A THRESHOLD BLIND SIGNATURE FROM WEIL PAIRING ON ELLIPTIC CURVES

The idea behind a （t, n） threshold blind signature is that a user can ask at least t out of n players of a group to cooperate to generate a signature for a message without revealing its content, This paper first presents a new blind signature scheme from Weil pairing on elliptic curves. Based on this scheme, a threshold blind signature scheme is proposed. It is efficient and has the security properties of robustness and unforgeability. In the proposed scheme, the group manger is introduced to take the role of distributing the group secret key to each player, However, he cannot forge the players to generate partial blind signatures （Each partial blind signature depends on not only the secret key of the player, but also a random number the player picks）. Compared with a threshold signature with a trusted third party, its advantage is obvious; Compared with a threshold signature without a trusted third party, it is more simple and efficient.     

GOMSS: A Simple Group Oriented (t,m, n) Multi-secret Sharing Scheme

In most (t,n)-Multi-secret sharing ((t,n)-MSS) schemes, an illegal participant, even without any valid share, may recover secrets when there are over t participants in secret reconstructions. To address this problem, the paper presents the notion of Group ori-ented (t,m,n)-multi-secret sharing (or (t,m,n)-GOMSS), in which recovering each secret requires all m (n ≥ m ≥ t) participants to have valid shares and actually participate in secret reconstruction. As an example, the paper then pro-poses a simple (t,m,n)-GOMSS scheme. In the scheme, every shareholder has only one share; to recover a secret, m shareholders construct a Polynomial-based randomized component (PRC) each with the share to form a tightly coupled group, which forces the secret to be recovered only with all m valid PRCs. As a result, the scheme can thwart the above illegal participant attack. The scheme is simple as well as flexible and does not depend on conventional hard problems or one way functions.     

Centralized Group Key Establishment Protocol without a Mutually Trusted Third Party

The type of centralized group key establishment protocols is the most commonly used one due to its efficiency in computation and communication. A key generation center (KGC) in this type of protocols acts as a server to register users initially. Since the KGC selects a group key for group communication, all users must trust the KGC. Needing a mutually trusted KGC can cause problem in some applications. For example, users in a social network cannot trust the network server to select a group key for a secure group communication. In this paper, we remove the need of a mutually trusted KGC by assuming that each user only trusts himself. During registration, each user acts as a KGC to register other users and issue sub-shares to other users. From the secret sharing homomorphism, all sub-shares of each user can be combined into a master share. The master share enables a pairwise shared key between any pair of users. A verification of master shares enables all users to verify their master shares are generated consistently without revealing the master shares. In a group communication, the initiator can become the server to select a group key and distribute it to each other user over a pairwise shared channel. Our design is unique since the storage of each user is minimal, the verification of master shares is efficient and the group key distribution is centralized. There are public-key based group key establishment protocols without a trusted third party. However, these protocols can only establish a single group key. Our protocol is a non-public-key solution and can establish multiple group keys which is computationally efficient.     

安全的两方协作SM2签名算法

在签名算法中,一旦签名私钥被窃取,敌手就可以随意伪造合法用户的签名,从而致使合法用户的权益受到侵害.为了降低签名私钥泄露的风险,本文提出了一种安全的两方协作SM2数字签名算法,该算法将签名私钥拆分成两个部分,分别交由两方来保管,通过采用零知识证明、比特承诺、同态加密等密码学技术保证了只有合法的通信双方才能安全地协作产生完整的SM2签名,任何一方都不能单独恢复出完整的签名私钥,方案的安全性在通用可组合安全框架下被证明,与已有的SM2协作签名方案相比,本文方案具有交互次数少、协作签名效率高等优势.     

Efficient state updates for key management

Encryption is widely used to enforce usage rules for digital content. In many scenarios content is encrypted using a group key which is known to a group of users that are allowed to use the content. When users leave or join the group, the group key must be changed. The logical key hierarchy (LKH) algorithm is a very common method of managing these key changes. In this algorithm every user keeps a personal key composed of log n keys (for a group of n users). A key update message consists of O(log n) keys. A major drawback of the LKH algorithm is that users must update their state whenever users join or leave the group. When such an event happens, a key update message is sent to all users. A user who is offline during t key updates, and who needs to learn the keys sent in these updates as well as update its personal key, should receive and process the t key update messages, of total length O(t log n) keys. In this paper, we show how to reduce this overhead to a message of O(log t) keys. We also note that one of the methods that are used in this work to reduce the size of the update message can be used in other scenarios as well. It enables one to generate n pseudorandom keys of length k bits each, such that any successive set of t keys can be represented by a string log(t)/spl middot/k bits, without disclosing any information about the other keys.     

基于属性的多授权中心身份认证方案

针对现有的基于属性的身份认证方案均是基于单授权中心实现的,存在密钥托管问题,即密钥生成中心知道所有用户的私钥,提出了一种基于属性的多授权中心的身份认证方案。所提方案结合分布式密钥生成技术实现用户属性私钥的(t,n)门限生成机制,可以抵抗最多来自t-1个授权中心的合谋攻击。利用双线性映射构造了所提方案,分析了所提方案的安全性、计算开销和通信开销,并与同类型方案做比较。最后,以多因子身份认证为例,分析了所提方案在电子凭据应用场景中的可行性。分析结果表明,所提方案具有更优的综合性能。     

Provable data possession scheme based on public verification and private verification

More and more users choose to transfer their applications and data into the cloud.Data security is a key issue for cloud storage systems.To ensure the integrity and validity of the data stored in the cloud,provable data possession (PDP) scheme is particularly important.In order to verify whether the cloud storage service provider had stored the data of the user completely,a scheme on the basis of NRPDP (non-repudiable PDP) was improved and extended,and a data retention scheme based on public authentication and private authentication was proposed.The scheme can verify the trustworthiness of the service provider and the user in the cloud storage at the same time,which satisfies the non-repudiation of the verification.The theory proves the non-repudiation of the proposed scheme.The experiment proves that the efficiency of each stage is better than that of the existing single public verification method or private authentication method.     

基于可信度计算的分布式共识合作感知算法

对于分布式的认知无线网络,由于不存在融合中心节点,次级用户节点之间的合作感知往往 采用信息交互的渠道进行,其中一种基于共识合作的感知机制受到广泛的研究,但这种机制 在鲁棒性方面存在一定的缺陷,当恶意节点存在时,其错误信息将影响局部的感知判决结果 ,为此,提出一种基于感知节点可信度的共识合作感知机制。在该机制中,各节点对邻居节 点的可信度进行计算,并把计算出的可信度值发送给其他节点,通过对各节点可信度的累加 计算,最终计算出各节点的可信度,各节点以此决定是否与其邻居节点合作以及如何合作。 仿真结果证明,在恶意节点存在的情况下,该算法在感知性能和收敛速度上都较未改进算法 有不同程度的提升,减轻了不可靠节点对合作感知结果的影响。     

没有SDC的(t，n)门限秘密共享方案

利用椭圆曲线离散问题对数问题的难解性,给出了基于椭圆曲线密码体制的(t,n)门限秘密共享方案。基于门限秘密共享方案一般分为需要SDC和不需要SDC两类,在分布式环境下,一个被所有成员信任的SDC并不存在,不需要SDC的门限秘密共享方案的安全性得到很大的提高,该方案中由组成员共同生成群公钥和私有密钥。并给出了当新成员加入时,无SDC下的周期密钥分片的更新方案。还给出了一个本方案数据实例,最后对本方案的安全性进行了分析。     

ID-based cryptographic schemes for user identification, digitalsignature, and key distribution

In 1984, A. Shamir introduced the concept of an identity-based cryptosystem. In this system, each user needs to visit a key authentication center (KAC) and identify himself before joining a communication network. Once a user is accepted, the KAC will provide him with a secret key. In this way, if a user wants to communicate with others, he or she only needs to know the identity of his communication partner and the public key of the KAC. There is no public file required in this system. However, Shamir did not succeed in constructing an identity-based cryptosystem, but only in constructing an identity-based signature scheme. The authors here propose three identity-based cryptographic schemes based on the discrete logarithm problem: the user identification scheme, the digital signature scheme, and the key distribution scheme. The schemes are based on the digital signature scheme of G.B. Agnew et al. (1990), which is reviewed     

Dynamic asymmetric group key agreement for ad hoc networks

A group key agreement protocol allows a set of users to establish a common symmetric key via open networks. Dynamic asymmetric group key agreement means that a dynamic set of users form a temporary group and negotiate to share a public encryption key, so that anyone can send message securely and efficiently to the temporary group. Users can join or leave the group efficiently without triggering a completely new key agreement protocol, which will greatly benefit the users in ad hoc networks. We describe a generic construction of dynamic asymmetric group key agreement by combining a conventional authenticated group key agreement, a public key encryption and a multi-signature. Then we give out an instance with constant rounds of interactions and constant transmission cost for each participant.     

Public integrity verification for data sharing in cloud with asynchronous revocation

Cloud data sharing service, which allows a group of people to access and modify the shared data, is one of the most popular and efficient working styles in enterprises. Recently, there is an uprising trend that enterprises tend to move their IT service from local to cloud to ease the management and reduce the cost. Under the new cloud environment, the cloud users require the data integrity verification to inspect the data service at the cloud side. Several recent studies have focused on this application scenario. In these studies, each user within a group is required to sign a data block created or modified by him. While a user is revoked, all the data previously signed by him should be resigned. In the existing research, the resigning process is dependent on the revoked user. However, cloud users are autonomous. They may exit the system at any time without notifying the system admin and even are revoked due to misbehaviors. As the developers in the cloud-based software development platform, they are voluntary and not strictly controlled by the system. Due to this feature, cloud users may not always follow the cloud service protocol. They may not participate in generating the resigning key and may even expose their secret keys after being revoked. If the signature is not resigned in time, the subsequent verification will be affected. And if the secret key is exposed, the shared data will be maliciously modified by the attacker who grasps the key. Therefore, forcing a revoked user to participate in the revocation process will lead to efficiency and security problems. As a result, designing a practical and efficient integrity verification scheme that supports this scenario is highly desirable. In this paper, we identify this challenging problem as the asynchronous revocation, in which the revocation operations (i.e., re-signing key generation and resigning process) and the user's revocation are asynchronous. All the revocation operations must be able to be performed without the participation of the revoked user. Even more ambitiously, the revocation process should not rely on any special entity, such as the data owner or a trusted agency. To address this problem, we propose a novel public data integrity verification mechanism in which the data blocks signed by the revoked user will be resigned by another valid user. From the perspectives of security and practicality, the revoked user does not participate in the resigning process and the re-signing key generation. Our scheme allows anyone in the cloud computing system to act as the verifier to publicly and efficiently verify the integrity of the shared data using Homomorphic Verifiable Tags (HVTs). Moreover, the proposed scheme resists the collusion attack between the cloud server and the malicious revoked users. The numerical analysis and experimental results further validate the high efficiency and scalability of the proposed scheme. The experimental results manifest that re-signing 10,000 data blocks only takes 3.815 ?s and a user can finish the verification in 300 ?ms with a 99% error detection probability.     

A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks

A multi-server authentication scheme is a useful authentication mechanism in which a remote user can access the services of multiple servers after registering with the registration center (RC). This study shows that the password-based multi-server authentication scheme proposed by Yeh and Lo is vulnerable to undetectable password-guessing attack and offline password-guessing attack. This study proposes a new password-based multi-server authentication scheme to overcome these vulnerabilities. The proposed protocol introduces a new mechanism for protecting user password. The RC sends an alternative key to help the server verify the legitimacy of user instead of the user’s password. The values of these keys are changed with a random large nonce in each session. Therefore, the password-guessing attack cannot work successfully on the proposed scheme.     

Secure and efficient token based roaming authentication scheme for space-earth integration network

Aiming at the problem of prolongation and instability of satellite and terrestrial physical communication links in the space-earth integration network,a two-way token based roaming authentication scheme was proposed.The scheme used the characteristics of the computing capability of the satellite nodes in the network to advance the user authentication process from the network control center (NCC) to the access satellite.The satellite directly verified the token issued by the NCC to verify the user's identity.At the same time,the token mechanism based on the one-way accumulator achieved the user's dynamic join,lightweight user self-service customization and billing,and the introduction of Bloom Filter enabled effective user revocation and malicious access management.Compared with the existing scheme,the scheme can guarantee the security of roaming authentication and significantly reduce the calculation and communication overhead of the authentication and key negotiation process.     

一个预防欺诈的(t,n)门限数字签名方案

基于离散对数的安全机制,该文提出了一个预防欺诈的ElGamal型(t, n)门限数字签名方案。在密钥生成阶段,参与者的公、私钥以及群公钥由所有参与者共同协商而无需可信中心支持;在签名生成阶段,参与者之间不需要进行任何安全通信;能够抵御合法参与者间的相互欺诈和外部攻击者的攻击。方案的安全性是基于离散对数问题的难解性。分析发现,该方案具有良好的安全性和执行效率。     

抗关键词猜测的授权可搜索加密方案

大多数可搜索加密方案仅支持对单关键词集的搜索,且数据使用者不能迅速对云服务器返回的密文进行有效性判断,同时考虑到云服务器具有较强的计算能力,可能会对关键词进行猜测,且没有对数据使用者的身份进行验证。针对上述问题,该文提出一个对数据使用者身份验证的抗关键词猜测的授权多关键词可搜索加密方案。方案中数据使用者与数据属主给授权服务器进行授权,从而验证数据使用者是否为合法用户;若验证通过,则授权服务器利用授权信息协助数据使用者对云服务器返回的密文进行有效性检测;同时数据使用者利用服务器的公钥和伪关键词对关键词生成陷门搜索凭证,从而保证关键词的不可区分性。同时数据属主在加密时,利用云服务器的公钥、授权服务器的公钥以及数据使用者的公钥,可以防止合谋攻击。最后在随机预言机模型下证明了所提方案的安全性,并通过仿真实验验证,所提方案在多关键词环境下具有较好的效率。     

QoS-constrained opportunistic scheduling for sc-fdma with iterative multiuser detection

This letter proposes a quality-of-service (QoS) constrained opportunistic scheduling for a single-carrier frequency division multiple access (SC-FDMA) scheme. The SC-FDMA scheme considered in this letter employs an iterative multiuser detection using frequency-domain equalization (IMDFDE), which allows several users to share a common set of subcarriers. In order to improve spectral efficiency and guarantee QoS of assigned users, the proposed method chooses users by iteratively performing user selection. At each user selection for a set of subcarriers, the scheduler takes into account multiuser interference from previously assigned users of corresponding subcarriers and QoS constraint. Simulation results show that the proposed method provides higher spectral efficiency compared with round-robin and max-SNR.     

An Attribute-Based Signcryption Scheme and Its Application in Information Hiding

In order to provide a secure, reliable and flexible way to hide information, a new attribute-based signcryption scheme based on ciphertext-policy and its se-curity proof are presented. This scheme not only can simul-taneously fulfil both authentication and confidentiality in an e?cient way, but also implements a hierarchical decryp-tion in one group and also between different groups accord-ing to user’s authority (different users satisfying the same access structure can be considered as a group). We provide a solution to information hiding using our proposed scheme which can embed ciphertext into a carrier. Because the hi-erarchical decryption property, different users will obtain different message from the same carrier. Illegal user can not get any information without private key because mes-sage existed in the carrier is ciphertext. Such solution can be applied in sharing important message under the public network.     

Performance of Orthogonal Beamforming for SDMA With Limited Feedback

On the multiantenna broadcast channel, the spatial degrees of freedom support simultaneous transmission to multiple users. The optimal multiuser transmission, which is known as dirty paper coding, is not directly realizable. Moreover, close-to-optimal solutions such as Tomlinson-Harashima precoding are sensitive to channel state information (CSI) inaccuracy. This paper considers a more practical design called per user unitary and rate control (PU2RC), which has been proposed for emerging cellular standards. PU2RC supports multiuser simultaneous transmission, enables limited feedback, and is capable of exploiting multiuser diversity. Its key feature is an orthogonal beamforming (or precoding) constraint, where each user selects a beamformer (or precoder) from a codebook of multiple orthonormal bases. In this paper, the asymptotic throughput scaling laws for PU2RC with a large user pool are derived for different regimes of the signal-to-noise ratio (SNR). In the multiuser interference-limited regime, the throughput of PU2RC is shown to logarithmically scale with the number of users. In the normal SNR and noise-limited regimes, the throughput is found to scale double logarithmically with the number of users and linearly with the number of antennas at the base station. In addition, numerical results show that PU2RC achieves higher throughput and is more robust against CSI quantization errors than the popular alternative of zero-forcing beamforming if the number of users is sufficiently large.     

基于环签名思想的一种类群签名方案

 群签名方案存在着管理员权利过大的缺点,而环签名方案又无法追踪签名人的身份,本文利用环签名的思想提出的一个新的类似群签名的匿名签名方案解决了这一矛盾.和已有的群签名方案相比,该方案因保留了环签名的部分特性而具有如下优点:(1)管理员的权限得到了限制,他必须和签名接收方合作才能共同追踪签名者的身份;(2)签名者可以灵活地、主动地选择匿名范围,即他可以任意选取d个合法的公钥说明自己在其中;(3)用户加入和撤销特别方便,管理员仅需在公告牌上公布和删除该成员的相关数据.