基于身份的同时生效签密体制研究

签密体制能够在一个逻辑步骤内完成数字签名和加密两项功能。某些场合下,通信双方存在利益冲突,同时生效签名体制可以在不需要可信第三方的条件下提供签名交换的公平性。基于此,该文提出同时生效签密概念及其安全模型,并利用双线性对建立了一个基于身份的同时生效签密方案,证明了在BDH问题及Co-CDH是困难的假设下,方案是安全的。     

一个无条件匿名的签密算法

匿名技术在隐私保护中具有广泛应用,而签密可以在一个逻辑步骤内同时完成数字签名和公钥 加密两项功能,其代价显著低于常规“先签名再加密”方法的代价.目前的签密算法中,签密人的具体身份是公开的.该文基于Diffie-Hellman密钥交换协议和匿名签名的思想,在不可分模型下提出了一个无法追踪签密人身份的无条件匿名签密算法,并证明了该算法的正确性和安全性.     

基于身份的多重签密方案

本文利用椭圆曲线上的双线性对提出一个新的基于身份的多重签密方案，解决以前的传统证书式多重签密方案的证书管理，传递等繁琐问题．并进行了安全性分析，在BDH问题是困难的假设下方案是安全的．签密能够在一个逻辑步骤内同时完成保密和认证两项功能，而其计算量和通信成本都要低于传统的“先签名后加密”，在电子商务等方向有很好的应用前景。     

标准模型下多个PKG的基于身份广义签密

广义签密是指除了能实现签密功能,还可单独实现加密和认证功能的密码机制。该文定义了不同PKG环境下基于身份的广义签密方案较为全面的安全模型,并提出一个具体方案,进而在标准模型下证明了方案的安全性。和已有的不同PKG环境下基于身份签密方案相比,文中方案的效率较高,且应用范围更为广泛。     

一个动态门限的基于属性签密方案

签密能同时实现加密与签名,并且代价小于传统的先签名再加密。该文在Li等人(2010)签名方案的基础上提出了一个动态门限的基于属性签密方案,除具有一般签密方案的保密性和认证性外,还同时具有签密者属性隐私安全性和多接收者特性。在随机预言机模型下,利用判定双线性Diffie-Hellman (DBDH)问题和计算Diffie- Hellman (CDH)问题的困难性,证明了该方案满足在适应性选择密文攻击下的不可区分性及适应性选择消息下的不可伪造性。     

基于身份签密的安全通信系统

基于身份签密的体制能在一个逻辑步骤内完成加密和签名的功能,其通信成本和计算量都比传统先加密后签名的方案小。利用Ben Lynn的PBC库以及李发根等提出的基于身份签密的算法,实现了用户间的安全通信。该系统较当前提出的基于IBE的安全通信系统操作更为简便,安全性更高。     

一个高效的基于身份和RSA的紧致多重数字签名方案

紧致多重数字签名是指多个用户对同一个消息进行多重签名,所得多重签名的长度和单个用户签名的长度相当。该文提出一个高效的基于身份和RSA的紧致多重签名方案。签名和验证的效率比Bellare和Neven的多重签名方案提高了接近50%,多重签名的长度和单个RSA签名长度相当,因为使用了基于身份的公钥密码,新方案很好地实现了多重签名的紧致性目标。在随机预言模型和RSA假设下证明了方案的安全性。     

基于ABE-IBS的无线传感器网络签名加密一体化方法

为了提高无线传感器网络加密与签名的安全性与效率,结合椭圆曲线上双线性对的基于身份的签名体制(IBS),提出了基于属性的加密和基于身份的签名一体化(ABE-IBS)方法和一个有效的无线传感器网络签密方案,分析与实验结果表明,提出的方案复杂性和存储要求低、效率高,能增强无线传感器网络的安全性.     

对一个基于身份签密方案的分析与改

基于身份的签密方案计算开销小,密钥管理简单,适用于保证信息的保密性和认证性。Zhang等提出了一个高效的基于身份签密方案,并在随机预言模型下证明了该方案的安全性。通过分析发现Zhang等的签密方案存在缺陷,针对缺陷提出了相应的改进方案,并且基于随机预言模型证明了新方案的安全性。理论分析和实验仿真证明,所提方案计算复杂度低,适合于实际应用。     

适于车载网安全通信的高效签密方案

针对车载自组织网络的特点,该文利用双线性对提出了一个新的基于身份的签密方案,并在随机预言模型中给出了安全性证明.在假设Bilinear Diffie-Hellman问题是困难的条件下,该方案被证明是安全的.与已有的基于身份的签密方案相比,该方案计算量和传输代价小,适合用于车载网安全通信.     

一种新的基于身份的门限签名方案

 门限签名能够分散签名权力,比普通单人签名具有更高的安全性.目前大多数门限签名都是随机预言模型下可证明安全的.本文利用椭圆曲线上的双线性对,以Paterson签名方案为基础,提出了一种无随机预言的基于身份的门限签名方案.该方案需要一个可信任的私钥生成中心来生成和管理私钥.在标准模型下对该方案进行了安全性证明,表明该方案是健壮的,并且能够抵抗适应性选择消息攻击.     

Identity-based threshold signature and mediated proxy signature schemes

Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation .     

Adaptively secure hierarchical identity-based signature in the standard model

Hierarchical identity-based signature(HIBS)has wide applications in the large network. However, the existing works cannot solve the trade-off between the security and efficiency. The main challenge at present is to construct a high efficient and strong secret HIBS with a low computation cost. In this paper, a new construction of HIBS scheme is proposed. The new scheme achieves the adaptive security which is a strong security in the identity-based cryptography. But our scheme has short public parameters and the private keys size shrinks as the hierarchy depth increases. The signature size is a constant and the cost of verification only requires four bilinear pairings, which are independent of hierarchy depth. Furthermore, under the q-strong computational diffie-Hellman problem(q-SDH)assumption, the scheme is provably secure against existential forgery for adaptive chosen message and identity attack in the standard model.     

Identity-based multisignature and aggregate signature schemes from m-torsion groups

I. Introduction A multisignature allows any subgroup of a given group of potential signers to jointly sign a message such that a verifier is convinced that each member of the subgroup participated in signing. An aggre-gate signature, recently proposed by Boneh et al.[1], however, is a scheme that allows n members of a given group of potential signers to sign n different messages and all these signatures can be aggregated into a single signature. This single signature will convince the verifie…     

一种标准模型下无证书签名方案的安全性分析与改进

无证书签名具有基于身份密码体制和传统公钥密码体制的优点，可解决复杂的公钥证书管理和密钥托管问题.Wu和Jing提出了一种强不可伪造的无证书签名方案，其安全性不依赖于理想的随机预言机.针对该方案的安全性，提出了两类伪造攻击.分析结果表明，该方案无法实现强不可伪造性，并在"malicious-but-passive"的密钥生成中心攻击下也是不安全的.为了提升该方案的安全性，设计了一个改进的无证书签名方案.在标准模型中证明了改进的方案对于适应性选择消息攻击是强不可伪造的，还能抵抗恶意的密钥生成中心攻击.此外，改进的方案具有较低的计算开销和较短的私钥长度，可应用于区块链、车联网、无线体域网等领域.     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

Pairing-Free ID-Based Key-Insulated Signature Scheme

Without the assumption that the private keys are kept secure perfectly, cryptographic primitives cannot be deployed in the insecure environments where the key leakage is inevitable. In order to reduce the damage caused by the key exposure in the identity-based (ID-based) signature scenarios efficiently, we propose an ID-based key-insulated signature scheme in this paper, which eliminates the expensive bilinear pairing operations. Compared with the previous work, our scheme minimizes the computation cost without any extra cost. Under the discrete logarithm (DL) assumption, a security proof of our scheme in the random oracle model has also been given.     

A Confidential Non-Interactive Origin-Guarantee Message Transfer Scheme with Uniqueness

A biometric identity-based signcryption scheme is presented, which combines signature and encryption. In the proposed scheme, biometric information is used to construct the private key to ensure uniqueness, and a user's identity is the corresponding public key to make the message transfer non-interactive. The proposed scheme is shown to provide confidentiality and unforgeability in the random oracle model.     

Certificateless Signcryption in the Standard Model

Signcryption can realize encryption and signature simultaneously with lower computational costs and communicational overheads than those of the traditional sign-then-encrypt approach. Certificateless cryptosystem solves the key escrow problem in the identity-based cryptosystem and simplifies the public key management in the traditional public key cryptosystem. There have been some certificateless signcryption schemes proposed in the standard model up to now, but all of them are just proposed in a weaker Type I security model, which is weaker than the original security model of Barbosa and Farshim, who proposed the first certificateless signcryption scheme. In this paper, we propose a certificateless signcryption scheme in the standard model by using bilinear pairings, which is Type I secure in the original security model of Barbosa and Farshim and can resist the malicious-but-passive key generation center Type II attack. The proposed scheme is proved confidential assuming the modified decisional bilinear Diffie–Hellman (M-DBDH) problem is hard, and unforgeable assuming the square computational Diffie–Hellman (Squ-CDH) problem is hard. At last, we evaluate its efficiency which shows it is of high efficiency.     

Revocable identity-based proxy re-signature scheme in the standard model

User revocation is necessary to the practical application of identity-based proxy re-signature scheme.To solve the problem that the existing identity-based proxy re-signature schemes cannot provide revocation functionality,the notion of revocable identity-based proxy re-signature was introduced.Furthermore,the formal definition and security model of revocable identity-based proxy re-signature were presented.Based on proxy re-signature scheme and binary tree structure,a revocable identity-based proxy re-signature scheme was proposed.In the proposed,scheme,the user's signing key consists of two parts,a secret key and an update key.The secret key transmitted over the secure channel is fixed,but the update key broadcasted by the public channel is periodically changed.Only the user who has not been revoked can obtain the update key,and then randomize the secret key and update the key to generate the corresponding signature key of the current time period.In the standard model,the proposed scheme is proved to be existentially unforgeable against adaptive chosen-identity and chosen-message attacks.In addition,the proposed scheme has properties of bidirectionality and multi-use,and can resist signing key exposure attacks.The analysis results show that the proposed scheme can efficiently revoke the user and update the user’s key,and thus it has good scalability.