共查询到20条相似文献,搜索用时 15 毫秒
1.
Generic Certificateless Encryption Secure Against Malicious-but-Passive KGC Attacks in the Standard Model 总被引:1,自引:0,他引:1 
下载免费PDF全文
下载免费PDF全文 Despite the large number of certificateless encryption schemes proposed recently, many of them have been found insecure under
a practical attack, called malicious-but-passive KGC (Key Generation Center) attack. In this work we propose the first generic construction of certificateless encryption, which can be proven secure against malicious-but-passive KGC attacks in the standard
model. In order to encrypt a message of any length, we consider the KEM/DEM (key encapsulation mechanism/data encapsulation
mechanism) framework in the certificateless setting, and propose a generic construction of certificateless key encapsulation mechanism (CL-KEM) secure against malicious-but-passive KGC attacks in
the standard model. It is based on an identity-based KEM, a public key encryption and a message authentication code. The high
efficiency of our construction is due to the efficient implementations of these underlying building blocks, and is comparable
to Bentahar et al.’s CL-KEMs, which have only been proven secure under the random oracle model with no consideration of the malicious-but-passive
KGC attack. We also introduce the notion of certificateless tag-based KEM (CL-TKEM), which is an extension of Abe et al.’ s work to the certificateless setting. We show that an efficient CL-TKEM can be constructed by modifying our CL-KEM scheme.
We also show that with a CL-TKEM and a data encapsulation mechanism secure under our proposed security model, an efficient
certificateless hybrid encryption can be constructed by applying Abe et al.'s transformation in the certificateless setting. 相似文献
2.
Certificateless signcryption scheme in the standard model 总被引:6,自引:0,他引:6
Certificateless public key signcryption scheme is an important cryptographic primitive in cryptography. Barbosa and Farshim proposed a certificateless signcryption scheme. However, their construction is proven to be secure in the random oracle model but not the standard model, and the scheme is also vunlerable to the malicious-but-passive key generation center (KGC) attacks. To overcome these disadvantages, we introduce a formal security model for certificateless signcryption schemes secure against the malicious-but-passive KGC attacks and propose a novel certificateless signcryption scheme. The proposed certificateless signcryption scheme is proven to be IND-CCA2 secure under the decisional Bilinear Diffie-Hellman intractability assumption without using the random oracles. The proposed scheme is also proven to be existentially unforgeable under the computational Diffie-Hellman intractability assumptions. Furthermore, performance analysis shows that the proposed scheme is efficient and practical. 相似文献
3.
《Information Processing Letters》2014,114(9):492-499
Certificateless cryptography is an attractive paradigm, which combines the advantages of identity-based cryptography (without certificate) and traditional public key cryptography (no escrow). Recently, to solve the drawbacks of the existing certificateless signature (CL-S) schemes without random oracles, Yu et al. proposed a new CL-S scheme, which possesses several merits including shorter system parameters and higher computational efficiency than the previous schemes. However, in this work, we will point out that their CL-S scheme is insecure against key replacement attack and malicious-but-passive KGC attack. We further propose an improved scheme that overcomes the security flaws without affecting the merits of the original scheme. We prove that our scheme is existentially unforgeable against adaptive chosen message attacks under the computational Diffie–Hellman assumption in the standard model. 相似文献
4.
Certificateless signcryption is a useful primitive which simultaneously provides the functionalities of certificateless encryption and certificateless signature. Recently, Liu et al. [15] proposed a new certificateless signcryption scheme, and claimed that their scheme is provably secure without random oracles in a strengthened security model, where the malicious-but-passive KGC attack is considered. Unfortunately, by giving concrete attacks, we indicate that Liu et al. certificateless signcryption scheme is not secure in this strengthened security model. 相似文献
5.
证明La Rongbo等人的代理签名方案(Proc.of the 8th ACIS International Conference on SoRwam Engineering,Artificial Intelligence,Networking and Parallel/Distributed Computing,2007)不能抵抗替换公钥攻击和恶意但被动的密钥生成中心(KGC)攻击,普通攻击者可通过替换公钥伪造出有效的代理签名,KGC通过恶意但被动的KGC攻击可获得用户的私钥,从而能任意伪造出有效的代理签名。针对替换公钥攻击和KGC攻击,提出一个改进方案,新方案满足代理签名的安全性要求,能有效抵抗替换公钥攻击和恶意但被动的KGC攻击。 相似文献
6.
一种高效安全的无证书数字签名方案 总被引:3,自引:0,他引:3
无证书签名体制容易遭受公钥替换攻击,在很多已有的方案中,密钥生成中心(KGC)可假冒合法用户生成"有效"的公私钥对。在Gap Diffie-Hellman(GDH)群中,利用用户公钥和部分私钥"绑定"技术,提出了一种可追踪KGC假冒的无证书签名方案,在随机谕示模型下,给出了该方案的安全性分析。与同类方案相比,该方案具有较高的效率。 相似文献
7.
通过对一个标准模型下可证安全的无证书签名方案进行分析,指出该方案是不安全的。分析了一种针对该方案的公钥替换攻击和改进方案,说明该公钥替换攻击是一种平凡的伪造攻击,指出了这个改进方案也是不安全的。提出了一种新的密钥生成中心KGC攻击,即通用恶意KGC攻击,在这种攻击下,这两个无证书签名方案的KGC总是能够在系统参数生成阶段生成包含陷门信息的系统参数,利用这些参数,KGC不需要计算出用户的私钥就可以冒充任意系统用户对任意消息进行伪造签名。给出了攻击方法,并针对这种通用恶意KGC攻击提出了新的改进方案,使其能够抵抗这种攻击。 相似文献
8.
Kyu Young Choi Jong Hwan Park Dong Hoon Lee 《Computers & Mathematics with Applications》2011,61(7):1760-1768
Certificateless public key cryptography simplifies the complex certificate management in the traditional public key cryptography and resolves the key escrow problem in identity-based cryptography. In 2007, Huang et al. revisited the security models of certificateless signature scheme. They classified adversaries according to their attack power into normal, strong, and super adversaries (ordered by their attack power). Recently, Du and Wen proposed a short certificateless signature scheme and presented that their scheme is secure against the strong adversary in the random oracle model. In this paper, we show that their short signature scheme is insecure against the strong adversary. We then propose a new short certificateless signature scheme which is secure against the super adversary. Our scheme is the first certificateless signature scheme which satisfies both the strongest security level and the shortest signature length. 相似文献
9.
基于Al-Riyami框架的无证书签名(CLS)的安全性以密钥分发中心(KGC)不能实施公钥替换攻击为前提,存在能被KGC实施公钥替换攻击这一缺陷。给出公钥不可替换攻击无证书签名体制的定义,提出通过对用户的公钥签名来抵抗任何敌手(包括KGC)实施的公钥替换攻击,以将无证书签名的安全性提升到一个新的级别。基于Al-Riyami的方案给出了新方案的构造实例,基于随机预言机模型证明了公钥签名算法的安全性。该方案构造的对公钥的签名方法适用于所有基于Al-Riyami框架的双线性对无证书签名方案。 相似文献
10.
11.
对黄隽等人提出的无证书代理盲签名方案进行安全分析,指出该方案不仅不能抵抗公钥替换攻击,而且也不能抵抗恶意但被动的KGC的攻击,给出了具体的攻击方法。针对此方案的安全缺陷,提出一种改进方案,使得改进后的方案具有更高的安全性,并且改进后方案的效率与原方案相同。 相似文献
12.
Mingming JIANG Yupu HU Hao LEI Baocang WANG Qiqi LAI 《Frontiers of Computer Science》2014,8(5):828-836
Certificateless public key cryptography (CL-PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL-PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be certificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large integer factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate-less encryption scheme based on lattices, more precisely, using the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factorization and discrete logarithms, the most operations are matrixvector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model. 相似文献
13.
14.
15.
近期,Chen等人提出了无对运算的无证书签密方案,通过加解密双方私钥和公钥相结合生成密文加密密钥,并在随机预言机模型下证明了该方案满足适应性选择密文攻击下不可区分性和适应性选择消息攻击下不可伪造性。对Chen方案进行安全分析,发现其方案在选择明文攻击下存在密钥泄露和不能抵抗恶意KGC的不可伪造性攻击问题。由此,基于椭圆曲线群上计算性Diffie-Hellman问题和离散对数问题提出了新的无证书签密方案。新方案避免了原方案的密钥泄露等安全问题。在保证安全性的前提下,新方案运行效率未降低。 相似文献
16.
证明Lu Rongbo等人的代理签名方案(Proc. of the 8th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, 2007)不能抵抗替换公钥攻击和恶意但被动的密钥生成中心(KGC)攻击,普通攻击者可通过替换公钥伪造出有效的代理签名,KGC通过恶意但被动的KGC攻击可获得用户的私钥,从而能任意伪造出有效的代理签名.针对替换公钥攻击和KGC攻击,提出一个改进方案,新方案满足代理签名的安全性要求,能有效抵抗替换公钥攻击和恶意但被动的KGC攻击. 相似文献
17.
18.
宁多彪 《计算机工程与应用》2016,52(17):107-111
如何设计标准模型下满足适应性选择密文安全(IND-CCA2)的高效加密方案,是公钥密码学领域的一个重要研究课题。基于判定型双线性Diffie-Hellman问题,提出了一个高效、短公/私钥长度、强安全的,基于对称加密算法、消息认证码算法、密钥分割算法等基础算法的一次一密型混合加密方案,分析了方案的安全性和效率。方案在标准模型下被证明具有IND-CCA2安全性,支持公开的密文完整性验证,与同类方案相比计算效率高。 相似文献
19.
In this paper, we propose a new "full public verifiability" concept for hybrid public-key encryption schemes. We also present a new hybrid public-key encryption scheme that has this feature, which is based on the decisional bilinear Diffie-Hellman assumption. We have proven that the new hybrid public-key encryption scheme is secure against adaptive chosen ciphertext attack in the standard model. The "full public verifiability" feature means that the new scheme has a shorter ciphertext and reduces the security requirements of the symmetric encryption scheme. Therefore, our new scheme does not need any message authentication code, even when the one-time symmetric encryption scheme is passive attacks secure. Compared with all existing publickey encryption schemes that are secure to the adaptive chosen ciphertext attack, our new scheme has a shorter ciphertext, efficient tight security reduction, and fewer requirements (if the symmetric encryption scheme can resist passive attacks). 相似文献
20.
现在许多无证书签名方案过度依赖于密钥生成中心(KGC)的诚实性,所以当KGC失去诚信的时候这些方案也就失去了安全保证。通过对梁红梅等人(梁红梅,黄振杰.高效无证书签名方案的安全性分析与改进.计算机应用,2010,30(3):685-687)提出的无证书签名方案进行安全性分析,指出其方案不可抵抗消极不诚实KGC下的公钥替换攻击和积极不诚实的KGC攻击。针对该问题,采用由KGC生成用户公钥并公开的方法,对原方案进行了改进。安全性分析表明,改进后的方案可抵抗消极不诚实KGC下的公钥替换攻击,判别KGC的积极不诚实性行为和在随机预言机模型下可抵抗适应性选择消息攻击下的存在性伪造。 相似文献