基于三次线性递归序列密码体制的进一步研究

研究了三次线性递归序列的性质，给出了GH密码体制的一种变形，并进一步改进为一种公钥概率加密体制。对所提出加密体制的安全性进行了分析，证明了单向性等价于三次扩环中的部分离散对数问题，语意安全性等价于三次扩环中的判断Diffie-Hellman问题。最后，对加密体制的效率进行了简单的分析，这两个加密体制分别需要传输210gN和410gN bit的数据。     

一种新的等价于大整数分解的公钥密码体制研究

在弱的安全假设下构造可证明安全的密码体制原型可以有效提高密码体制的安全性,该文对用Lucas序列构造公钥密码体制做进一步研究,给出一种新的可证明安全的密码体制原型,该密码体制的加、解密效率比现有的LUC密码体制效率高,并证明它的安全性等价于分解RSA模数,最后给出该体制在签名方面的应用,伪造签名等价于分解RSA模数。     

基于LFSR高次剩余问题构造公钥密码体制的研究

该文对用线性反馈移位寄存器(LFSR)构造公钥密码体制做了进一步的研究,定义了LFSR的高次(非)剩余问题,基于新的困难问题探讨了构造一种加解密不同于GH的密码原型,并给出了具体的加解密过程,证明了它的可行性;在此基础上,进一步把该体制改进为概率加密体制,克服了GH加密确定性的缺点,同时对体制的安全性和效率做了初步分析,具有单向性和语意安全性,最后证明了该体制的单向性等价于LFSR高次剩余问题,语意安全性等价于LFSR判断高次剩余问题。     

基于共扼编码的量子概率加密方案(英文)

We present a quantum probabilistic encryption algorithm for a private-key encryption scheme based on conjugate coding of the qubit string. A probabilistic encryption algorithm is generally adopted in public-key encryption protocols. Here we consider the way it increases the unicity distance of both classical and quantum private-key encryption schemes. The security of quantum probabilistic privatekey encryption schemes against two kinds of attacks is analyzed. By using the no-signalling postulate, we show that the scheme can resist attack to the key. The scheme’s security against plaintext attack is also investigated by considering the information-theoretic indistinguishability of the encryption scheme. Finally, we make a conjecture regarding Breidbart’s attack.     

A secure channel code‐based scheme for privacy preserving data aggregation in wireless sensor networks

Data aggregation is an efficient method to reduce the energy consumption in wireless sensor networks (WSNs). However, data aggregation schemes pose challenges in ensuring data privacy in WSN because traditional encryption schemes cannot support data aggregation. Homomorphic encryption schemes are promising techniques to provide end to end data privacy in WSN. Data reliability is another main issue in WSN due to the errors introduced by communication channels. In this paper, a symmetric additive homomorphic encryption scheme based on Rao‐Nam scheme is proposed to provide data confidentiality during aggregation in WSN. This scheme also possess the capability to correct errors present in the aggregated data. The required security levels can be achieved in the proposed scheme through channel decoding problem by embedding security in encoding matrix and error vector. The error vectors are carefully designed so that the randomness properties are preserved while homomorphically combining the data from different sensor nodes. Extensive cryptanalysis shows that the proposed scheme is secure against all attacks reported against private‐key encryption schemes based on error correcting codes. The performance of the encryption scheme is compared with the related schemes, and the results show that the proposed encryption scheme outperforms the existing schemes.     

标准模型下抗CPA与抗CCA2的RSA型加密方案

RSA型加密系统（RSA加密系统及其改进系统的统称）至今仍然被广泛应用于许多注重电子数据安全的电子商务系统中.然而对现有的RSA型加密方案分析发现：（1）只有在随机谕言机模型下抗CCA2攻击的RSA型加密方案,还没有在标准模型下实现IND-CCA2安全的RSA型概率加密方案;（2）没有在标准模型下实现抗CPA且保持乘法同态性的RSA型同态加密方案,而同态性是实现安全多方计算和云计算安全服务的重要性质之一;（3）在实现密文不可区分方面,这些方案除HD-RSA外都是通过一个带hash的Feistel网络引入随机因子的,从而导致这些方案只能在随机谕言机模型下实现IND-CCA2安全.针对以上问题,本文在RSA加密系统的基础上,通过增加少量的有限域上的模指数运算,设计了一个标准模型下具有IND-CPA安全的RSA型概率同态加密方案和一个具有IND-CCA2安全的RSA型概率加密方案.这两个方案在实现密文不可区分时,都不再通过明文填充引入随机因子.此外,本文还提出一个RSA问题的变形问题（称作RSA判定性问题）.     

利用容错学习问题构造基于身份的全同态加密体制简

基于容错学习问题构造的一类全同态加密体制在云计算安全领域具有重要的潜在应用价值,但同时普遍存在着公钥尺寸较大的缺陷,严重影响其身份认证与密钥管理的效率。将基于身份加密的思想与基于容错学习问题的全同态加密相结合,提出一种基于身份的全同态加密体制,能够有效克服公钥尺寸对于全同态加密应用效率的影响。在随机喻示模型下,体制的安全性归约到容错学习问题难解性和陷门单向函数单向性,并包含严格的安全性证明。     

标准模型下前向安全公钥加密方案的新构造

针对已有的可证安全的前向安全公钥加密方案仅满足较弱的选择明文安全性,难以满足实际应用的安全需求这一问题,提出了一个新的前向安全公钥加密方案,基于判定性截断q-ABDHE问题的困难性,该方案在标准模型下被证明满足选择密文安全性。在该方案中,解密算法的计算代价和密文的长度独立于系统时间周期总数。对比分析表明,该方案的整体性能优于已有的前向安全公钥加密方案。     

Elliptic Curve Paillier Schemes

This paper is concerned with generalisations of Paillier's probabilistic encryption scheme from the integers modulo a square to elliptic curves over rings. Paillier himself described two public key encryption schemes based on anomalous elliptic curves over rings. It is argued that these schemes are not secure. A more natural generalisation of Paillier's scheme to elliptic curves is given. Received January 2001 and revised June 2001 Online publication 23 November 2001     

基于同态加密体制的通用可传递签名方案

通过分析基于大整数分解、离散对数和双线性对等数学问题的特殊可传递签名方案,抽象出了可传递签名实现方法的共性。以此为基础,提出了一个基于同态加密体制的通用可传递签名方案,该方案利用同态加密体制能支持密文运算的特性实现了可传递签名及验证的一般模型,为基于同态密码体制构造安全可靠的可传递签名方案提供了一种通用框架。其次,通过适当定义安全目标和设计安全性实验,完成了该通用可传递签名方案的可证明安全性,指出若使用的同态加密方案是CPA安全而标准签名是CMA安全的,则所提出的方案就达到CMA安全。最后,给出了该通用可传递签名方案并进行了性能分析与比较。     

基于遍历矩阵的公钥加密方案

 目前的公钥加密方案受到来自量子计算的威胁,研究在量子计算下安全的公开加密算法具有重要的意义.本文提出了遍历矩阵的概念,并给出了遍历矩阵的性质.同时提出了基于有限域上遍历矩阵的双侧幂乘问题(TEME:Two-side Ergodic Matrices Exponentiation),并证明了求解TEME问题是NP完全的.据此,本文提出了一个新的公钥加密方案,并在标准模型下,证明了该方案基于TEME问题的安全性,即该方案具有适应性选择密文攻击下的不可区分性.     

一种基于LWE问题的无证书全同态加密体制

全同态加密在云计算等领域具有重要的应用价值,然而,现有全同态加密体制普遍存在公钥尺寸较大的缺陷,严重影响密钥管理与身份认证的效率。为解决这一问题,该文将无证书公钥加密的思想与全同态加密体制相结合,提出一种基于容错学习(LWE)问题的无证书全同态加密体制,利用前像可采样陷门单向函数建立用户身份信息与公钥之间的联系,无须使用公钥证书进行身份认证;用户私钥由用户自行选定,不存在密钥托管问题。体制的安全性在随机喻示模型下归约到判定性LWE问题难解性,并包含严格的可证安全证明。     

High-performance and high-concurrency encryption scheme for Hadoop platform

To address the problem that as preventing data leakage on Hadoop platform,the existing encryption schemes suffer from several problems (e.g.,single encryption algorithm,complicated key management,low encryption performance) and they cannot protect data stored in Hadoop effectively,a high-performance encryption and key management scheme for Hadoop was proposed.Firstly,a three-level key management system was extended with the domestic commercial cipher algorithm.Then,a new data structure for encryption zone key to reduce time consumption was designed.Finally,the computing process of data stream in parallel was scheduled.The experimental results show that compared with the existing Hadoop schemes,the proposed scheme can improve the efficiency of key management,and can speed up file encryption.     

具有小规模公开参数的适应安全的非零内积加密方案

内积加密是一种支持内积形式的函数加密,已有内积加密方案的公开参数规模较大,为解决该问题,该文基于素数阶熵扩张引理,利用双对偶向量空间(DPVS)技术,提出一个公开参数规模较小的具有适应安全性的内积加密方案。在方案的私钥生成算法中,将用户的属性向量的分量与主私钥向量结合,生成一个可与熵扩张引理中密钥分量结合的向量;在方案的加密算法中,将内积向量的每一分量与熵扩张引理中的部分密文分量结合。在素数阶熵扩张引理和${\rm{MDDH}}_{k, k + 1}^n$困难假设成立条件下,证明了方案具有适应安全性。该文方案公开参数仅有10个群元素,与现有内积加密方案相比,公开参数规模最小。     

Efficient Linear Homomorphic Encryption from LWE Over Rings

As the basis for secure public-key encryption under various cases, the learning with errors (LWE) problem has proved to be versatile for encryption schemes. Unfortunately, it tends not to be efficient enough for practical applications. For improving the efficiency issues and quickening the practical applications of the lattice-based public-key cryptosystems, an efficient homomorphic encryption scheme is presented in this paper, which is based on the learning with errors over rings (R-LWE) assumption, and its security is reducible to the hardness of the shortest vector problem in the worst case on ideal lattices. Furthermore, the scheme possesses homomorphism feature that encryption operations are consistent with message operations. The security analysis shows that the proposed encryption scheme is secure against chosen-plaintext attacks in the standard model. At the same time, the efficiency analysis and simulation results indicate that the scheme is much more efficient than previous lattice-based cryptosystems.     

Attribute-based fully homomorphic encryption scheme over rings

The fully homomorphic encryption has important applications in the area of data security and privacy security of cloud computing,but the size of secret keys and ciphertext in most of current homomorphic encryption schemes were too large,which restricted its practical.To improve these drawbacks,a recoding scheme and a attribute-based encryption scheme based on learning with errors problem over rings were provided,then a attribute-based fully homomorphic encryption was constructed.The new scheme overcame the above mentioned drawbacks,because it did't need public key certificate,meanwhile,it can achieve the fine-grained access control to the ciphertext.Compared with similar results,proposed method decreases the size of keys and ciphertext greatly.     

Privacy preserving ciphertext-policy attribute-based broadcast encryption in smart city

With the development and application of information technology, the problem of personal privacy leakage is becoming more and more serious. Most attribute-based broadcast encryption (ABBE) schemes focus on data security, while ignoring the protection of the personal privacy of users in access structure and identity. To address this problem, a privacy preserving ABBE scheme is proposed, which ensures the data confidentiality and protects personal privacy as well. In addition, the authenticity of encrypted data can be verified. It is proved that the proposed scheme achieves full security by dual system encryption.     

A content security protection scheme in JPEG compressed domain

The access and distribution convenience of public networks opens a considerable content security threat when sending, receiving, and using multimedia information. In this paper, a content security protection scheme that integrates encryption and digital fingerprinting is proposed to provide comprehensive security protection for multimedia information during its transmission and usage. In contrast to other schemes, this method is implemented in the JPEG compressed domain with no transcoding or decompression, therefore, this scheme is highly efficient and suitable for multimedia information, which is seldom available in an uncompressed form. In addition, a variable modular encryption method is proposed to solve the invalid variable length coding (VLC) problem when a compressed data stream is encrypted directly. Experimental results demonstrate improved security and the efficiency provided by the proposed scheme. The experiments also demonstrate imperceptibility and collusion resistance of fingerprints.     

基于整数的多对一全同态加密方案

全同态加密是在不解密密文的情况下直接对密文进行操作。现有的基于整数的全同态加密方案是针对两个参与者“一方加密,一方解密”(一对一)设计的,计算效率普遍低,明文空间小,不能应用于大数据、云计算等环境。为此,该文提出一种“多方加密,一方解密”(多对一)的全同态加密方案,该方案在保证安全性的基础上简化密钥生成过程,并在全同态运算过程中给出能够正确解密的加密方个数的具体范围。同时,在随机预言机模型下,基于近似最大公因子问题证明了方案的安全性。数值结果表明,该方案与已有方案相比不仅扩展了数据传输量,而且提高了效率。模拟实验表明,该方案在整数范围内具有可行性,满足用户对系统响应的需求,最后将明文空间扩展为3 bit,并与1 bit的方案做出了实验上的对比分析。     

Access control scheme with attribute revocation for SWIM

Access control scheme is proposed for System Wide Information Management (SWIM) to address the problem of attribute revocation in practical applications. Based on the attribute based encryption (ABE), this scheme introduces the proxy re-encryption mechanism and key encrypting key (KEK) tree to realize fine-grained access control with attribute revocation. This paper defines the attributes according to the status quo of civil aviation. Compared with some other schemes proposed before, this scheme not only shortens the length of ciphertext (CT) and private key but also improves the efficiency of encryption and decryption. The scheme can resist collusion attacks and ensure the security of data in SWIM.