共查询到19条相似文献,搜索用时 765 毫秒
1.
为了构建一个较公钥基础设施(PKI)要求更为简单的公钥密码系统,Gentry提出了基于认证的公钥加密方案.在基于认证的公钥加密方案中,第三方对认证申请者的公钥或身份进行签名,并将该签名作为认证发送给申请者,申请者保留认证作为解密时的部分私钥.接收方对密文解密需要同时拥有第三方对其公钥的认证和接收方公钥对应的私钥,因而基于认证的加密方案同时具备基于身份加密方案中公钥的可认证性和传统公钥加密方案中私钥的免撤销性.基于Gentry身份加密算法提出一种高效、短公钥的基于认证的混合加密算法,新算法能在标准(非随机预言机)模型下被证明抗适应性选择密文攻击. 相似文献
2.
3.
标准模型下高效的基于口令认证密钥协商协议 总被引:1,自引:0,他引:1
基于口令的认证密钥协商协议是利用预先共享的口令协商安全性较高的密钥。现有的基于口令认证密钥协商协议大多需要较大的计算量,或者只在随机预言模型下证明了协议的安全性。该文提出了新的标准模型下基于口令密钥协商协议,协议只需要一个生成元。 与其它标准模型下的协议相比,新协议不需要CPA或CCA2安全的加密方案,因而具有计算复杂度低和协议描述简单的特点。相对于殷胤等人在标准模型下可证安全的加密密钥协商协议一文中提出的协议,新协议将指数运算降低了64%。最后,基于DDH假设,在标准模型下证明了协议的安全性。 相似文献
4.
现有会话密钥可托管的ID-AKA(IDentity-based Authenticated Key Agreement)协议要么存在已知安全缺陷,要么是在随机预言模型下可证明安全.基于Boneh等人定义的安全陷门函数,提出一种会话密钥可托管的ID-AKA协议.在ID-BJM模型基础上,扩展定义了ID-AKA协议分析的标准安全模型.扩展模型将安全游戏划分为两个阶段,去除了随机预言机,能完备地模拟不同类型敌手的行为.在扩展模型下,新协议的安全性被规约为多项式时间敌手求解判定性BDH(Bilinear Diffie-Hellman)难题和判定性BDHI(Bilinear Diffie-Hellman Inversion)难题,具有可证明安全性. 相似文献
5.
6.
7.
8.
9.
针对已有的可证安全的前向安全公钥加密方案仅满足较弱的选择明文安全性,难以满足实际应用的安全需求这一问题,提出了一个新的前向安全公钥加密方案,基于判定性截断q-ABDHE问题的困难性,该方案在标准模型下被证明满足选择密文安全性。在该方案中,解密算法的计算代价和密文的长度独立于系统时间周期总数。对比分析表明,该方案的整体性能优于已有的前向安全公钥加密方案。 相似文献
10.
已有多重息票方案的弱点是缺乏支持用户根据需要选择最大兑换数量的高效协议.另一个缺陷是并不满足并发安全性.为了克服这些困难,提出两个并发安全的改进方案.第一个方案是利用关于两个被承诺值的知识证明和2轮并发零知识论证的Sigma协议编译器对底层的Blanton方案进行扩展得到的.第二个方案(即前一个方案的增强版本)利用直线提取技术实现了更为高效的安全性归约过程,并借助基于同态加密的非交互零知识论证避免了对随机预言机的使用.与其他的强不可分割的方案相比,第一个方案具有更高的通信效率,且第二个方案的安全性并不依赖于随机预言模型. 相似文献
11.
Victor Shoup 《Journal of Cryptology》2008,15(4):223-249
The OAEP encryption scheme was introduced by Bellare and Rogaway at Eurocrypt '94. It converts any trapdoor permutation scheme
into a public key encryption scheme. OAEP is widely believed to provide resistance against adaptive chosen ciphertext attack.
The main justification for this belief is a supposed proof of security in the random oracle model, assuming the underlying
trapdoor permutation scheme is one way.
This paper shows conclusively that this justification is invalid. First, it observes that there appears to be a non-trivial
gap in the OAEP security proof. Second, it proves that this gap cannot be filled, in the sense that there can be no standard
``black box' security reduction for OAEP. This is done by proving that there exists an oracle relative to which the general
OAEP scheme is insecure.
The paper also presents a new scheme OAEP+ , along with a complete proof of security in the random oracle model. OAEP+ is essentially just as efficient as OAEP.
It should be stressed that these results do not imply that a particular instantiation of OAEP, such as RSA-OAEP, is insecure.
They simply undermine the original justification for its security. In fact, it turns out—essentially by accident, rather than
by design—that RSA-OAEP is secure in the random oracle model; however, this fact relies on special algebraic properties of
the RSA function, and not on the security of the general OAEP scheme. 相似文献
12.
Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious
concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme,
secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not
enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions
of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext
attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods.
Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree
encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical
identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than
that achieved by some previous constructions in the random oracle model.) 相似文献
13.
RSA型加密系统(RSA加密系统及其改进系统的统称)至今仍然被广泛应用于许多注重电子数据安全的电子商务系统中.然而对现有的RSA型加密方案分析发现:(1)只有在随机谕言机模型下抗CCA2攻击的RSA型加密方案,还没有在标准模型下实现IND-CCA2安全的RSA型概率加密方案;(2)没有在标准模型下实现抗CPA且保持乘法同态性的RSA型同态加密方案,而同态性是实现安全多方计算和云计算安全服务的重要性质之一;(3)在实现密文不可区分方面,这些方案除HD-RSA外都是通过一个带hash的Feistel网络引入随机因子的,从而导致这些方案只能在随机谕言机模型下实现IND-CCA2安全.针对以上问题,本文在RSA加密系统的基础上,通过增加少量的有限域上的模指数运算,设计了一个标准模型下具有IND-CPA安全的RSA型概率同态加密方案和一个具有IND-CCA2安全的RSA型概率加密方案.这两个方案在实现密文不可区分时,都不再通过明文填充引入随机因子.此外,本文还提出一个RSA问题的变形问题(称作RSA判定性问题). 相似文献
14.
本文提出一种基于公钥密码体制(Number Theory Research Unit,NTRU)选择明文攻击(Chosen Plaintext Attack,CPA)可证明安全的全同态加密方案.首先,对NTRU的密钥生成算法进行改进,通过格上的高斯抽象算法生成密钥对,避免了有效的格攻击,同时,没有改变密钥的分布.然后,基于改进的NTRU加密算法,利用Flattening技术,构造了一个全同态加密体制,并在标准模型下证明方案是选择明文攻击不可区分性IND-CPA安全的. 相似文献
15.
16.
17.
18.
无证书体制下的多接收者签密密钥封装机制 总被引:1,自引:0,他引:1
无证书签密密钥封装机制(CLSC-KEM)与数据封装机制共同构成无证书混合签密方案。该文提出一个新的概念:无证书体制下的多接收者签密密钥封装机制(mCLSC-KEM)。给出了mCLSC-KEM的定义以及安全模型,并构造了一个具体的方案。该方案比一般性构造(对每个接收者分别运行CLSC-KEM)高效很多,其密钥封装仅需计算1个双线性对,且对应的数据封装仅需运行1次对称加密,而一般性构造需计算n个双线性对和n次数据封装(设n个接收者)。在随机预言模型下,基于Gap双线性Diffie-Hellman问题,该文的方案是可证明安全的。 相似文献
19.
To satisfy the requirements of identity authentication and data possession proven in the cloud application scenarios,a provable data possession scheme with authentication was proposed.Based on data tag signature and randomness reusing,the proposed scheme could accomplish several issues with three interactions,including the possession proof of cloud data,the mutual authentication between user and cloud computing server,the session key agreement and confirmation.Compared to the simple combination of authentication key agreement and provable data possession schemes,the proposed scheme has less computation and interactions,and better provable securities.In the random oracle model,the security proof of the proposed scheme is given under the computational Diffie-Hellman assumption. 相似文献