Protecting against key-exposure: strongly key-insulated encryption with optimal threshold

Key-insulated encryption schemes use a combination of key splitting and key evolution to protect against key exposure. Existing schemes, however scale poorly, having cost proportional to the number t of time periods that may be compromised by the adversary, and thus are practical only for small values of t. Yet in practice t might be large. This paper presents a strongly key-insulated encryption scheme with optimal threshold. In our scheme, t need not be known in advance and can be as large as one less than the total number of periods, yet the cost of the scheme is not impacted. This brings key-insulated encryption closer to practice. Our scheme is based on the Boneh-Franklin identity-based encryption (IBE) scheme [9], and exploits algebraic properties of the latter. Another contribution of this paper is to show that (not strongly) key-insulated encryption with optimal threshold and allowing random-access key updates (which our scheme and all others known allow) is equivalent to a restricted form of IBE. This means that the connection between key-insulated encryption and IBE is not accidental. Supported in part by NSF grants CCR-0098123, ANR-0129617 and CCR-0208842, and by an IBM Faculty Partnership Development Award. Supported in part by an NSF graduate fellowship.     

ID-based threshold decryption secure against adaptive chosen-ciphertext attack

This paper proposes an identity-based threshold decryption scheme IB-ThDec and reduces its security to the Bilinear Diffie-Hellman problem. Compared with previous work, this conceals two pairing computations in the ciphertext validity verification procedure. The formal proof of security of this scheme is provided in the random oracle model. Additionally, we show that IB-ThDec can be applied to the threshold key escrow and the mediated cryptosystems.     

基于身份加密体系IBE的软件实现

在可实现的基于身份加密体系IBE(Identity-Based Encryption)中,椭圆曲线上的双线性对可用于IBE加解密算法的构造。目前尚无关于IBE加密体系软件实现中Tate对的计算及化简的研究。针对这一事实,提出一种基于软件实现的IBE体系架构。从算法层次深入研究了BF-IBE加密方案的加解密流程以及椭圆曲线上双线性对Tate对的计算方法,完成了BF-IBE中Tate对的化简,在Windows VC++6.0软件环境下实现了IBE加解密运算。     

标准模型下基于身份的签密密钥封装

针对随机预言模型下的签密密钥封装机制依赖现实世界无法实现的随机预言假设的问题,提出在标准模型下可证明安全的基于身份签密密钥封装机制(IBSC-KEM)。新提出的IBSC-KEM方案基于一种受到广泛研究的身份加密机制,在标准模型下被规约为求解q-ABDHE问题和判定性q-ABDHE问题,具有机密性和不可伪造性。新方案主要计算开销为5次群G上的指数运算、3次群GT上的指数运算和3次双线性对运算,与类似的签密方案比较,计算开销较低。此外,新方案还具有公开可验证性,适用于构建安全的端到端传输。     

基于身份的跨信任域签密方案

实际网络环境尤其是未来异构网络融合环境中,各个信任域大多都是独立的自治域,使用不同的系统参数.为此提出了一种新的基于身份的跨信任域签密方案,该方案对PKG系统参数不作限制,各PKG可以使用完全不同的系统公开参数、不同的主密钥和公钥.并且在该签密协议的基础上给出了会话密钥的生成方法.在随机预言模型中给出了安全性证明,在BDH问题是困难的的假设下该协议是安全的,其满足机密性、不可伪造性、不可否认性和公开验证性.在与其他跨信任域签密方案计算开销相当的情况下,该方案不仅实现了跨信任域签密,而且对各PKG参数不作限制.     

无线传感器网络上基于Tate对的身份认证方案设计与实现

身份密码学已在安全认证中得到了较广泛的应用。双线性对是近几年发展起来的一个构造密码体制的重要工具。在研究双线性对构造密码体制的基础上,提出了一个基于ID的标准身份认证方案。该方案在被动攻击下可防止冒充,同时在性能上比较高效。在TinyOS的传感器网络环境下实现了该身份认证方案。仿真结果证明该认证方案有效可行。     

一种安全有效的基于身份的聚合签名方案

聚合签名是一种将n个来自于n不同签名者对n个不同消息m的签名聚合成一个单一签名的数字签名技术。利用双线性对技术,提出了一种有效的基于身份的聚合签名方案。同已有的基于身份的聚合签名方案相比,该方案在签名验证方面具有较低的计算成本。最后利用计算Diffie-Hellman问题的困难性在随机预言模型下证明了该方案在适应性选择消息和身份攻击下的不可伪造性。     

标准模型下可证安全的多身份单密钥解密方案

多身份单密钥解密方案是基于身份加密方案的一个变体,用户的一个解密密钥可以对应于多个公钥(身份),即单一的密钥可以解密多个不同公钥加密下的密文。在双线性对,提出标准模型下可证安全的多身份单密钥解密方案。在判定性q-TBDHE假设下,证明了所提方案在适应性选择密文和身份攻击下是不可区分的。     

基于身份的电子印章设计与实现

随着办公自动化的发展,电子文档逐渐取代了传统的纸制文档。电子印章可以有效保障企业办公自动化中电子文档的安全性。在分析现有电子印章的签名方案的基础上,提出基于身份的电子印章的设计方法,给出基于身份电子印章系统的构架和相应的签名算法。最后指出该方法安全性以及特点。     

Efficient identity-based GQ multisignatures

ISO/IEC 14888 specifies a variety of digital signature mechanisms to sign messages of arbitrary length. These schemes can be applied to provide entity authentication, data origin authentication, non-repudiation, and data integrity verification. ISO/IEC 14888 consists of three parts under the general title Information technology—Security techniques—Digital signatures. Part II, or ISO/IEC 14888-2 specifies the general structure and the fundamental procedures for the generation and verification of an identity-based signature (IBS) mechanism for messages of arbitrary length. Particularly, the IBS scheme of Guillou and Quisquater (GQ) is described in Clauses 6–8. In this paper, an efficient identity-based multisignature (IBMS) scheme is proposed for the GQ IBS scheme, which allows multiple users using the ISO/IEC 14888-2 standard GQ scheme to generate multisignatures. The scheme is efficient in the sense that both the length and the verification time of the multisignatures are fixed. The proposed ID-based multisignature scheme is also secure against forgeability under adaptive chosen-message attack and adaptive chosen-identity attack in random oracle model.