一种基于身份私钥的秘密共享方案

基于双线性对的门限密码体制过度依赖双线性对结构,而双线性对计算复杂度较高,严重影响秘密共享方案的效率。为此,提出利用Shamir门限共享方案实现双线性对群元素门限分享的新方案,借助整数秘密共享方案间接地实现基于身份私钥的分配。分析结果表明,该方案仅需2次双线性对计算,为设计高效的基于身份的门限密码体制奠定了基础。     

基于群签名的安全电子拍卖方案

针对双线性映射的群签名方案问题,为提高拍卖效率及安全性,提出了一个新的基于群签名的安全电子拍卖方案。以双线性映射为工具,引入矢量空间秘密共享技术和阈下通道技术。采用矢量空间秘密共享机制保证投标者对所投价位的匿名性;通过阈下通道实现确认中标者的打开过程。分析表明方案在相同安全性的要求下,签名的公钥长度是独立的,且签名长度较短,适合于分布式大规模的网上拍卖,实验证明是一个安全有效的电子拍卖方案。     

Password hardened fuzzy vault for fingerprint authentication system

The present work attempts to build a bio-cryptographic system that combines transformed minutiae pairwise feature and user-generated password fuzzy vault. The fingerprint fuzzy vault is based on a new minutiae pairwise structure, which overcomes the fingerprint feature publication while the secret binary vault code is generated according to the fingerprint fuzzy vault result. The authentication process involves two stages: fuzzy vault matching and secret vault code validation. Our minutiae pairwise transformation produces different templates thus resolving the problem of cross matching attacks in fingerprint fuzzy vault. So, the original fingerprint template cannot be recreated because it is protected by the key generated from the user password. In addition, the proposed bio-cryptographic system ensures an acceptable security level for user authentication.     

标准模型下高效的门限签名方案

为了提高门限签名方案的计算效率,结合Gennaro等(GENNARO R, JAREAKI S, KRAWCZYK H, et al. Secure distributed key generation for discrete-log based cryptosystem. Journal of Cryptology, 2007, 20(1): 51-83)的分布式密钥生成协议和谷科等(谷科,贾维嘉,姜春林.高效安全的基于身份的签名方案.软件学报,2011,22(6):1350-1360)的签名方案,在标准模型下利用双线性对技术构造了一个新的门限签名方案。所提方案没有可信的密钥份额分发中心,每个参与者都可以验证一些必要信息,从而避免了恶意私钥生成中心攻击和公钥份额代换攻击。通过与现有类似的两个门限签名方案对比表明,所提方案减少了双线性对运算,提高了计算效率。     

可保证临时秘密泄漏安全的无证书签密方案

为了确保无证书签密方案能实现临时秘密泄漏安全性,提出了一种新的无需对运算的无证书签密方案.新签密方案将用户部分私钥、用户私有秘密和签密临时秘密分别对应到求解3个不同的CDH (computational Diffie-Hellman)问题,并采用散列函数将用户密钥、临时秘密和密文与用户身份绑定.表明了新方案不仅能实现数据的认证性、机密性,还能确保临时秘密泄漏安全性.对比分析结果表明,新方案的安全性更高,计算性能更优.此外,文中还指出文献[3]中签密方案不能抵抗临时秘密泄露攻击.     

An efficient identity-based key exchange protocol with KGS forward secrecy for low-power devices

For an ID-based key exchange (KE) protocol, KGS forward secrecy is about the protection of previously established session keys after the master secret key of the Key Generation Server (KGS) is compromised. This is the strongest notion of forward secrecy that one can provide for an ID-based KE protocol. Among all the comparable protocols, there are only a few of them that provide this level of forward secrecy, and all of these protocols require expensive bilinear pairing operations and map-to-point hash operations that may not be suitable for implementation on low-power devices such as sensors. In this paper, we propose a new ID-based KE protocol which does not need any pairing or map-to-point hash operations. It also supports the strongest KGS forward secrecy. On its performance, we show that it is faster than previously proposed protocols in this category. Our protocol is a signature-based one, in which the signature scheme is a variant of a scheme proposed by Bellare et al. in Eurocrypt 2004. We show that the variant we proposed is secure, and also requires either less storage space or runtime computation than the original scheme.     

一种DCT域稳健的彩色图像隐藏方法*

基于YCbCr色彩系统,提出了一种稳健的DCT域彩色图像隐藏方法,可以将一幅彩色图像隐藏在另一幅公开的彩色载体图像中,并与JPEG压缩标准相兼容。在嵌入过程中,通过对彩色图像各分量值进行合理分配和标志性嵌入,可以有效地克服DCT域秘密图像提取时的严重失真问题;并根据HVS特征和模糊理论对DCT图像块进行模糊分类,实现嵌入强度的自适应变化。实验结果表明,提出的方法对嵌入过程中产生的噪声具有很强的稳健性,恢复的秘密图像的像素值最大失真误差在±1之内,在保证隐秘图像视觉质量的前提下,载体图像具有较大的数据隐藏量。     

Efficient identity-based threshold decryption scheme from bilinear pairings

Using Shamir’s secret sharing scheme to indirectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and prove its security in the random oracle model. This new paring-based scheme features a few improvements compared with other schemes in the literature. The two most noticeable features are its efficiency, by drastically reducing the number of pairing computations, and the ability it gives the user to share the identity-based private key without requiring any access to a private key generator. With the ability it gives the user to share the identity-based private key, our ID-based threshold decryption (IBTD) scheme, the second of its kind, is significantly more efficient than the first scheme, which was developed by Baek and Zheng, at the expense of a slightly increased ciphertext length. In fact, our IBTD scheme tries to use as few bilinear pairings as possible, especially without depending on the suite of Baek–Zheng secret sharing tools based on pairings.     

基于Euler准测的前向安全的数字签名方案

利用椭圆曲线上Weil配对的双线性性质和Euler准测,提出一种具有前向安全性的数字签名方案.该方案能保证即使当前的签名密钥泄漏,攻击者也无法伪造前阶段的签名密钥和数字签名,并对其进行了安全性分析.     

基于双线性对的Chameleon签名方案

Chameleon签名方案是一种利用Hash-and-Sign模式的非交互签名方案,并且具有不可转移性,只有指定的接收者才可以确信签名的有效性.利用双线性对提出了一种新的Chameleon Hash函数,并在此基础上构建了相应的基于身份的Chameleon签名方案.与传统的Chameleon Hash函数相比,该方案中的Hash函数公钥所有者无须获取相应私钥,除非它企图伪造签名.该方案不但具有通常Chameleon签名方案的所有特点,而且具有基于身份密码系统的诸多优点.     

一个基于ID的可删除群签名方案*

在第三方不可信任的情况下,传统的ID签名系统不适用于安全的群签名.给出一个安全的基于ID的群签名方案,即使在KGC不可信的情况下也能保证其安全性,而且该方案可以安全地增加或删除群成员而不需要改变其他有效群成员密钥和群公开密钥.同时,密钥长度及签名长度与群成员的多少无关.     

Cost Effective Decentralized Key Management Framework for IoT

Security is a primary concern in communication for reliable transfer of information between the authenticated members, which becomes more complex in a network of Internet of Things (IoT). To provide security for group communication a key management scheme incorporating Bilinear pairing technique with Multicast and Unicast key management protocol (BMU-IOT) for decentralized networks has been proposed. The first part of the proposed work is to divide the network into clusters where sensors are connected to and is administered by cluster head. Each sensor securely shares its secret keys with the cluster head using unicast. Based on these decryption keys, the cluster head generates a common encryption key using bilinear pairing. Any sensor in the subgroup can decrypt the message, which is encrypted by the common encryption key. The remaining part focuses to reduce communication, computation and storage costs of the proposed framework and the resilience against various attacks. The implementation is carried out and results are compared with the existing schemes that have given considerably better results. Thus, the lightweight devices of IoT can provide efficiency and security by reducing their overhead in terms of complexity.     

基于Fuzzy Vault方案的指纹细节特征加密

指出了现有指纹Fuzzy Vault方法用于加密长度较短的密钥时安全性不足的问题,并基于Fuzzy Vault方案,提出了一种指纹细节特征加密方法.首先指定Fuzzy Vault编码多项式的幂次,并根据指定幂次对加密密钥进行处理和隐藏.通过这种处理,避开了现有方法中密钥长度决定Fuzzy Vault编码多项式幂次的弊端,解除了现有方法加密长度较短的密钥时所存在的安全隐患.     

矢量空间秘密共享群签名的研究

矢量空间秘密共享群签名是群签名的推广,只有授权子集中的群成员才能代表群产生签名,签名是匿名的,并且在发生争执时可以揭示签名者身份。该文首先分析了马春波等提出的群签名方案的安全性,指出它是可伪造的、可链接的、可陷害的;然后,基于矢量空间秘密共享和双线性映射,提出一个新的群签名方案,新方案解决了马春波等方案中存在的问题,并且简单高效,是一个实用的群签名方案。     

一种基于MPEG音频编码的隐写算法

为了解决在压缩音频中实现高透明性、大容量信息隐藏的问题,提出了一种新的基于MPEG音频编码的盲检测隐写算法,首先通过对可变长码字(VLC)配对,实现对原始码字空间的扩展,然后利用码字映射规则完成秘密信息的嵌入.该算法能够保持隐写前后的压缩音频文件大小不变,隐写过程中不需要对MPEG音频进行完全解码.实验结果表明,所提出算法计算复杂度低,同时可获得较高的隐藏容量和良好的不可感知性.     

基于双线性对的动态广义秘密共享方案

利用双线性对构建了一个具有广义接入结构的高效的多秘密共享方案。每个参与者的私钥作为其子秘密,秘密分发者和参与者之间无需维护安全信道。方案能够动态地增加或删除成员,而其他成员无需重新选择子秘密,减少了方案实施的代价。分析表明,该方案是正确的,能防止参与者之间相互欺骗攻击,且参与者的子秘密可复用。     

基于身份和Weil对的聚合签名方案

提出了一种基于身份和Weil对的聚合签名方案。方案中密钥生成中心负责系统公、私钥的生成,消息的分配和签名者公、私钥的生成。签名者是具有某种特殊身份的个体,并且这种身份是唯一的,这一身份是签名者从密钥生成中心获得签名私钥的唯一凭证。每个签名者只负责对某一段消息的签名,总的签名由签名聚合者结合每位签名者的单个签名生成。这样就避免了暴露整个消息给所有的签名者,这一特性在某些对消息保密要求性较高的场合得以广泛应用。该方案在签名时用到了双线性映射,从而减少了验证时的对运算。     

自选子密钥的可验证广义秘密共享方案

在现有自选子密钥的可验证秘密共享方案中,门限接入结构假定各参与者具有完全平等的地位,这在多数情况下难以满足。为此,基于双线性映射提出一种自选子密钥的可验证广义秘密共享方案。该方案适用于一般接入结构,参与者可同时共享多个秘密,且子密钥可被多次重复使用。分析结果表明,该方案具有正确性和安全性。     

Two-party secure connection in Bluetooth-enabled devices

Secure Simple Pairing, a Bluetooth-pairing protocol, suffers from passive off-line and active online-guessing attack. These assaults are a direct result of the shortcomings in Bluetooth specification. Bluetooth technology uses the principles of device inquiry and inquiry scan. Scanning devices listen in on known frequencies for devices that are actively inquiring. If two Bluetooth devices know absolutely nothing about each other, one must run an inquiry to try to discover the other. One device sends out the inquiry request, and any device listening for such a request will respond with its address, and possibly its name, Input/Output capability and other information. Before connection, each device knows the address, their name, their capability, Quality-of-Service, etc. During pairing, Man-In-The-Middle attacker may capture all the information of connecting devices and impersonate them. This paper introduces the security augmentation in Bluetooth pairing by postponing exchange of Input-Output capability and other information like Quality-of-Service until it is essentially required and by casing the link key with a pair of Elliptic Curve Diffie-Hellman keys. Consequently, this leads to increased pairing time. Yet, we overlooked the increased pairing time, as the proposed Bluetooth-pairing protocol improves security by strengthening the link key.     

基于双线性对的动态门限多秘密共享方案

为解决当前许多门限秘密共享方案都是基于RSA密码体制和门限值是不变性的不足,分析了一些其他文献的多秘密共享方案,提出了一个基于椭圆曲线的双线性对动态门限多秘密共享方案.通过一个多项式实现动态门限的多秘密共享,并利用双线性对对参与者身份进行验证,所以能在任何场合中确保秘密安全,而无需安全通道,具有高效性,减少通信量,并且能有效地防止欺骗行为.同时,该方案能够定时地更新共享的秘密,增加了安全性.分析结果表明了该方案的高效性和安全性.