共查询到18条相似文献,搜索用时 187 毫秒
1.
在要求高效的密钥管理和中等的安全性的情况下,基于身份公钥密码已成为代替基于证书的公钥密码的一个很好的选择.本文在基于身份系统中,引入少数几个采用公钥证书实体充当裁决者,从而提出混合可验证加密签名的概念,并在Cheon基于身份签名体制的基础上,构造了一个有效的混合可验证加密签名体制;随后,本文讨论了混合可验证加密签名体制的安全模型,并在随机谕示模型下,基于双线性映射的计算性Diffie-Hellman问题难解性假设,证明本文体制是可证安全的.本文体制可用于构造基于身份的优化公平签名交换协议,这在电子商务等领域有着广泛的应用. 相似文献
2.
3.
属性基加密可以为雾-云计算中的数据提供机密性保护和细粒度访问控制,但雾-云计算系统中的移动设备难以承担属性基加密的繁重计算负担。为解决该问题,该文提出一种可验证外包解密的离线/在线属性基加密方案。该方案能够实现离线/在线的密钥生成和数据加密,同时支持可验证外包解密。然后,给出方案的选择明文攻击的安全证明和可验证性的安全证明。之后,该文将转换阶段所需双线性对的计算量降为恒定常数。最后,从理论和实验两方面对所提方案进行性能分析,实验结果表明该方案是有效且实用的。 相似文献
4.
5.
6.
云计算的高虚拟化与高可扩展性等优势,使个人和企业愿意外包加密数据到云端服务器。然而,加密后的外包数据破坏了数据间的关联性。尽管能够利用可搜索加密(SE)进行加密数据的文件检索,但不可信云服务器可能篡改、删除外包数据或利用已有搜索陷门来获取新插入文件相关信息。此外,现有单关键词搜索由于限制条件较少,导致搜索精度差,造成带宽和计算资源的浪费。为了解决以上问题,提出一种高效的、可验证的多关键词搜索加密方案。所提方案不仅能够支持多关键词搜索,也能实现搜索模式的隐私性和文件的前向安全性。此外,还能实现外包数据的完整性验证。通过严格的安全证明,所提方案在标准模型下被证明是安全的,能够抵抗不可信云服务器的离线关键词猜测攻击(KGA)。最后,通过与最近3种方案进行效率和性能比较,实验结果表明所提方案在功能和效率方面具有较好的综合性能。 相似文献
7.
8.
该文针对单调访问结构提出了一个解密成本为常数的具有追踪性的密文策略属性加密(CP-ABE)方案,该方案基于合数阶双线性群实现了标准模型下的适应安全性。在所有已知的追踪性CP-ABE方案中,都使用线性秘密共享方案(LSSS)来表示单调访问结构,并用LSSS矩阵加密明文数据。因此,其加密成本都随着LSSS矩阵的大小成线性增长,同时解密成本则随着满足要求的属性数量成线性增长。而在该文提出的追踪性CP-ABE方案中,使用最小授权子集集合来表示单调访问结构,并用该子集集合加密明文数据。因此,其加密成本随着最小授权子集的集合大小成线性增长,对于某些单调访问结构,该文方案具有更短的密文长度和更小的加密成本。最重要的是,该文方案进行解密时,只需要3个双线性对操作和2个指数操作,解密成本为常数,实现了更快更高效的数据解密。最后基于合数阶双线性群下的3个静态假设对方案进行了安全性证明,并进行了性能分析与实验验证。 相似文献
9.
测量方案是由Naor和Pinkas系统引入的,在该方案中每一个服务器能对审计代理证明它至少接收了一定数量的顾客访问,B. Masucci和D. R. Stinson提出了定价的测量方案,并给出该方案的一种构造方法。本文研究定价的测量方案,基于RS码提出一种新的有效的具有定价的测量方案,研究了它的特性,同时基于离散对数问题,提出了可多次使用的一种新的定价的测量方案。 相似文献
10.
安全多方求和/乘积是安全多方计算(Secure Multi-Party Computation, MPC)的一种典型问题,近年来在智能电网、电子投票和联合征信等场景中有诸多应用。如何实现数据隐私保护是安全多方求和/乘积计算应用领域的一个关键性问题。针对此问题,引入了区块链构建可信数据共享环境,以此为基础结合可验证秘密共享协议设计了简单可行的基于区块链的外包安全多方统计计算可验证隐私保护方案。应用实例证明了方案的安全性和可行性,理论分析和实验测试表明该方案可实现安全多方统计计算过程中数据的可验证隐私保护,且较Feldman方案在数据验证过程中有更小的计算开销。 相似文献
11.
12.
13.
Efficient metering schemes with pricing 总被引:1,自引:0,他引:1
Masucci B. Stinson D.R. 《IEEE transactions on information theory / Professional Technical Group on Information Theory》2001,47(7):2835-2844
In order to decide on advertisement fees for Web servers, Naor and Pinkas (see Proc. Advances in Cryptology-EUROCRYPT'98 (Lecture Notes in Computer Science). New York: Springer-Verlag, vol.1403, p.576-590, 1998) introduced metering schemes. They proposed metering schemes in which any server is able to compute a proof to be sent to an audit agency if and only if it has been visited by at least a certain number, say h, of clients. In such schemes, any server which has been visited by less than h clients has no information about the proof; consequently, it does not receive any money from the audit agency. In order to have a more flexible payment system, Blundo, De Bonis, and Masucci (see Proc. 4th Int. Symp. Distributed Computing-2000 (Lecture Notes in Computer Science). New York: Springer-Verlag, vol.1914, p.194-208,2000) introduced metering schemes with pricing. These schemes allow different rates of payments based on the number of visits that each server has received. In this paper, we are interested in the efficiency of metering schemes with pricing. We propose a new model for metering schemes with pricing and we provide lower bounds on the size of the information distributed to clients and servers, and on the number of random bits needed by the audit agency to set up a metering scheme with pricing. These bounds are tight, as we provide a scheme which achieves them with equality. Compared to the scheme presented by Blundo, De Bonis, and Masucci, our scheme distributes less information to clients and servers. The drawback of our scheme is that it requires servers to interact with the audit agency in order to compute their proofs 相似文献
14.
针对目前大多数门限签名方案不能实现签名成员匿名或匿名效果比弱的问题,该文提出了一种带有子密钥分发中心的强匿名性(n, t)门限签名方案。方案主要基于可信计算组织在其v1.2标准中采用的直接匿名认证(Direct Anonymous Attestation, DAA)方案,以及零知识证明和Feldman门限秘密共享等技术实现。相较已有方案,该方案即使在签名验证者和子密钥分发中心串通的情况下,也能够实现子签名的不可追踪性,也即可确保子签名成员的强匿名性。分析显示,方案除具有强匿名性外还具备签名子密钥不可伪造、子签名可验证以及一定的鲁棒性等特征。该方案在匿名表决等一些对匿名性要求较高的场合中有着重大的应用价值。 相似文献
15.
现有的可公开验证的匿名基于身份的加密(Identity-Based Encryption,IBE)机制声称解决了在静态困难性假设之上构造紧的选择密文安全的IBE机制的困难性问题.然而,本文发现,由于该机制的密文不具备防扩展性,使得任何敌手可基于已知的有效密文生成任意消息的合法加密密文,导致该机制无法满足其所声称的选择密文安全性.我们根据不同的密文相等判定条件分别提出两种方法对原始方案的安全性进行了分析,同时在分析基础上指出原始安全性证明过程中所存在的不足. 相似文献
16.
Li Bai 《Reliability, IEEE Transactions on》2007,56(2):268-274
The k-out-of-n secret sharing schemes are effective, reliable, and secure methods to prevent a secret or secrets from being lost, stolen, or corrupted. The circular sequential k-out-of-n congestion (CSknC) system , based upon this type of secret sharing scheme, is presented for reconstructing secret(s) from any k servers among n servers in circular, sequential order. When a server is connected successfully, it will not be reconnected in later rounds until the CSknC system has k distinct, successfully connected servers. An optimal server arrangement in a CSknC system is determined in where n servers have known network connection probabilities for two states, i.e., congested, and successful. In this paper, we present: i) a generalized access structure congestion (GGammaC) system that is based upon the generalized secret sharing scheme, and ii) an efficient connection procedure for the GGammaC system in terms of the minimal number of server connection attempts. The k-out-of-n secret sharing schemes are considered as simple cases of the generalized secret sharing schemes. It implies that the GGammaC system is a more general system than the CSknC system. We established an iterative connection procedure for the new system. Simulation results are used to demonstrate that the iterative connection procedure is more efficient in terms of minimizing the number of connection attempts 相似文献
17.
In an on-demand video system, the video repository generally has limited streaming capacities and may be far from the users. In order to achieve higher user capacity and lower network transmission cost, distributed servers architecture can be used, in which multiple local servers are placed close to user pools and, according to their local demands, dynamically cache the contents streamed from the repository. We study a number of caching schemes as applied in the local servers depending on whether the repository is able to multicast movie contents to the local servers or not, and whether the local servers can exchange their cached contents among themselves or not. Our caching schemes keep a circular buffer of data for the movie requested, and hence movies are partially cached. By adjusting the size of the buffer, such caching is able to achieve better tradeoff between network channels and local storage as compared to the traditional caching in which a movie is treated as an entity. For each caching scheme, we study the tradeoff between the local storage and the network channels, and address how the total cost of the system can be minimized by appropriately sizing the buffer. As compared to a number of traditional operations (request batching and multicasting, true-VOD, etc.), we show that distributed servers architecture is able to achieve much lower system cost to offer on-demand video services 相似文献
18.
云存储服务的一种主要收费模式为依据服务提供商度量的客户资源实际使用量进行计费。因此,支付方和服务提供商之间的信任问题成为这种商业计费模式的关键因素,并可能引发安全问题。一方面,云存储服务提供商或者内部人员可能声称更多的客户资源使用量而多收取服务费用;另一方面,支付方可能否认已使用的资源从而减少应支付的费用。提出了一种基于散列链的资源使用度量机制,对不同资源分别产生可验证的证据。对于多数资源,现有云存储计费机制可以依据资源使用总量产生证据,但是考虑到存储量随时间不断波动并且资源的计费不仅与存储量相关还与时间因素相关,因此现有机制不能完全适用。提出的存储资源使用度量机制同时考虑时间和存储量2个因素,利用与计费方式关联的散列链产生证据,实现了原有机制的改进,达到了资源使用的可验证度量目标。 相似文献