一个新的具有指定接收者(t,n)门限签名加密方案

提出了一个具有指定接收考验证的签名加密方案。该方案是数字签名与公钥密码体制的有机集成。与普通数字签名方案相比，除了具有认证性、数据完整性外还具有保密性和接收方的隐私性。然后又利用门限方案首次构造了一个（t,n)门限签名加密方案。该(t,n)门限签名方案具有数据传输安全、顽健性、通信代价更小、执行效率更高等特点。     

Arithmetic operations inGF(2 m )

This article is concerned with various arithmetic operations inGF(2 ^m ). In particular we discuss techniques for computing multiplicative inverses and doing exponentiation. The method used for exponentiation is highly suited to parallel computation. All methods achieve much of their efficiency from exploiting a normal basis representation in the field.     

基于有限非阿贝尔群的密钥交换

从一般线性群GL（n,F）和对称群Sn上的困难问题出发,构造了几个密钥交换算法,新算法具有更高的效率.同时,指出基于一般线性群的密钥交换算法的安全性直接依赖于广义矩阵覆盖问题,基于对称群的密钥交换协议的安全性直接依赖于置换群上的共轭问题.     

New privilege-based visual cryptography with arbitrary privilege levels

Recently, Hou et al. introduced a novel (2, n) privilege-based visual cryptography scheme (PVCS) with various privilege levels of shadow images. In this scheme, a shadow with a higher privilege contributes more recovered information, while a lower privileged shadow has the less recovery capability. Moreover, the visual quality of stacked result depends on the total sum of privilege levels for all involved shadows in reconstruction. Unfortunately, the PVC scheme has the inconsistency of the contrast of recovered image and the sum of privilege levels. Accordingly, an enhanced Hou et al.’s (2, n)-PVC scheme (EPVCS) is proposed to solve this inconsistency problem. However, the EPVCS is not a general solution to implement all PVCSs with arbitrary privilege levels, and it also has the unequal whiteness of shadows. In this paper, we first extend Hou et al.’s (2, n)-EPVCS with a correct privilege levels achieving the consistency of the contrast and the sum of privilege levels. Then we construct a (2, n)-PVCS to allow arbitrary privilege levels and provide the equal whiteness for each shadow.     

基于TCM的安全Windows平台设计与实现

为了解决Windows系统的完整性度量与证明问题,提出了一种基于可信密码模块TCM (trusted cryptography module)的安全Windows平台方案。通过扩展Windows内核实现了2种安全模式：在度量模式下,所有加载的可执行程序都会被度量,度量值由TCM提供保护和对外认证;在管控模式下,度量值会进一步与管理员定制的白名单进行匹配,禁止所有不在白名单中的程序执行。实验分析表明,该方案可以增强Windows系统的安全性,抵抗一些软件攻击行为;同时,系统平均性能消耗在20~30 ms之间,不会影响Windows的正常运行。     

DWB-AES:基于AES的动态白盒实现方法

物联网设备因资源受限,需要兼具安全性、灵活性的轻量级密码模块保障安全,白盒密码能够满足物联网设备的安全需求.在常见的白盒密码实现方法中,往往密钥和查找表是绑定的,因此每次更换密钥都需要重新生成并更换查找表,这在实际应用中不够灵活.为了解决该问题,提出了一种基于AES的动态白盒实现方法,即DWB-AES.该方法通过改变轮...     

实际量子密钥分配扩展BB84协议窃听下的安全性分析

考虑强衰减激光脉冲技术实现的准单光子源和量子信道损耗以及窃听者Eve窃听能力有限等实际情况, 提出了一种窃听装置;同时对扩展BB84协议的各种窃听做了全面分析,计算得出发送者Alice/窃听者Eve所获得的交互信息量和发送者Alice/接收者Bob所能容忍的误码率上限,以此作为检测量子信道安全性的标准,同时得出Breidbart基/分束攻击相结合的方法是比截取/重发更为有效的窃听方案.     

一种基于身份的多信任域网格认证模型

分析了现有的网格认证框架中存在的问题,提出了一种基于身份的多信任域网格认证模型.该模型以基于身份的PKI为基础,避免了基于传统PKI的认证框架的诸多缺点.同时,该模型提供了跨信任域的双向实体认证功能.模拟试验表明,该认证模型比基于传统PKI的认证框架更轻量、更高效.而且由于该模型可以在多信任域的环境下工作,故而比W Mao提出的只能在单一信任域中工作的认证框架更符合网格认证的实际需要.     

Certificateless signature and proxy signature schemes from bilinear pairings

Due to avoiding the inherent escrow of identity-based cryptography and yet not requiring certificates to guarantee the authenticity of public keys, certificateless public key cryptography has received a significant attention. Due to various applications of bilinear pairings in cryptography, numerous pairing-based encryption schemes, signature schemes, and other cryptographic primitives have been proposed. In this paper, a new certificateless signature scheme based on bilinear pairings is presented. The signing algorithm of the proposed scheme is very simple and does not require any pairing computation. Combining our signature scheme with certificateless public key cryptography yields a complete solution of certificateless public key system. As an application of the proposed signature scheme, a certificateless proxy signature scheme is also presented. We analyze both schemes from security point of view.__________Published in Lietuvos Matematikos Rinkinys, Vol. 45, No. 1, pp. 95–103, January–March, 2005.