一种加强的基于中国剩余定理的群签名

陈泽文等在2004年提出了基于中国剩余定理的群签名方案。该方案在加入或撤销群成员时其他群成员密钥和群公钥的长度保持不变,从而解决了撤销群成员的困难,提供了一种效率高和计算复杂度小的群签名方案。从该方案的研究中发现其基于RSA算法的方案不具有防陷害性和不可伪造性的特征。因此,参照ElGamal的算法,提出了一种加强的基于中国剩余定理群签名的新方案。在新方案中,保证了原有算法在加入和撤销成员具有高效性的同时,进一步改进了陈方案的不足,不再要求可信的群中心,并且群成员也分担了群中心的工作量,使系统更具有实效性。     

FI05群签名方案中一种新的成员撤销方案

在FI05群签名的基础上,提出了一个新的成员撤销方案。该方案是利用一个新的动态累加器来实现的。累加器的安全性是基于椭圆曲线离散对数问题,并已被证明。撤销一个成员和更新证据所花费的代价比以前的累加器更小,而且证明了新的群签名的安全性。     

一种新型的撤销成员的无加密短群签名方案

针对撤销成员的群签名中如何降低群成员的计算量、缩短签名长度等问题,提出了一种新型的撤销成员的无加密短群签名方案,并证明了其安全性。基于XDDH,LRSW和SDLP假设,通过将有效期属性编入签名钥来实现成员的有效撤销;为了提高签名的效率,没有使用加密算法,而是采用签名随机化的方法来保持签名者的匿名性。在成员的通信和计算开销方面,本撤销方案比以往撤销方案有很大的优势,成员可以错过任意多次更新,签名时只需下载最新更新值即可,群公钥保持不变,签名和验证的计算开销与撤销成员数无关,签名长度仅为1195bits。     

一个群签名方案的安全性分析与改进

最近陈少真等人提出了一种具有前向安全和有效撤销成员性质的群签名方案,该方案通过在签名中增加一个验证取消展示实现对成员的撤销。分析了陈方案设计的缺陷,给出了一种改进的成员撤销算法。在强RSA和离散对数假设下,证明了改进方案的有效性和安全性。     

高效可撤销成员的不可链接的群盲签名方案

在ACJT方案的基础上实现了一成员可撤销的群盲签名方案。借鉴陈的成员撤销思想,对签名过程进行了改进,将原方案的两个零知识证明减少为一个,减少了模指数运算,缩短了签名长度,同时将C．Popescu的群盲签名思想加入到签名过程中,使改进的成员可撤销的群签名增加了盲性,改进后同时解决了C.Popescu提出的群盲签名方案可链接性的缺陷。实现的成员可撤销的不可链接的群盲签名方案,可应用于多银行电子现金系统中,用来实现成员可撤销的多银行电子现金系统,使电子现金系统更接近现实金融系统。     

层次撤销群签名:概念与构建

群签名是具有中心地位的密码系统,其中一个重要的问题是成员撤销.支持更多方式撤销的群签名方案能使群签名应用于更多的场合和领域;提出一种可层次撤销的群签名方案的概念,即不仅支持普通的VLR撤销某个群成员,还支持撤销某个小组、大组等等的层次撤销;与普通的VLR撤销相比在撤销一组多人时效率从O(R)(R为撤销人数)提高到了O(1);并基于RSA假设和多项式构建出了一个具体的层次撤销群签名方案,构建方法具有独立的意义可用于其他密码系统的构建.     

基于椭圆曲线群签名方案的多银行电子现金系统

电子现金系统是一种非常重要的电子支付方式,如何通过群签名确保电子现金系统的安全、高效支付一直是国内外研究的重点.对已提出的椭圆曲线群签名方案进行改进,解决原方案中存在的一个安全问题,并给出成员撤销算法,最后基于改进后的群签名方案提出一个多银行电子现金系统,该系统能够防止用户篡改电子现金的金额、防止敲诈、洗钱和非法购买,同时可以撤销成员的匿名性并灵活地实现成员撤销.     

格上高效的完全动态群签名方案

为降低完全动态群签名加入和撤销机制的复杂性,将动态群签名思想引入NGUYEN等人提出的格上群签名方案,提出一种改进的完全动态群签名方案。在改进方案中,用户产生自己的签名密钥而不是由群管理员产生,当用户加入群时,群管理员验证用户身份并为其颁发证书,用户成为群成员后用自己的签名密钥和证书进行签名。若群成员有不合法行为或想退群,则群管理员和群成员均可执行群成员的撤销操作,使群成员退出该群。由于方案中群成员的签名密钥由自己生成,因此能够抵抗群管理员的陷害攻击。在随机预言模型下,基于错误学习问题和非齐次小整数解问题证明改进方案的安全性。分析结果表明,该方案能够减少加入和撤销机制的计算代价,且密钥长度和签名长度与群成员数量无关,适用于大群组的签名系统。     

ACJT群签名方案中一种新的成员撤销方案*

在ACJT群签名方案的基础上,提出一个新的成员撤销方案.新方案中群公钥的大小仅取决于群中成员的个数,不会随着撤销成员的增加而无限增大.增加或撤销一个成员,群管理者只需作乘法或除法运算来更新群公钥,签名和验证过程更简单,而且证明了新方案的安全性.     

一种多安全策略的群签名方案

提出了一种多安全策略的群签名体制.方案不仅具有前向安全性,能减小因为群成员的密钥暴露后所带来的不安全性,使群成员在密钥暴露前的签名仍然有效;同时还能有效地防止群成员的超前签名行为,任何群成员不能合法地提供出加入群之前的时间段的签名.方案有效地支持了群成员的撒销功能,一旦某个成员被撤销,这个成员就无法再代表群进行签名,而在撤销之前时间段的签名仍保持有效.签名具有可追踪性,一旦有签名发生争执,群管理员可以打开签名,确定签名者的身份,而除群管理员外的任何其他成员都无法打开签名.并且没有常用前向安全群签名方案中时间段的限制,避免了时间段到期后的系统重置.     

Tailoring consistency in group membership for mobile networks

Mobility and intermittent connectivity inject inaccuracy in determining group membership and exacerbate the time required to agree on the current group membership. In this paper, we present a group membership service based on partial member connectivity that allows members to agree on a shared approximation of the group membership based on local neighborhood connectivity. In particular, the consistency needs provided by the application determine the degree of consistency of the membership service and allow the membership service to tailor the neighborhood service in terms of fidelity ratio and time detection period.     

From set membership to group membership: a separation of concerns

We revisit the well-known group membership problem and show how it can be considered a special case of a simple problem, the set membership problem. In the set membership problem, processes maintain a set whose elements are drawn from an arbitrary universe: They can request the addition or removal of elements to/from that set, and they agree on the current value of the set. Group membership corresponds to the special case where the elements of the set happen to be processes. We exploit this new way of looking at group membership to give a simple and succinct specification of this problem and to outline a simple implementation approach based on the state machine paradigm. This treatment of group membership separates several issues that are often mixed in existing specifications and/or implementations of group membership. We believe that this separation of concerns greatly simplifies the understanding of this problem.     

Attribute-based on-demand multicast group setup with membership anonymity

In many applications, it is desired to dynamically establish temporary multicast groups for secure message delivery. It is also often the case that the group membership information itself is sensitive and needs to be well protected. However, existing solutions either fail to address the issue of membership anonymity or do not scale well for dynamically established groups. In this paper, we propose a highly scalable solution for dynamical multicast group setup with group membership anonymity. In the proposed solution, scalability and membership anonymity are achieved via a novel design that integrates techniques such as ciphertext-policy attribute-based encryption (CP-ABE). In our design, multicast groups are specified through group member attributes. As these attributes are potentially able to be shared by unlimited number of group members, our proposed scheme scales well. Also, high level of membership anonymity is guaranteed such that every group member knows nothing but his own group membership only. The complexity of our proposed scheme in terms of computational overhead and ciphertext size is O(n), where n is the number of attributes and independent to the group size.     

组通信系统中组成员关系服务的设计和实现

在组通信系统中，成员关系的维护是一个非常重要的模块，它保证消息的次序传递和虚同步。为了使一个组中节点的数目易于扩充，采用多播树的层次结构来组织节点；当成员关系发生变化时采用一种一致性算法使得视图达到一致。在此基础上设计和实现了一个有效的组成员关系服务模块。     

A secure group membership protocol

A group membership protocol enables processes in a distributed system to agree on a group of processes that are currently operational. Membership protocols are a core component of many distributed systems and have proved to be fundamental for maintaining availability and consistency in distributed applications. We present a membership protocol for asynchronous distributed systems that tolerates the malicious corruption of group members. Our protocol ensures that correct members control and consistently observe changes to the group membership, provided that in each instance of the group membership, fewer than one-third of the members are corrupted or fail benignly. The protocol has many potential applications in secure systems and, in particular, is a central component of a toolkit for constructing secure and fault-tolerant distributed services that we have implemented     

一种可扩展的移动Agent容错组管理机制

把组通信技术引入到移动代理系统中,对建立可靠的移动代理系统有着重要意义。容错组管理机制是组通信机制的重要组成部分。首先提出了组通信系统框架,并在此框架的基础上提出了Agent容错组管理机制,这种容错组管理机制保证了组成员管理的灵活性、可扩展性,并且保证了故障检测完整性、精确性和网络负载低的要求。     

移动因特网中的组成员管理

目前因特网技术和无线技术这两大热点技术结合成最新的一项网络技术——移动因特网计算。基于移动因特网的组成员管理面临新的挑战。组成员管理算法层出不穷,目的是为了简洁、有效地获得正确的组播组成员信息,提高组播通信的服务质量,同时提高网络的资源利用率。该文研究了不同种类的组成员管理,并进行了细致的分类,按各个类别的特点结合算法进行了分析。     

RMP：一种具有高可伸缩性的随机成员协议

针对组播通信协议中所使用的成员协议的伸缩性差的问题，提出了一种新的随机成员协议(RMP)。RMP通过使用随机的响应组成员的加入请求，建立一个每个节点仅仅维护logN个其它成员信息的连接图，并可以为可靠的报文扩散提供基础。文中对RMP的算法在数学上进行了分析，并通过仿真进行验证，结果表明，RMP是一种具有很强可伸缩性的成员协议。     

A group signature scheme with strong separability

Group signatures, introduced by Chaum and van Heijst, allow members of a group to sign messages anonymously on behalf of the group. Only a designated group manager is able to identify the group member who issued a given signature. Many applications of group signatures, for example, electronic market, require that the group manager can be split into a membership manager and a revocation manager. The former is responsible for adding new members to the group. The latter is responsible for opening signatures. Previously proposed group signatures schemes can only achieve a weak form of separability. That is, the revocation manager and the membership manager must work in concert to reveal the identity of the signer. In this paper, we propose a group signature scheme with strong separability in which the revocation manager can work without the involvement of the membership manager.     

Face membership authentication using SVM classification tree generated by membership-based LLE data partition

This paper presents a new membership authentication method by face classification using a support vector machine (SVM) classification tree, in which the size of membership group and the members in the membership group can be changed dynamically. Unlike our previous SVM ensemble-based method, which performed only one face classification in the whole feature space, the proposed method employed a divide and conquer strategy that first performs a recursive data partition by membership-based locally linear embedding (LLE) data clustering, then does the SVM classification in each partitioned feature subset. Our experimental results show that the proposed SVM tree not only keeps the good properties that the SVM ensemble method has, such as a good authentication accuracy and the robustness to the change of members, but also has a considerable improvement on the stability under the change of membership group size.