浅谈企业开放式平台的安全设计

企业与外部系统做数据交互需信息安全处理可由两方面实现,即流出平台的数据要签名,流入平台的数据也要签名验证。开放式平台业务模式从加解密签名解析流程、密钥管理和灵活的加解密与数字签名数据模型等方面来实现面向用户的灵活可配的安全架构。     

一种新型匿名认证方案的研究

为了克服现有可信平台认证方法的缺陷,提出了一种基于单项累加器的新型可信平台匿名认证方案,并构造了具体方法.新方案利用环签名技术的匿名性实现直接匿名认证,同时运用单向累加器技术将环签名成员信息累加,使得签名环长度固定,不会随着环规模增大而增大.验证时,有效降低了hash计算和加密、解密运算的次数,提高了认证的效率.通过与典型的环签名方案的比较,表明该方法所需的空间复杂度和时间复杂度更小,并弥补了传统环签名方案签名长度随环规模增大而增加的缺点,在保证安全性的前提下具有较高的实现效率.     

几种可转换环签名方案的安全性分析和改进

通过对Zhang-Liu-He (2006),Gan-Chen (2004)和Wang-Zhang-Ma (2007)提出的可转换环签名方案进行分析,指出了这几个可转换环签名方案存在可转换性攻击或不可否认性攻击,即,环中的任何成员都能宣称自己是实际签名者或冒充别的成员进行环签名。为防范这两种攻击,对这几个可转换环签名方案进行了改进,改进后的方案满足可转换环签名的安全性要求。     

基于DSA的群签名方案及其应用

本文介绍了在群签名中，群成员可代表群体进行匿名签名，验证者只能验证签名为群体中的成员所签，而不能确定是哪个成员签的。在有争议的情况下，群管理员可以打开签名确定签名人的身份。效率和成员管理是阻碍群签名实际应用的两个重要问题，目前的成员撤消方案至少都需要指数级运算，计算复杂度高。考虑到DSA数字签名算法应用的广泛性，本文首次提出一种完全基于DSA的群签名方案，将其应用于高校固定资产管理系统中，实现了固定资产的增加模块。分析表明，新的群签名方案花费较小的计算代价就可以安全地增加或撤消群成员，并且适合大的群体使用。     

格上本地验证者撤销属性基群签名的零知识证明

属性基群签名(ABGS)是一类特殊形式的群签名,其允许拥有某些特定属性的群成员匿名地代表整个群对消息进行签名;当有争议发生时,签名打开实体可以有效地追踪出真实签名者。针对格上第1个支持本地验证者撤销的属性基群签名群公钥尺寸过长,空间效率不高的问题,该文采用仅需固定矩阵个数的紧凑的身份编码技术对群成员身份信息进行编码,使得群公钥尺寸与群成员个数无关;进一步地,给出新的Stern类统计零知识证明协议,该协议可以有效地证明群成员的签名特权,而其撤销标签则通过单向和单射的带误差学习函数来进行承诺。     

一个基于中国剩余定理的群签名方案的攻击及其改进方案

该文给出了对一个已有的群签名方案的攻击,表明了已有的群签名不能防止群成员的联合攻击,在联合攻击下攻击者可以得到任何群成员的秘钥从而伪造任何人的签名。同时该方案也不能防止不诚实的管理员伪造群成员的签名。利用Schnorr签名方案给出了一种改进方案,新的改进方案具有以下特点:联合攻击下是安全的;可以防止不诚实的群中心伪造群成员的签名;可以简单高效地实现成员撤消。     

标准模型下基于身份的环签名方案

利用Waters的私钥构造方法提出了一个基于身份的环签名方案.该方案的安全性基于标准模型下的计算性Diffie-Hellman假设.对于有l个成员的环,签名长度只有l 1个群元素,签名验证需要l 1个双线性对运算.与现有的基于身份的环签名方相比具有较短的公开参数,且签名的效率进一步提高.     

矢量空间秘密共享群签名方案

本文通过引入矢量空间秘密共享技术和阈下通道技术,提出了一种新的群签名方案.在本签字体制建立后,可以加入或删除成员.一个部门只有在一定数量成员的参与下,才可以生成有效的群签名.接收者可以验证签名的有效性,但是不能判断出群签名出自哪一个部门.当有争端发生时,仲裁者可以"打开"群签名,确定签名的部门.此签字的公钥长度是独立的."打开"过程通过阈下通道实现.     

一种高效群签名方案的设计与分析

基于ElGamal密码体制及其签名算法,构造了一个高效安全的群签名方案。在签名初始化阶段,把群管理者分成两个部分T1和T2, T1负责签名群成员的加入,删除和密钥发行。如果发生争端需要仲裁,那么可由T2负责打开群签名并进行追踪,这种方法有效地实现了签名群中成员的动态管理,具有一定的高效性、安全性和实用性。方案给出了详细的设计过程,并对其高效性和安全性进行了分析,为群签名方案的设计与实现提供了一种参考。     

新型面向授权子集环签名方案

对传统的面向个人环签名方案进行扩展,提出了一个面向授权子集的环签名方案.在方案中,签名子集首先构建一个包含其自身所有成员在内的群组,然后构建一个包含签名子集在内的群组成员的子集集合.环签名是由签名子集中的所有成员合作做出的.验证者可以验证签名是否是由子集集合中的某一个子集所做出的,却无法找出具体的签名子集.在随机问答器模型下,证明了方案是安全的.通过对方案的复杂性分析表明,签名系统是高效的.     

κ-PARTY SHARED RSA KEY GENERATION

This letter presents a κ-party RSA key sharing scheme and the related algorithmsare presented. It is shown that the shared key can be generated in such a collaborative way thatthe RSA modulus is publicly known but none of the parties is able to decrypt the encipheredmessage individually.     

k-PARTY SHARED RSA KEY GENERATION

This Ietter presents a k-party RSA key sharing scheme and the related algorithms are pressented.It is shown that the shared key can be generated in such a collaborative way that the RSA modulus is pubicly known but none of the parties is able to decrypt the enciphered message individually.     

Robust and Efficient Sharing of RSA Functions

We present two efficient protocols which implement robust threshold RSA signature schemes, where the power to sign is shared by N players such that any subset of T+1 or more signers can collaborate to produce a valid RSA signature on any given message, but no subset of T or less corrupted players can forge a signature. Our protocols are robust in the sense that the correct signature is computed even if up to T players behave in an arbitrarily malicious way during the signature protocol. This, in particular, includes the cases of players who refuse to participate or who introduce erroneous values into the computation. Our robust protocols achieve optimal resiliency as they can tolerate up to (N-1)/2 faults, and their efficiency is comparable with the efficiency of the underlying threshold RSA signature scheme. Our protocols require RSA moduli which are the product of two safe primes, and that the underlying (centralized) RSA signature scheme is unforgeable. Our techniques also apply to the secure sharing of the RSA decryption function. We show that adding robustness to the existing threshold RSA schemes reduces to solving the problem of how to verify an RSA signature without a public verification Received 21 March 1997 and revised 28 September 1999     

Secret-Sharing for NP

A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a “qualified” subset of parties can efficiently reconstruct the secret while any “unqualified” subset of parties cannot efficiently learn anything about the secret. The collection of “qualified” subsets is defined by a monotone Boolean function. It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing scheme. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in \({\mathsf {P}}\)). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in \({\mathsf {NP}}\): in order to reconstruct the secret a set of parties must be “qualified” and provide a witness attesting to this fact. Recently, Garg et al. (Symposium on theory of computing conference, STOC, pp 467–476, 2013) put forward the concept of witness encryption, where the goal is to encrypt a message relative to a statement \(x\in L\) for a language \(L\in {\mathsf {NP}}\) such that anyone holding a witness to the statement can decrypt the message; however, if \(x\notin L\), then it is computationally hard to decrypt. Garg et al. showed how to construct several cryptographic primitives from witness encryption and gave a candidate construction. One can show that computational secret-sharing implies witness encryption for the same language. Our main result is the converse: we give a construction of a computational secret-sharing scheme for any monotone function in \({\mathsf {NP}}\) assuming witness encryption for \({\mathsf {NP}}\) and one-way functions. As a consequence we get a completeness theorem for secret-sharing: computational secret-sharing scheme for any single monotone \({\mathsf {NP}}\)-complete function implies a computational secret-sharing scheme for every monotone function in \({\mathsf {NP}}\).     

矢量空间RSA数字签名方案

基于矢量空间秘密共享方案和RSA签名方案提出了一种新的签名方案，即矢量空间RSA签名方案，该方案包括文献[1]中方案作为其特殊情况。在该方案中，N个参与者共享RSA签名方案的秘密密钥，能保证矢量空间访问结构I中参与者的授权子集产生有效的RSA群签名，而参与者的非授权子集不能产生有效的RSA群签名。     

Provably secure RSA‐type signature based on conic curve

In electronic communication and wireless communication, message authentication should be necessary. However, traditional method message authentication code (MAC) employs a symmetric cryptographical technique and it needs to keep a shared private key between two parties. For convenience, people now begins to use public key techniques to provide message authentication. In wireless communication, we shall save more space for message itself because of the limited resources. Therefore, we believe that our proposed digital signature scheme will be more fitful for this kind of communication due to the following merits: (1) in addition to inheriting the merits of RSA signature such as high verification efficiency, the proposed scheme also shows its advantage over RSA by resisting low public key exponent attack; (2) comparing with 1024 bits RSA, our digital signature scheme can sign 2048‐bit long message once, and generate a signature with 1025 bits length which doubles the capacity of the 1024‐bit RSA signature; (3) the scheme is provably secure and its security is tightly related to the hardness of conic‐based (CB)‐RSA assumption. Copyright © 2008 John Wiley & Sons, Ltd.     

Cryptanalysis of RSA with private key d less than N0.292

We show that if the private exponent d used in the RSA (Rivest-Shamir-Adleman (1978)) public-key cryptosystem is less than N ^0.292 then the system is insecure. This is the first improvement over an old result of Wiener (1990) showing that when d is less than N^0.25 the RSA system is insecure. We hope our approach can be used to eventually improve the bound to d less than N ^0.5     

The application of robustness analysis to the conflict withincomplete information

When players with different interests try to achieve a better state, conflicts among players arise. Conflicts may arise also among public players. For example, a local government may insist on the interest of the region while the national government represents the interests of the whole country. Conflict analysis is one of the methods to model such conflicts mathematically. Its stability analysis specifies stable states based on the ordinal information on players' preferences. However, if the preference of a player is private, stability of states is not known. In such a case, players or third parties have to collect additional information on other players' preference. It is necessary to specify the minimum information to collect. In this paper, graph model for conflict resolution (GMCR) is extended for the cases with incomplete information. Then, the generalized robustness analysis is proposed to specify the minimum conditions for stability of states. Finally, robustness analysis is applied to the conflict on water resources development     

基于FPGA的高速加密卡设计与实现

为增强数据信息的安全性,设计了一种基于FPGA的高性能加密卡。该加密卡通过PCI Express总线与主机通信,由FPGA芯片内置的NiosII软核处理器和PCI-E硬核分别实现控制器模块与通信接口模块功能;采用SM1、RSA算法对数据进行加密或解密。将加密卡的数据通信和算法控制等功能集成在单片FPGA芯片上实现,优化了电路结构、提高了加密卡的稳定性和可靠性。实际测试结果表明,所设计的加密卡功能正确,运算速度快,达到了预期的目标,具有良好的应用前景。     

基于衍射光学器件的光学图像级联加密系统

提出基于衍射光学器件的光学图像级联加密系统.一般来说,一个n级系统可由n个透镜串联组成.经过优化设计的衍射光学元件如相位板等相应的放置在系统的空间域和频谱域.当系统在平面波照明下,便能在输出平面获得解密图像.这些衍射元件可通过级联迭代傅里叶变化算法设计.计算机模拟结果显示,算法具有很快的收敛速度,而且所应用于的系统的级次越多,相应的收敛速度越快.级联系统能够高质量的恢复原始图像,使之与原始图像的均方差小于5×10-30.采用密钥共享方案,级联系统可以用作多用户系统,这样能使安全性明显提高.