of secret keys requires reissuing all previously assigned encryptions. This limitation becomes more obvious today as key exposure is more common with increasing use of mobile and unprotected devices. Under this background, mitigating the damage of key exposure in ID-based encryption is an important problem. To deal with this problem, we propose to integrate forward security into ID-based encryption. In this paper, we propose a new construction of ID-based encryption scheme based on integer factorization problem and discrete logarithm problem is semantically secure against chosen plaintext attack (CPA) in random oracle model. We demonstrate that our scheme outperforms the other existing schemes in terms of security, computational cost and the length of public key.     

超混沌图像加密方案的分析与改进

根据选择明文攻击原理,对一种超混沌图像加密算法进行了分析,结果表明该算法不能抵抗选择明文攻击。提出了一种改进的超混沌图像加密算法;对改进算法进行了安全性分析和实验测试。理论分析及实验结果表明,改进算法克服了原算法不能抵御选择明文攻击的缺陷,而且能拥有更好的统计特性、差分特性等密码学特性和更高的加密速度。     

基于多播RSA的“零密钥更新”方案的安全分析

Lin,Tang和Wang(LTW)基于一种星型密钥分发体系结构提出了一种多素数RSA,并利用它构造了一种无需密钥更新过程的集中式组密钥管理方案。按照组密钥管理的几个主要安全需求,运用密码学的工程实践视角和计算数论的方法,对该方案提出了环幂等元攻击、选择明文攻击、求高次整根攻击以及基于椭圆曲线分解方法和中国剩余定理的串谋攻击。数学与密码分析表明：在一定的条件下可以高效实现这些攻击,而密钥服务器的加密指数的“零更新”特性正是这些安全隐患之源。     

对改进的基于DNA编码和混沌的图像加密方法的安全性分析*

混沌密码系统已展现了许多非传统密码系统所具有的优良特性,基于混沌的加密算法层出不穷,同时对混沌密码系统进行安全性分析对混沌密码的发展具有重要意义。对一种改进的基于DNA编码和混沌映射的图像加密方法进行了安全性分析,该算法的核心思想是明文图像的DNA编码矩阵与混沌映射产生的随机矩阵的DNA编码矩阵求和,然后再对这个和矩阵中的元素随机求补即得密文图像。运用选择明文攻击的方法,破解了该算法中的等效密钥,从而利用等效密钥再解密出目标明文。理论分析和实验结果验证了本文选择明文攻击策略的可行性。简要讨论了提高该密码算法安全性的一些改进措施。     

Compressive sensing based image compression-encryption using Novel 1D-Chaotic map

Compressive sensing based encryption achieves simultaneous compression-encryption by utilizing a low complex sampling process, which is computationally secure. In this paper, a new novel 1D–chaotic map is proposed that is used to construct an incoherence rotated chaotic measurement matrix. The chaotic property of the proposed map is experimentally analysed. The linear measurements obtained are confused and diffused using the chaotic sequence generated using the proposed map. The chaos based measurement matrix construction results in reduced data storage and bandwidth requirements. As it needs to store only the parameters required to generate the chaotic sequence. Also, the sensitivity of the chaos to the parameters makes the data transmission secure. The secret key used in the encryption process is dependent on both the input data and the parameter used to generate the chaotic map. Hence the proposed scheme can resist chosen plaintext attack. The key space of the proposed scheme is large enough to thwart statistical attacks. Experimental results and the security analysis verifies the security and effectiveness of the proposed compression-encryption scheme.     

用于Hadoop平台的混沌加密研究与实现

为解决传统单机模式串行加密方法存在的不足,设计了一种基于Hadoop平台的混沌加密算法的运行方案。该方案运用MapReduce并行框架和混沌加密伪随机数以及初值敏感的原理,提出一种针对MapReduce框架和混沌加密优化的并行混沌加密方案,即用明文长度作为初值,分别对Chen、Lorenz、Rossler三种超混沌系统进行初始迭代,同时提出对明文数据按1 MB进行分块的设计理念,通过根据偏移量,判断每个分块生成长度为1 MB的Chen、Lorenz、Rossler三个密钥序列的方法,达到提升数据密度安全性、减少运行内存占有量等目的。该设计框架中,Chen序列用于明文置乱操作,Lorenz序列用于异或的扩散操作,Rossler序列用于取模的辅助扩散操作。实验证明,针对MapReduce并行框架特性和混沌系统特性的优化算法,在有效减小内存占用量、提高加密速度的同时,明文关联的加密操作达到了有效防御选择明文攻击的目的。     

一个基于椭圆曲线的可证明安全签密方案*

签密能够在一个合理的逻辑步骤内同时完成数字签名和加密两项功能。与实现信息保密性和认证性的先签名后加密方案相比,签密具有较低的计算和通信代价。提出一个基于椭圆曲线的签密方案,能够同时完成数字签名和加密两项功能。基于可证明安全性理论,在GDH(gap Diffie-Hellman)问题难解的假设之下,该方案在随机预言机模型中被证明是安全的。该方案能够抵御自适应选择明文/密文攻击。