基于椭圆曲线密码体制的动态秘密共享方案

文章给出了一个基于椭圆曲线公钥密码体制的动态秘密共享方案，有效地解决了共享秘密的动态更新，子密钥动态分配和欺诈问题，且易于实现，效率高。方案的安全性基于求解有限域上椭圆曲线离散对数的困难性。     

基于ECO的可公开验证的多秘密共享方案

基于椭圆曲线密码体制，提出了一个新的可公开验证的多秘密共享方案。该方案中，参与者和分发者可同时产生各参与者的秘密份额，可同时防止分发者和参与者进行欺骗。在秘密恢复过程中，任何个体都能验证参与者是否拥有有效的子秘密，秘密恢复者可验证参与者是否提供了正确的秘密份额。每个参与者只需要维护一个秘密份额，就可以实现对多个秘密的共享。方案的安全性是基于椭圆曲线密码体制以及（t，n）门限秘密共享体制的安全性。     

一种基于椭圆曲线的可验证门限签名方案

ECDSA需要计算有限域上的逆元,而求逆元的运算复杂而费时,且在该方案中密钥分割和合成都是很困难的,所以不能直接运用于门限签名.文中在一种改进的椭圆曲线数字签名算法的基础上,采用Pedersen可验证门限秘密共享技术,构造了一种基于ECC的()可验证门限数字签名方案,并分析了它的安全性.该方案具有鲁棒性、通信代价更小、执行效率更高等特点.     

一种安全的门限多秘密共享方案

提出了一种可认证的门限多秘密共享的新方案,通过成员提供的子密钥的一个影子来恢复秘密,由影子难以得到子密钥本身,因此可以复用,也即通过同一组子密钥共享多个秘密.该方案可以对分发者发布的信息和参与者提供的子密钥影子进行认证,从而可以抵御分发者欺骗和参与者欺骗.方案的安全性基于RSA密码系统和Shamir的(k,n)门限秘密共享方案.另外,本文还提出两种对这类门限多秘密共享方案的欺骗方法,能不同程度的破坏几个已有方案的安全性,但本文所提出的方案对这些欺骗有免疫能力.该方案是计算安全的,并且性能较现有诸方案更好.     

基于身份密码体制的高效门限群签名方案

门限群签名用于保障集体决策的安全,针对其在实际应用中的效率问题,基于双线性映射和秘密共享思想,提出了一个新的基于身份密码体制的门限群签名方案.该方案将系统主密钥以自选份额秘密的模式分散到签名成员集合中,使各成员签名私钥均为门限存储,有利于保证系统整体安全性;采用基于身份的t-out-of-n秘密共享算法则使方案的效率更高.根据门限群签名性质对该方案进行了安全性分析和效率对比,结果表明该方案是一种安全高效的门限群签名方案.     

标准模型下可证安全的门限签名方案

门限签名能够分散签名权力,比普通单人签名具有更高的安全性。目前大多数门限签名方案都存在密钥托管的问题。针对一种新的基于身份的门限签名方案存在的安全性问题,利用椭圆曲线上的双线性对,文中提出了一个改进的方案。新方案由私钥生成中心和签名成员合作生成密钥,由此防止了PKG伪造签名,较好地解决了密钥托管的问题。在标准模型下对该方案进行了安全性证明,表明该方案是不可伪造的和健壮的。与已有的门限签名方案相比,安全性有较大的提高,效率没有明显的降低。     

基于可信平台模（TPCM）的盲签名方案

针对基于身份的盲签名过程中PKG密钥泄露问题,提出了基于可信平台控制模块的盲签名方案,该方案中签名信息对签名者不可见,无法追踪签名信息。盲签名方案采用可信的秘密共享分配中心(SDC, share distribution center)和TPCM合作生成用户的签名密钥,不单独产生用户私有密钥,解决了用户的密钥托管问题,可以有效地防止用户的密钥泄露,保护了用户的匿名性和签名的不可追踪。最后在随机语言机模型下证明了该方案的安全性,与传统的盲签名方案对比,本方案计算效率较高。     

无可信中心的基于身份的门限签名方案

利用椭圆曲线上的双线性对,以一种新的基于身份的门限签名方案为基础,提出了一种无需可信中心的门限签名方案。新方案密钥生成只需成员之间相互协商完成,解决了密钥托管的问题。在标准模型下对该方案进行安全性证明,验证表明该方案具有健壮性和不可伪造性。     

基于椭圆曲线密码体制的门限代理盲签名方案

提出一种门限代理盲签名方案。该方案是代理盲签名与门限签名的有机集成，解决了已有代理盲签名方案中代理签名人的权利过于集中的问题，且所有的通信都不需要使用安全的秘密通道，可在公共信道上进行。方案中所有协议都是基于椭圆曲线密码体制构造的，使得密钥尺寸较小，执行效率更高。     

基于椭圆曲线密码体制与小波分析的秘密信息隐藏

文中利用椭圆曲线密码体制密钥短，安全性高的特点，并运用小波分析技术，将加密通信和信息隐藏相结合，提出基于椭圆曲线密码体制与小波分析的秘密信息隐藏方案。文中对方案各部分进行了详细介绍，并给出信息隐藏的效果图。     

A New Secure Authenticated Group Key Transfer Protocol

Group key transfer protocols depend on a mutually trusted key generation center (KGC) to generate group keys and transport group keys to all group members secretly. Generally, KGC encrypts group keys under another secret key shared with each user during registration. In this paper, we propose a novel secure authenticated group key transfer protocol using a linear secret sharing scheme (LSSS) and ElGamal cryptosystem, where KGC broadcasts group key information to all group members. The confidentiality of this transformation is guaranteed by this LSSS and ElGamal cryptosystem. We also provide authentication for transporting this group key. Goals and security threats of our protocol are analyzed in detail.     

基于双线性的无可信中心可验证秘密共享方案

针对一般秘密共享方案或可验证秘密共享方案存在的缺点,结合椭圆曲线上双线性对性质扣运用双线性Diffie-Hellman问题,构造了一个基于双线性对的无可信中心可验证秘密共享方案。在该方案中,共享秘密S是素数阶加法群G。上的一个点,在秘密分发过程中所广播的承诺C,是与双线性有关的值。利用双线性对的双线性就可以实现共享秘密的可验证性,有效地防止参与者之间的欺诈行为,而不需要参与者之间执行复杂的交互式证明,因而该方案避免了为实现可验证性而需交互大量信息的通信量和计算量,通信效率高,同时该方案的安全性等价于双线性Diffie-Hellman假设的困难性。     

无可信中心的可变门限签名方案

分析了Lee的多策略门限签名方案,发现其不能抗合谋攻击.基于Agnew等人改进的E1Gamal签名方案,提出了一个无可信中心的可变门限签名方案.该方案允许在群体中共享具有不同门限值的多个组密钥,每个签名者仅需保护一个签名密钥和一个秘密值;可以根据文件的重要性灵活地选取不同的门限值进行门限签名.分析表明,提出的方案防止了现有方案中存在的合谋攻击,而且无需可信中心来管理签名者的密钥,密钥管理简单,更具安全性和实用性.     

Hierarchical Threshold Secret Sharing

We consider the problem of threshold secret sharing in groups with hierarchical structure. In such settings, the secret is shared among a group of participants that is partitioned into levels. The access structure is then determined by a sequence of threshold requirements: a subset of participants is authorized if it has at least k₀ 0 members from the highest level, as well as at least k₁ > k₀ members from the two highest levels and so forth. Such problems may occur in settings where the participants differ in their authority or level of confidence and the presence of higher level participants is imperative to allow the recovery of the common secret. Even though secret sharing in hierarchical groups has been studied extensively in the past, none of the existing solutions addresses the simple setting where, say, a bank transfer should be signed by three employees, at least one of whom must be a department manager. We present a perfect secret sharing scheme for this problem that, unlike most secret sharing schemes that are suitable for hierarchical structures, is ideal. As in Shamir's scheme, the secret is represented as the free coefficient of some polynomial. The novelty of our scheme is the usage of polynomial derivatives in order to generate lesser shares for participants of lower levels. Consequently, our scheme uses Birkhoff interpolation, i.e., the construction of a polynomial according to an unstructured set of point and derivative values. A substantial part of our discussion is dedicated to the question of how to assign identities to the participants from the underlying finite field so that the resulting Birkhoff interpolation problem will be well posed. In addition, we devise an ideal and efficient secret sharing scheme for the closely related hierarchical threshold access structures that were studied by Simmons and Brickell.     

AN EFFICIENT AND SECURE （t, n） THRESHOLD SECRET SHARING SCHEME

Based on Shamir＇s threshold secret sharing scheme and the discrete logarithm problem, a new （t, n） threshold secret sharing scheme is proposed in this paper. In this scheme, each participant＇s secret shadow is selected by the participant himself, and even the secret dealer cannot gain anything about his secret shadow. All the shadows are as short as the shared secret. Each participant can share many secrets with other participants by holding only one shadow. Without extra equations and information designed for verification, each participant is able to check whether another participant provides the true information or not in the recovery phase. Unlike most of the existing schemes, it is unnecessary to maintain a secure channel between each participant and the dealer. Therefore, this scheme is very attractive, especially under the circumstances that there is no secure channel between the dealer and each participant at all. The security of this scheme is based on that of Shamir＇s threshold scheme and the difficulty in solving the discrete logarithm problem. Analyses show that this scheme is a computationally secure and efficient scheme.     

无可信中心的门限追踪ad hoc网络匿名认证

为解决ad hoc网络中的匿名认证问题,将民主签名与无中心的秘密分享方案相结合,提出一种无可信中心的门限追踪ad hoc网络匿名认证方案。方案的无中心性、自组织性很好地满足了ad hoc网络的特征,从而解决了传统网络中匿名认证方案由于需要可信中心而不适合ad hoc网络的问题;方案中认证者的匿名性、可追踪性和完备性(不可冒充性)满足了匿名认证的安全需求。     

一种基于可信平台模块的门限环签名

The conventional ring signature schemes cannot address the scenario where the rank of members of the ring needs to be distinguished, for example, in electronically commerce application. To solve this problem, we presented a Trusted Platform Module (TPM)-based threshold ring signature scheme. Employing a reliable secret Share Distribution Center (SDC), the proposed approach can authenticate the TPM-based identity rank of members of the ring but not track a specific member's identity. A subset including t members with the same identity rank is built. With the signing cooperation of t members of the subset, the ring signature based on Chinese remainder theorem is generated. We proved the anonymity and unforgeability of the proposed scheme and compared it with the threshold ring signature based on Lagrange interpolation polynomial. Our scheme is relatively simpler to calculate.     

Multipartite Secret Sharing Based on CRT

Secure communication has become more and more important for system security. Since avoiding the use of encryption one by one can introduce less computation complexity, secret sharing scheme (SSS) has been used to design many security protocols. In SSSs, several authors have studied multipartite access structures, in which the set of participants is divided into several parts and all participants in the same part play an equivalent role. Access structures realized by threshold secret sharing are the simplest multipartite access structures, i.e., unipartite access structures. Since Asmuth–Bloom scheme based on Chinese remainder theorem (CRT) was presented for threshold secret sharing, recently, threshold cryptography based on Asmuth–Bloom secret sharing were firstly proposed by Kaya et al. In this paper, we extend Asmuth–Bloom and Kaya schemes to bipartite access structures and further investigate how SSSs realizing multipartite access structures can be conducted with the CRT. Actually, every access structure is multipartite and, hence, the results in this paper can be seen as a new construction of general SSS based on the CRT. Asmuth–Bloom and Kaya schemes become the special cases of our scheme.     

GOMSS: A Simple Group Oriented (t,m, n) Multi-secret Sharing Scheme

In most (t,n)-Multi-secret sharing ((t,n)-MSS) schemes, an illegal participant, even without any valid share, may recover secrets when there are over t participants in secret reconstructions. To address this problem, the paper presents the notion of Group ori-ented (t,m,n)-multi-secret sharing (or (t,m,n)-GOMSS), in which recovering each secret requires all m (n ≥ m ≥ t) participants to have valid shares and actually participate in secret reconstruction. As an example, the paper then pro-poses a simple (t,m,n)-GOMSS scheme. In the scheme, every shareholder has only one share; to recover a secret, m shareholders construct a Polynomial-based randomized component (PRC) each with the share to form a tightly coupled group, which forces the secret to be recovered only with all m valid PRCs. As a result, the scheme can thwart the above illegal participant attack. The scheme is simple as well as flexible and does not depend on conventional hard problems or one way functions.