可证安全的传统公钥密码-无证书公钥密码异构聚合签密方案

异构签密可以保证异构密码系统之间数据的机密性和不可伪造性。分析现有的异构签密方案,发现它们只针对单个消息,无法实现批验证。聚合签密能够把不同用户对多个消息产生的签密密文同时发送给接收者,而且可以提供批量验证,降低验证开销。该文提出一个传统公钥密码-无证书公钥密码异构聚合签密方案,该方案不仅能够保证传统公钥密码(TPKI)和无证书公钥密码(CLPKC)系统间通信的机密性和认证性,而且聚合验证时不需要双线性对。在随机预言模型下,基于间隙双线性Diffie-Hellman困难问题、计算Diffie-Hellman困难问题和离散对数问题,证明该方案满足自适应性选择密文攻击下的不可区分性和自适应选择消息下的不可伪造性。     

一种可证安全的PKI和IBC双向匿名异构签密方案的改进

异构签密可以保证异构密码系统之间数据的机密性和不可伪造性。该文分析了一个传统公钥密码(PKI)和身份密码(IBC)之间的PKI→IBC和IBC→PKI双向匿名异构签密方案的安全性,指出PKI→IBC方案和IBC→PKI方案均不能抵挡敌手攻击,敌手在获取密文前提下均可解密密文。为了增强安全性,该文提出一个改进的PKI→IBC和IBC→PKI方案,并在随机预言模型下基于计算性Diffie-Hellman困难问题和双线性Diffie-Hellman困难问题证明新方案满足机密性与不可伪造性。同时效率分析表明,所提方案具有更高的通信效率。     

匿名CLPKC-TPKI异构签密方案

异构签密可以保证不同公钥密码系统之间数据传输的机密性和不可伪造性。本文定义了从无证书公钥密码环境到传统公钥密码环境（CLPKC→TPKI）异构签密方案的形式化模型,并利用双线性对提出了一个CLPKC→TPKI异构签密方案。在随机预言模型下,基于计算Diffie-Hellman和修改逆计算Diffie-Hellman困难假设,证明方案满足内部安全的机密性和不可伪造性。同时,方案满足密文匿名性,可以有效地保护收发双方的身份隐私。方案使用不同的密码系统参数,更接近于实际应用环境。与已有异构签密方案相比,方案的效率较高,适合于收发双方身份保密和带宽受限的应用需求。     

一种异构混合群组签密方案的安全性分析与改进

异构混合群组签密不仅能够解决不同密码体制下数据传输的机密性和不可伪造性,而且还能对任意长度的数据进行加密。该文首先分析了一种异构密码体制下混合群组签密方案的安全性,指出该方案不满足正确性、机密性和不可伪造性。并提出了一种新的高效异构混合群组签密方案。其次在随机预言机模型下证明了该方案是安全的。最后效率分析表明,该方案在实现原方案所有的功能的基础上同时降低了计算代价。     

基于异构密码系统的混合群组签密方案

群组签密既能实现群组签名,又能实现群组加密,但是现有的群组签密方案的发送者和接收者基本上在同一个密码系统中,不能满足现实环境的需求,而且基本上采用的是公钥加密技术,公钥加密技术在加密长消息时效率较低。因此该文提出由基于身份的密码体制(IBC)到无证书密码体制(CLC)的异构密码系统的混合群组签密方案。在该方案中,私钥生成器(PKG)和密钥生成中心(KGC)能够分别在IBC密码体制和CLC密码体制中产生自己的系统主密钥;而且群组成员只有协作才能解签密,提高了方案的安全性;同时在无需更换群组公钥和其他成员私钥的情况下,用户可以动态地加入该群组。所提方案采用了混合签密,具有可加密任意长消息的能力。在随机预言模型下,证明了该文方案在计算Diffie-hellman困难问题下具有保密性和不可伪造性。通过理论和数值实验分析表明该方案具有更高的效率和可行性。     

具有内部安全性的常数对无证书聚合签密方案

聚合签密不仅能够减少密文的验证计算量,而且能够保证数据的机密性和认证性。该文分析刘等人(2016)提出的无证书聚合签密(CLASC)方案,指出第2类攻击者可以伪造密文,刘方案不满足适应性选择密文攻击的不可区分性和适应性选择消息攻击的不可伪造性。为了提升CLASC方案的安全级别和聚合验证效率,该文提出CLASC的内部安全模型和具有内部安全性的CLASC方案。该方案聚合验证密文只需要3个双线性对,与现有同类方案相比,具有较高的验证效率。基于计算Diffie-Hellman困难假设,证明新方案在随机预言模型下,满足CLASC内部安全模型下的机密性和不可伪造性。     

可证安全的紧致无证书聚合签密方案

无证书聚合签密不仅可以保证信息传输的机密性和认证性,还可以降低密文的验证和通信开销。分析现有无证书聚合签密方案,发现它们的计算效率普遍较低。该文提出一个紧致的无证书聚合签密方案,方案聚合验证密文信息需要的双线性对个数固定,并且与签密用户个数无关。与已有无证书聚合签密方案相比,新方案减少了双线性对运算个数,提高了聚合验证效率。同时,在随机预言模型下,基于双线性Diffie-Hellman困难问题和计算Diffie-Hellman困难问题,证明方案满足机密性和不可伪造性。     

无证书密文等值测试签密方案

在云计算应用中,确保消息的机密性和不可伪造性,同时判断不同密文对应明文的等价性显得至关重要。具有密文等值测试功能的签密方案可以实现此类安全目标。该文基于无证书公钥密码环境,设计了一个具有密文等值测试功能的无证书签密方案(CLSCET)。首先,提出了无证书密文等值测试签密方案的框架和安全模型,定义了两类具有不同攻击能力的敌手和3类安全目标。然后构造了具体的无证书密文等值测试签密方案,并分析了方案的正确性。最后,基于随机预言模型,证明该文方案满足选择密文攻击下的单向性(OW-CCA)、选择密文攻击下的不可区分性(IND-CCA2)和选择消息攻击下的不可伪造性(EUF-CMA)安全。与现有近似方案相比,该文方案满足IND-CCA2的机密性、EUF-CMA的不可伪造性和OW-CCA的密文单向性。     

无证书密文等值测试签密方案

在云计算应用中,确保消息的机密性和不可伪造性,同时判断不同密文对应明文的等价性显得至关重要.具有密文等值测试功能的签密方案可以实现此类安全目标.该文基于无证书公钥密码环境,设计了一个具有密文等值测试功能的无证书签密方案(CLSCET).首先,提出了无证书密文等值测试签密方案的框架和安全模型,定义了两类具有不同攻击能力的敌手和3类安全目标.然后构造了具体的无证书密文等值测试签密方案,并分析了方案的正确性.最后,基于随机预言模型,证明该文方案满足选择密文攻击下的单向性(OW-CCA)、选择密文攻击下的不可区分性(IND-CCA2)和选择消息攻击下的不可伪造性(EUF-CMA)安全.与现有近似方案相比,该文方案满足IND-CCA2的机密性、EUF-CMA的不可伪造性和OW-CCA的密文单向性.     

医疗社交网络中基于云计算的属性基签密方案

移动医疗社交网络的出现为患者之间互相交流病情提供了极大的便利,促进了患者之间高效、高质量的沟通与交流,但与此同时也产生了患者数据的保密性和隐私性问题。针对此问题,该文提出一种基于云计算的属性基签密方案,能够有效地保护患者数据的隐私性。患者将自己的病情信息签密后上传至云服务器,当数据用户要访问患者的信息时,云服务器帮助数据用户进行部分解密并验证数据的完整性,这在一定程度上减少了数据用户的计算量。同时,在随机预言机模型下,证明了该方案满足选择消息攻击下的不可伪造性、选择密文攻击下的不可区分性以及属性隐私安全性。理论分析和数值模拟实验结果表明,该方案在签密和解签密阶段比现存的方案有更高的效率。     

Certificateless Signcryption in the Standard Model

Signcryption can realize encryption and signature simultaneously with lower computational costs and communicational overheads than those of the traditional sign-then-encrypt approach. Certificateless cryptosystem solves the key escrow problem in the identity-based cryptosystem and simplifies the public key management in the traditional public key cryptosystem. There have been some certificateless signcryption schemes proposed in the standard model up to now, but all of them are just proposed in a weaker Type I security model, which is weaker than the original security model of Barbosa and Farshim, who proposed the first certificateless signcryption scheme. In this paper, we propose a certificateless signcryption scheme in the standard model by using bilinear pairings, which is Type I secure in the original security model of Barbosa and Farshim and can resist the malicious-but-passive key generation center Type II attack. The proposed scheme is proved confidential assuming the modified decisional bilinear Diffie–Hellman (M-DBDH) problem is hard, and unforgeable assuming the square computational Diffie–Hellman (Squ-CDH) problem is hard. At last, we evaluate its efficiency which shows it is of high efficiency.     

A new group-oriented publicly veriablethreshold signcryption scheme

Through cryptanalysis of the improved scheme of a generalized group-oriented threshold signcryption schemes, it is found that the improved scheme can effectively resist conspiracy attack and forgery attack, but does not have semantic security and public verification function, and sends threshold signcryption by the secret secure channel, which increases the communication costs and potential safety hazards of the system. A new group-oriented publicly verifiable threshold signcryption scheme is proposed on the basis of the improved scheme, the new scheme overcomes the drawbacks of the improved scheme, which not only provides with semantic security and public verification function, but also can send threshold signcryption by the public channel.     

Two-way and anonymous heterogeneous signcryption scheme between PKI and IBC

Exiting heterogeneous signcryption schemes which were between public key infrastructure (PKI) and identity-based cryptosystem (IBC) have some limitations.A new heterogeneous signcryption scheme between PKI and IBC was proposed.In the random oracle mode,the scheme ensured confidentiality and unforgeability on the basis of the assumption of computational Diffie-Hellman problem (CDHP),q-Diffie-Hellman inversion problem (q-DHIP) and bilinear Diffie-Hellman problem (BDHP).Simultaneously,the proposed scheme guaranteed unconnectedness and anonymity of the ciphertext.Compared with other heterogeneous schemes,the scheme achieved two-way signcryption,and it generated parameters without restrict,which was suitable for actual situations.Simulation tests show that proposed scheme is feasible.     

Identity‐and‐data privacy forward security public auditing protocol in the standard model

To ensure the intactness of the stored data in cloud, numerous data public auditing mechanisms have been presented. However, most of these existing solutions suffer from several flaws: (a) identity privacy and data privacy of data owner are inevitably revealed to the auditor in the auditing process; (b) the existing public auditing mechanisms with resisting key exposure are only proved in the random oracle model. To address the problems above, in this paper, we propose an achieving identity‐and‐data privacy public auditing protocol with forward security in the standard model by incorporating knowledge proof signature, ring signature, and forward security technique. And then, we formalize the security model of forward security and anonymity of identity, in which the adversary is allowed to query private keys of some ring members. It can provide stronger security. Thus, our proposed scheme can not only achieve data owner's identity privacy and data privacy but also provide forward security for data owner's secret key. To the best of our knowledge, it is the first preserving privacy of identity‐and‐data public auditing scheme with forward security that is provably secure in the standard model. The security of the scheme is related to the computational Diffie–Hellman (CDH) problem and the subgroup decision problem. Finally, our scheme is simulatively tested; experimental results demonstrate that our mechanism is very efficient in terms of overall performance.     

对一个匿名多接收者签密方案的安全性分析与改进

2011年,庞等人利用拉格朗日插值多项式方法构造了一个新的基于身份的多接收者匿名签密方案,并声称在其方案中任何攻击者或合法接收者都无法获取其他合法接收者的身份信息,从而能够保护接收者隐私.本文对庞等人的多接收者签密方案进行安全性分析,发现其方案中任何接收者对于其他接收者都无法实现匿名.同时,本文在其方案基础上进行改进,提出了一种改进方案,以弥补其安全缺陷.最后在随机预言模型下,对改进方案的正确性和接收者匿名性进行了证明.     

New certificateless aggregate signature scheme with universal designated verifier

Certificateless aggregate signature(CLAS) schemes with universal designated verifier had been widely applied in resource-constrained wireless mobile networks,because they could not only solve the problems of the certificate management and private key escrow,but also realize batch validation and the signer’s privacy protection.A security analysis for a certificateless aggregate signature scheme with universal designated verifier was firstly provided,and two attack methods to demonstrate that their scheme was forgeable was presented.To enhance security,a new certificateless aggregate signature scheme with universal designated verifier was proposed,and then the security of the scheme in the random oracle model was proved.The performance of our proposed scheme was finally evaluated.Compared with the original scheme,the pvoposed scheme fixes the security flaws and the total computational cost is greatly reduced.