Centralized Group Key Establishment Protocol without a Mutually Trusted Third Party

The type of centralized group key establishment protocols is the most commonly used one due to its efficiency in computation and communication. A key generation center (KGC) in this type of protocols acts as a server to register users initially. Since the KGC selects a group key for group communication, all users must trust the KGC. Needing a mutually trusted KGC can cause problem in some applications. For example, users in a social network cannot trust the network server to select a group key for a secure group communication. In this paper, we remove the need of a mutually trusted KGC by assuming that each user only trusts himself. During registration, each user acts as a KGC to register other users and issue sub-shares to other users. From the secret sharing homomorphism, all sub-shares of each user can be combined into a master share. The master share enables a pairwise shared key between any pair of users. A verification of master shares enables all users to verify their master shares are generated consistently without revealing the master shares. In a group communication, the initiator can become the server to select a group key and distribute it to each other user over a pairwise shared channel. Our design is unique since the storage of each user is minimal, the verification of master shares is efficient and the group key distribution is centralized. There are public-key based group key establishment protocols without a trusted third party. However, these protocols can only establish a single group key. Our protocol is a non-public-key solution and can establish multiple group keys which is computationally efficient.     

基于异构密码系统的混合群组签密方案

群组签密既能实现群组签名,又能实现群组加密,但是现有的群组签密方案的发送者和接收者基本上在同一个密码系统中,不能满足现实环境的需求,而且基本上采用的是公钥加密技术,公钥加密技术在加密长消息时效率较低。因此该文提出由基于身份的密码体制(IBC)到无证书密码体制(CLC)的异构密码系统的混合群组签密方案。在该方案中,私钥生成器(PKG)和密钥生成中心(KGC)能够分别在IBC密码体制和CLC密码体制中产生自己的系统主密钥;而且群组成员只有协作才能解签密,提高了方案的安全性;同时在无需更换群组公钥和其他成员私钥的情况下,用户可以动态地加入该群组。所提方案采用了混合签密,具有可加密任意长消息的能力。在随机预言模型下,证明了该文方案在计算Diffie-hellman困难问题下具有保密性和不可伪造性。通过理论和数值实验分析表明该方案具有更高的效率和可行性。     

无可信中心的可变门限签名方案

分析了Lee的多策略门限签名方案,发现其不能抗合谋攻击.基于Agnew等人改进的E1Gamal签名方案,提出了一个无可信中心的可变门限签名方案.该方案允许在群体中共享具有不同门限值的多个组密钥,每个签名者仅需保护一个签名密钥和一个秘密值;可以根据文件的重要性灵活地选取不同的门限值进行门限签名.分析表明,提出的方案防止了现有方案中存在的合谋攻击,而且无需可信中心来管理签名者的密钥,密钥管理简单,更具安全性和实用性.     

Secure E-mail protocols providing perfect forward secrecy

Electronic mail, E-mail in short, has been used to transfer various types of electronic data on Internet. In order to deliver the E-mail from the sender to the receiver both efficiently and securely, the E-mail system usually employs both conventional and public key cryptographic systems. The basic protection in an E-mail system is to encrypt the bulk mail using a conventional cryptosystem with a short-term key and to protect the short-term key using a public-key cryptosystem with the receiver's public key. However this protection cannot provide perfect forward secrecy because once the receiver's secret key is disclosed, all previous used short-term keys will also be opened and hence all previous E-mails will be learned. Two new E-mail protocols providing perfect forward secrecy are proposed In this work.     

基于Simmons多部分共享协议的密钥托管方案

本文基于ElGamal公钥体制和Simmons多部分共享方案提出了一个多部分密钥托管方案。它不仅有效地克服了公平公钥密码系统中易受阈下信道攻击的缺点,而且由于采用多部分托管使得一方面委托人无需用户公钥就能验证其托管内容的有效性,另一方面能提高用户密钥的安全性和托管的灵活性。     

Security of Okamoto public-key cryptosystem

The security of the Okamoto public-key cryptosystem is analysed. If some secret keys of this system are chosen inadequately, the known-plaintext attack is applicable to obtain all secret keys. To prevent the proposed cryptanalysis, the necessary condition for the secret keys is shown.     

基于向量空间接入结构的分布式密钥生成

密钥生成是密码系统的一个重要组成部分,其安全性对整个密码系统的安全性起着至关重要的作用.在群体保密通信、电子商务和面向群体的密码学中,往往需要采用分布式的密钥生成方式.本文对基于向量空间接入结构的分布式密钥生成进行了研究.以向量空间接入结构上信息论安全的一个可验证秘密分享方案为基础,提出了适应于这类接入结构的一个安全高效的分布式密钥生成协议.该协议比常见的基于门限接入结构的分布式密钥生成协议具有更广泛的适用性.     

Multiplicative Linear Secret Sharing Schemes Based on Connectivity of Graphs

The multiplicative property is important for a linear secret sharing scheme (LSSS) to be used in constructing a multiparty computation (MPC) protocol. In general, an LSSS has to expand its share size to obtain the multiplicative property. In this paper, with respect to an MPC problem based on connectivity of graphs we devise an ideal multiplicative LSSS, that is, the LSSS is of the multiplicative property without expanding its share size. Moreover, it provides a new class of access structures that have ideal multiplicative LSSSs.     

Secure Distributed Key Generation for Discrete-Log Based Cryptosystems

A Distributed Key Generation (DKG) protocol is an essential component of threshold cryptosystems required to initialize the cryptosystem securely and generate its private and public keys. In the case of discrete-log-based (dlog-based) threshold signature schemes (ElGamal and its derivatives), the DKG protocol is further used in the distributed signature generation phase to generate one-time signature randomizers (r = g^k). In this paper we show that a widely used dlog-based DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated keys: we describe an efficient active attacker controlling a small number of parties which successfully biases the values of the generated keys away from uniform. We then present a new DKG protocol for the setting of dlog-based cryptosystems which we prove to satisfy the security requirements from DKG protocols and, in particular, it ensures a uniform distribution of the generated keys. The new protocol can be used as a secure replacement for the many applications of Pedersen's protocol. Motivated by the fact that the new DKG protocol incurs additional communication cost relative to Pedersen's original protocol, we investigate whether the latter can be used in specific applications which require relaxed security properties from the DKG protocol. We answer this question affirmatively by showing that Pedersen's protocol suffices for the secure implementation of certain threshold cryptosystems whose security can be reduced to the hardness of the discrete logarithm problem. In particular, we show Pedersen's DKG to be sufficient for the construction of a threshold Schnorr signature scheme. Finally, we observe an interesting trade-off between security (reductions), computation, and communication that arises when comparing Pedersen's DKG protocol with ours.     

基于随机背包的公钥密码

该文构造了一个背包型公钥密码算法。该背包公钥密码具有如下优点:加解密只需要加法和模减法运算,因此加解密速度快;该算法是基于随机背包问题而不是易解背包问题而构造的;证明了在攻击者不掌握私钥信息情况下该密码算法能抵抗直接求解背包问题的攻击,包括低密度攻击和联立丢番图逼近攻击等;证明了攻击者能够恢复私钥信息与攻击者能够分解一个大整数是等价的。分析表明,该算法是一个安全高效的公钥加密算法。     

基于广义可验证秘密分享的分布式密钥生成

利用广义可验证秘密分享,提出了基于离散对数的公钥体制的密钥的分布式生成协议.该协议适用于任意的接入结构,具有需要各参与者保存的秘密信息的数据量小,能保证所生成的私钥的随机性和均匀分布性等特点.因而与通常的基于门限接入结构的分布式密钥生成协议相比能够更广泛的应用于群体密码学中的各种场合.     

有限域上多项式形式的ElGamal体制及数字签名方案

提出了有限域上多项式形式的ElGamal公钥体制,并基于新体制,提出了一个多项式形式的ElGamal数字签名方案。新的公钥体制一次可以加密多个明文,新的签名方案一次可对多个文件进行签名。两个体制的安全性都主要基于离散对数问题的难解性。     

可公开验证的ElGamal／RSA加密

可公开验证加密允许任何实体验证加密的消息和先前承诺的秘密一样,但不会泄漏明文的任何信息。这在公平交换、防欺骗的秘密分享和安全多方计算中有重要应用。该文分别给出可公开验证的ElGamal加密和RSA加密方案。其中前者是Stalderr方案的改进,改进后的方案是语义安全的而Stalder方案达不到语义安全性。同时将该方案推广到了多个接受者的情形,最后给出了高效的可公开验证RSA加密方案。     

An efficient group key management protocol using code for key calculation: CKC

This paper presents a new group key management protocol, CKC (Code for Key Calculation) for secure IP multicast. In this protocol which is based on logical key hierarchy, only the group key needs to be sent to new member at join. Then, using the group key current members and the new member calculate the necessary keys by node codes and one-way hash function. A?node code is a random number assigned to each node to help users calculate necessary keys. Again, at leave server just sends the new group key to the remaining members. By this key, members calculate necessary keys using node codes and one-way hash function. The security of the keys is based on one-wayness of hash function. The results show that CKC reduces computational and communication overhead, and message size largely at join without increasing them at leave.     

基于离散对数问题的两层分散式组密钥管理方案

该文基于多个解密密钥映射到同一加密密钥的公钥加密算法提出一个组密钥更新协议,结合LKH算法为特定源多播模型设计一个两层分散式组密钥管理方案。证明它具有后向保密性、高概率的前向保密性和抗串谋性。通过上层私钥的长寿性和密钥转换的方法来缓解子组管理者的性能瓶颈及共享组密钥方法中普遍存在的1影响n问题。分析表明,采用混合密码体制的新方案在一定程度上兼备了两类不同组密钥管理方法的优势。     

强安全无证书签名方案的安全性分析和改进

对王亚飞等人提出的强安全性无证书签名方案进行安全性分析,指出其方案难以抵抗不诚实KGC下的公钥替换攻击。针对此类问题,采用改变传统无证书算法顺序,以KGC公告板形式公开用户公钥,用户可以通过本地保存的私钥和公钥验证公钥的真实性,从而对KGC的行为进行约束。安全性分析表明,改进后的方案能够抵抗基于不诚实 KGC安全级别下的公钥替换攻击,而且方案避开了无双线性对和逆运算,效率优于已有方案。     

An authenticated group key distribution mechanism using theory of numbers

A group key distribution protocol can enable members of a group to share a secret group key and use it for secret communications. In 2010, Harn and Lin proposed an authenticated group key distribution protocol using polynomial‐based secret sharing scheme. Recently, Guo and Chang proposed a similar protocol based on the generalized Chinese remainder theorem. In this paper, we point out that there are some security problems of Guo and Chang's protocol and propose a simpler authenticated group key distribution protocol based on the Chinese remainder theorem. The confidentiality of our proposed protocol is unconditionally secure. Copyright © 2013 John Wiley & Sons, Ltd.     

REESSE1加密方案中杠杆函数的充分必要性分析

文章介绍了REESSE1公钥体制的加密方案,包括密钥生成、加密和解密3个算法.通过对密钥变换公式中杠杆函数(.)为常数或不存在的假设,讨论了连分式攻击,因而从逆否命题的角度证明了(.)对REESSE1体制私钥安全的必要性.作者通过不确定推理、反例列举和参数归约的方法论述了(.)存在时,REESSE1的私钥安全性等价于多变量排列难题、明文安全性大于离散对数难题,从而证明了(.)对REESSE1体制私钥与明文安全的充分性.最后,指出了私钥中包含三个独立参数的REESSE1体制与私钥中仅包含一个或两个参数的MH、RSA和ElGamal体制相比,复杂性得到了显著提高.     

一种无纠缠态的量子秘密共享协议

秘密共享是指将一个秘密按适当的方式进行隐藏或拆分,只有若干个参与者一同协作才能恢复该秘密,该技术在云计算领域中能够确保信息安全和数据保密.提出了一种不使用纠缠态的量子秘密共享协议,通过使用量子密码算法确保系统的安全性.相比其他的秘密共享协议,该协议具有以下优点:与传统的基于数论的秘密共享协议相比,本协议由于使用量子通信的技术,从而能够有效抵抗Shor算法攻击;相比其他的量子秘密共享协议,由于本协议没有使用量子纠缠态,在技术程度上更容易实现;如果存在攻击者或恶意的参与者,该协议能够在秘密恢复过程中迅速发现,避免恢复错误的秘密.     

An authenticated group key distribution protocol based on the generalized Chinese remainder theorem

The group key distribution protocol is a mechanism for distributing a group key that is used to encrypt the communication data transmitted in an open group. Recently, a novel group key distribution protocol based on secret sharing was proposed. In their protocol, the group key information is broadcast in an open network environment, and only authorized group members can obtain the group key. However, their protocol requires each group member to broadcast a random challenge to the rest of the group members in the construction of the group key, and this may increase communication cost and cause network traffic congestion. In this paper, we propose an authenticated group key distribution protocol based on the generalized Chinese remainder theorem that drastically reduces communication costs while maintaining at least the same degree of security. Our protocol is built on the secret sharing scheme based on Chinese remainder theorem, which requires fewer computation operations than the previous work. Copyright © 2012 John Wiley & Sons, Ltd.