基于双秘钥的高强度公钥密码体制的研究

该文研究双秘钥公开钥密码体制,它不同于一般的只有一个秘密密钥的公开钥密钥体制,而是使用两个秘密密钥。要攻破它必须同时解决两个数学难题(素因子分解和求离散对数),从而大大增加了破译难度。     

两个高效无证书签名方案的替换公钥攻击

对新近提出的两个高效无证书签名方案进行安全性分析,指出这两个签名方案都能受到替换公钥攻击。任意攻击者都可以通过替换签名人的公钥从而达到对任意选择的消息成功伪造签名,分析这两个签名方案能受到替换公钥攻击的根本原因。最后通过这两个攻击总结分析了无证书签名方案设计过程需要注意的要点,这对无证书签名方案的设计具有借鉴意义。     

基于5F-L序列类EIGamal公钥密码体制和数字签名

对一类特殊五阶Fibonacci-Lucas序列及其性质进行深入研究,并以五阶Fibonacci-Lucas序列来替代Lucas序列和三阶Fibonacci-Lucas序列,提出基于五阶Fibonacci-Lucas序列类EIGamal的5FLELG公钥密码体制和数字签名方案,验证其正确性和有效性,给出序列项计算方法,并分析体制的安全性和效率.     

Efficient identity-based GQ multisignatures

ISO/IEC 14888 specifies a variety of digital signature mechanisms to sign messages of arbitrary length. These schemes can be applied to provide entity authentication, data origin authentication, non-repudiation, and data integrity verification. ISO/IEC 14888 consists of three parts under the general title Information technology—Security techniques—Digital signatures. Part II, or ISO/IEC 14888-2 specifies the general structure and the fundamental procedures for the generation and verification of an identity-based signature (IBS) mechanism for messages of arbitrary length. Particularly, the IBS scheme of Guillou and Quisquater (GQ) is described in Clauses 6–8. In this paper, an efficient identity-based multisignature (IBMS) scheme is proposed for the GQ IBS scheme, which allows multiple users using the ISO/IEC 14888-2 standard GQ scheme to generate multisignatures. The scheme is efficient in the sense that both the length and the verification time of the multisignatures are fixed. The proposed ID-based multisignature scheme is also secure against forgeability under adaptive chosen-message attack and adaptive chosen-identity attack in random oracle model.     

角色访问控制在PKI中的实现

PKI是一个主要使用公钥密码算法来实现数据的机密性、完整性和防抵赖性的基础设施服务。访问控制的目的是要处理计算机和通信系统中的非授权信息。文章介绍了特权管理基础结构中的角色模型,并设计了角色属性中心,通过它对角色属性证书的管理实现了在PKI中的基于角色的访问控制模型,并分析比较了该模型与传统的访问控制模型的优缺点。     

收方不可否认的数字签名

本文针对通用数字签名存在着收方可能否认收到报文的不足之处，在详细分析讨论通用数字签名过程的基础上，提出了一种收方不可否认的数字签名方法。该方法采用传统密钥加密的算法与公开密钥加密的算法相结合的密码体制，科学地实现了收方不可否认的数字签名     

也谈高强度公钥密码体制的研究

文章对刊载于《计算机工程与应用》2003年第3期、题名为“基于双密钥的高强度公钥密码体制的研究”的文章进行了分析,指出该文提出的将RSA和Elgamal串起来用的公钥密码体制不能增加安全强度。同时,文章阐述了目前公钥密码体制的安全现状和今后的研究方向。     

A self-verification authentication mechanism for mobile satellite communication systems

In order to provide an opportunity to make personal communication as broad as possible, mobile satellite communication systems have recently drawn much attention. However, any communication system raises two major challenging issues: (1) how to determine whether actors are whom they claim to be; and (2) how to protect data against unauthorized disclosure. Although the secret-key cryptosystem (SKC) and the public-key cryptosystem (PKC) have been developed to provide well-defined security services to address these issues each has serous drawbacks while SKC-based authentication schemes have the common demerit that the server which maintains the secret-key table becomes an attractive target for numerous intrusions, PKC-based schemes suffer from the expensive complexity of the public-key infrastructure (PKI) and a high computation overhead. Therefore, in this paper, a self-verification authentication mechanism with lower computation and key management cost is introduced.     

Computing Prime Factorization And Discrete Logarithms: From Index Calculus To Xedni Calculus

The integer factorization problem (IFP), the finite field discrete logarithm problem (DLP) and the elliptic curve discrete logarithm problem (ECDLP) are essentially the only three mathematical problems that the practical public-key cryptographic systems are based on. For example, the most famous RSA cryptosystem is based on IFP, the US government's Digital Signature Standard, DSS, is based on DLP, whereas the ECC (Elliptic Curve Cryptography) and Elliptic Curve Digital Signature Algorithm (ECDSA) are based on ECDLP. The security of such cryptographic systems relies on the computational intractability of these three mathematical problems. In this paper, we shall present a survey of various methods for solving the IFP/DLP and particularly the ECDLP problems. More specifically, we shall first discuss how the index calculus as well as quantum algorithms can be used to solve IFP/DLP. Then we shall show why the index calculus cannot be used to solve ECDLP. Finally, we shall introduce a new method, xedni calculus , due to Joseph Silverman, for attack ECDLP; some open problems and new research directions, will also be addressed.     

对一种基于公钥加密算法的组密钥管理方案的密码分析

组播为组通信提供一个可扩展的解决方案，而组密钥管理是安全组通信最重要的组成部分。Chaddoud和Varadharajan在安全特定源组播体系结构中利用Yi，Varadharajan和Zhao的分布式公钥加密算法提出了一种信道密钥管理方案。我们首先论证在该算法中使用强的单向散列函数不仅是不必要的，而且诱发敌手利用剩余类环中的零因子对其发起一种被动攻击。其次通过重新配置系统参数，改进后的G算法既能提高抵抗零因子攻击的能力，又能保持理想的语意特性。然后对其方案中组管理者使用的加密密钥进行了简化计算，并分析了其方案不适用于大型安全组通信的原因。