How to signcrypt a message to designated group

In an open network environment, the protection of group communication is a crucial problem. In this article, a novel broadcast group-oriented signcryption scheme is presented for group communication scenarios in distributed networks. Anyone in this scheme can signcrypt a message and distribute it to a designated group, and any member in the receiving group can unsigncrypt the ciphertext. The ciphertext and public key in the scheme are of constant size. In addition, this new scheme offers public verification of the ciphertext. This property is very important to the large-scale group communication since the gateway can filter the incorrect ciphertext and alleviate the receiver's workload. Finally, a proof in the random oracle model is given to show that the scheme is secure against chosen ciphertext attack and existential forgery.     

签密的仲裁安全与仲裁安全的签密方案

签密能高效地同时完成数据加密与认证,可用于设计紧凑的安全通信协议.签密中的仲裁机制用于保护签密的不可抵赖性,但同时用于仲裁的信息可能危及协议安全.本文指出签密仲裁中存在仲裁者解密攻击和仲裁机制无法保护明文完整性两种安全隐患,归纳其原因并指出解决方法.提出一个可安全仲裁的安全混合签密方案SASC,并在随机预言机模型下证明SASC方案具有IND-CCA2和UF-CMA安全性;SASC基于明文仲裁,不仅能维护明完整性而且能抵抗仲裁者解密攻击.SASC方案不增加计算量和通信量,且对明文的长度没有限制.     

标准模型下几个签密方案的密码学分析

针对5个文献中所提出的标准模型下的签密方案进行了安全性分析.指出它们或者存在恶意但被动的KGC(Key generation center)攻击、或者存在内部攻击者的保密性攻击、或者存在内部攻击者的伪造性攻击、或者存在选择明文攻击.通过这些攻击,攻击者或者可以伪造一个签密文、或者可以破坏方案的保密性.最后表明要设计标准模型下安全的签密方案仍然是一个值得研究的问题.     

标准模型下基于身份的混淆乐观公平交换方案

为防止签名验证者利用部分签名取得不公平的优势,Huang等人提出混淆乐观公平交换（Ambiguous Optimistic Fair Exchange,AOFE）方案及其一般构造方法,但是其构造方法没有考虑真实的用户环境.在基于IBC（Identity-Based Cryptography）的用户环境下,文章提出基于身份的混淆乐观公平交换（ID-AOFE）方案构造方法、方案实例、及其选择身份安全模型.提出的ID-AOFE构造方法对Huang等人的AOFE方案进行了简化,采用具有信息提取功能的证据不可区分证明算法替换原方案模型中的基于标签加解密和零知识证明算法.ID-AOFE安全模型以Huang等人的AOFE安全模型为基础,融合了选择身份安全模型,并对ID-AOFE方案的安全性进行了归纳和重新定义.在选择身份安全模型下,提出的ID-AOFE方案实例的公平性被规约到经典密码原语的安全性.此外,文章探讨了ID-AOFE方案的消息交互模型,就争端解决的方案和过程进行了重点分析.     

Provable security signcryption scheme based on RLWE without trapdoor

In view of the existing efficiency and security problems of lattice based signcryption,with the ABB16’s signature scheme ring-TESLA,a signcryption scheme without trapdoor named RLWE-SC was constructed,which achieved indistinguish ability against adaptive chosen cipher text attack (IND-CCA2) security and strongly existential unforgeability against chosen message attack (SUF-CMA) security respectively in terms of confidentiality and authentication based on the problem of learning with errors on ring.The size of the public and private keys was optimized by the construction on the ring.The complex trapdoor generation and preimage sample calculation was avoided by the structure without trapdoor.Efficiency analysis and experiment shows that RLWE-SC has better computational and communication performance than other similar lattice-based signcryption schemes with the same security strength.     

一种NTRU格上基于身份全同态加密体制设计

全同态加密可以用来解决云计算环境中的隐私保护问题,然而现有体制具有系统参数大、效率低的缺点.针对现有攻击技术,首先设计了一种高效的NTRU格上的基于身份公钥加密体制,无需借助额外的安全性假设,具有更高的安全性和更小的系统参数.之后,基于近似特征向量技术,构造了一种高效的全同态加密转化方式.通过将以上两种方法结合,给出了一种高效的基于身份全同态加密体制.和现有体制相比,除了不需要计算密钥、实现了真正意义上的基于身份特性以外,还减小了密钥、密文尺寸,提高了计算和传输效率.     

格上基于身份的增量签名方案

将基于身份的密码学思想应用于增量签名中,提出了基于身份的增量签名概念,并基于格上困难问题设计了一种基于身份的增量签名方案.在标准的小整数解困难假设下,所提方案在标准模型下满足适应性选择身份和选择消息攻击下的不可伪造性.理论分析和实验结果表明,所提增量签名算法比标准签名算法具有更高的计算效率.     

一个采用分段验证签密隐蔽路由的设计与实现

在公开的计算机网络中采用隐蔽路由网络连接,任何隐蔽网络的用户只能获得与其直接连接的前序和后继节点的地址,使得攻击者既不能窃听到机密,也不能实施流量分析.现有的隐蔽路由方案或采用原子签名和加密,或采用嵌套加密和签名,即洋葱路由,本文应用分段验证签密的方法提出了一个新的隐蔽路由实现方案,该方案用签密代替现有方案中先签名再加密两步常规密码方法,减少协议的计算和通信量,提高了执行效率,并包容了两种方法各自具有的优点.最后分析了方案的安全性.     

一种基于身份签名的快速垂直切换认证机制研究

无缝垂直切换是异构无线网络融合的关键技术。通过分析垂直切换的执行过程,指出切换重认证所带来的长时延和分组丢失是影响切换性能的重要因素。对比分析了现有的几种重认证解决方案,指出了各种方案的利弊。最后,从统一认证的理念出发,权衡重认证的安全性和切换效率,提出了一种基于身份签名的快速重认证方案。该方案仅需移动节点保持一套认证信息,并与认证服务器交互一次就可完成双向认证,大大缩减了切换时延,提高了切换效率。     

Revocable identity-based proxy re-signature scheme in the standard model

User revocation is necessary to the practical application of identity-based proxy re-signature scheme.To solve the problem that the existing identity-based proxy re-signature schemes cannot provide revocation functionality,the notion of revocable identity-based proxy re-signature was introduced.Furthermore,the formal definition and security model of revocable identity-based proxy re-signature were presented.Based on proxy re-signature scheme and binary tree structure,a revocable identity-based proxy re-signature scheme was proposed.In the proposed,scheme,the user's signing key consists of two parts,a secret key and an update key.The secret key transmitted over the secure channel is fixed,but the update key broadcasted by the public channel is periodically changed.Only the user who has not been revoked can obtain the update key,and then randomize the secret key and update the key to generate the corresponding signature key of the current time period.In the standard model,the proposed scheme is proved to be existentially unforgeable against adaptive chosen-identity and chosen-message attacks.In addition,the proposed scheme has properties of bidirectionality and multi-use,and can resist signing key exposure attacks.The analysis results show that the proposed scheme can efficiently revoke the user and update the user’s key,and thus it has good scalability.