A new convertible authenticated encryption scheme with message linkages

In this article, we present an authenticated encryption scheme with message linkages used to deliver a large message. To protect the receiver’s benefit, the receiver can easily convert the signature into an ordinary one that can be verified by anyone. Several feasible attacks will be discussed, and the security analysis will prove that none of them can successfully break the proposed scheme.     

Convertible multi-authenticated encryption scheme with one-way hash function

To send the message to the recipient securely, authenticated encryption schemes were proposed. In 2008, Wu et al. [T.S. Wu, C.L. Hsu, K.Y. Tsai, H.Y. Lin, T.C. Wu, Convertible multi-authenticated encryption scheme, Information Sciences 178 (1) 256–263.] first proposed a convertible multi-authenticated encryption scheme based on discrete logarithms. However, the author finds that the computational complexity of this scheme is rather high and the message redundancy is used. To improve the computational efficiency and remove the message redundancy, the author proposes a new convertible multi-authenticated encryption scheme based on the intractability of one-way hash functions and discrete logarithms. As for efficiency, the computation cost of the proposed scheme is smaller than Wu et al.’s scheme.     

Breaking the short certificateless signature scheme

Certificateless cryptography eliminates the need of certificates in the Public Key Infrastructure and solves the inherent key escrow problem in the identity-based cryptography. Recently, Huang et al. proposed two certificateless signature schemes from pairings. They claimed that their first short certificateless signature scheme is provably secure against a normal type I adversary and a super type II adversary. In this paper, we show that their short certificateless signature scheme is broken by a type I adversary who can replace users’ public keys and access to the signing oracle under the replaced public keys.     

A Convertible Multi-Authenticated Encryption scheme for group communications

Recently, Wu et al. proposed a Convertible Multi-Authenticated Encryption (CMAE) scheme, which allows a signing group with multiple signers to generate a multi-authenticated ciphertext signature on the chosen message so that only a designated verifier can recover and verify the message. In case of later dispute, the verifier can convert the multi-authenticated ciphertext signature into an ordinary one that can be verified by anyone. In this study, a CMAE scheme for group communications is proposed. This is presented by first reviewing the concepts of group-oriented encryption schemes and the merits of Wu et al.’s scheme. This shows that not only can a multi-authenticated ciphertext signature be generated by a signing group, but also the message can be recovered and verified by a verifying group with multiple verifiers. The security of the proposed scheme is based solely on the DDH problem, which provides higher security confidence than using the CDH problem in Wu et al.’s CMAE scheme.     

"金盾工程"中的公钥构架PKI

在“金盾工程”这样特殊系统中，对共享信息的警察进行身份认证显得尤为重要，也是实现公安信息共享的前提和基础，本文主要介绍公钥构架PKI组成，使用、运行、功能，开发关键等，特别介绍公安PKI体系结构，证书管理等。     

基于Windows平台的认证系统的开发

全面描述了公钥基础设施及其工作原理。对安全认证过程中的加密、解密、签名、验证以及电子信封等作了简要的介绍。在Windows2000PKI体系的基础上,开发设计了一整套用于信息安全认证系统的软件工具包。它们可以非常方便快速的在各类业务应用系统、办公处理系统、电子邮件系统、电子商务系统中被直接调用来完成相应的加密、解密、签名、验证等功能。     

Improvements of generalization of threshold signature and authenticated encryption for group communications

Recently, Wang et al. proposed a (t,n) threshold signature scheme with (k,l) threshold shared verification and a group-oriented authenticated encryption scheme with (k,l) threshold shared verification. However, this article will show that both the schemes violate the requirement of the (k,l) threshold shared verification. Further, two improvements are proposed to eliminate the pointed out security leaks inherent in the original schemes.     

An efficient incomparable public key encryption scheme

Public keys are closely related to the identity of recipients in public key encryption setting. In privacy-sensitive applications of public key encryption, it is desirable to hide the relation between the public key and the identity of the recipient. The main functional approach in the privacy enhanced public key encryption scheme is to give anonymity of the public keys of recipients. In this case, all the users in the system are potential recipients of every ciphertext. Waters, Felten, and Sahai proposed an incomparable public key encryption scheme which guarantees the anonymity of recipients against both eavesdroppers and senders. In their scheme, all the recipients must complete the same amount of computations to identify the ciphertexts which direct to them. In this paper, we focus on reducing the number of computations for the recipients while preserving the security level of Waters et al.’s scheme. Our method is to separate the decryption process into two steps, first the recipient determines whether a ciphertext is directed to him or her, and only if the direction is correct, the recipient recovers the corresponding plaintext. This improves the efficiency of the system.     

公开密钥算法在卫星广域网保密通信中的研究及其实现

本文针对卫星广域网的特点，分析了该系统的数据安全问题，指出在卫星数据通信网中实施公开密钥算法进行密钥管理的必要性和可能性，提出了一种基本公开密钥算法和传统密钥算法相结合的保密通信实现方式，并给出了保密性分析。     

Efficient self-certified proxy CAE scheme and its variants

Elaborating on the merits of proxy signature schemes and convertible authenticated encryption (CAE) schemes, we adopt self-certified public key systems to construct efficient proxy CAE schemes enabling an authorized proxy signer to generate an authenticated ciphertext on behalf of the original signer. To satisfy the requirement of confidentiality, only the designated recipient is capable of decrypting the ciphertext and verifying the proxy signature. A significant advantage of the proposed schemes is that the proxy signature conversion process takes no extra cost, i.e., when the case of a later dispute over repudiation occurs, the designated recipient can easily reveal the ordinary proxy signature for the public arbitration. If needed, the designated recipient can also convince anyone that he is the real recipient. In addition, integrating with self-certified public key systems, our schemes can earn more computational efficiency, since authenticating the public key and verifying the proxy signature can be simultaneously carried out within one-step.     

支持安全多方同态乘积计算的谓词加密方案

针对传统安全多方计算（SMC）加密方案中,每一位参与者都能获知最终结果,这种粗粒度的访问控制不适用于要求特定用户对密文进行解密的问题,提出了对计算结果解密权限控制更精确的加密方案。通过与谓词加密相结合,构造了一种支持安全多方同态乘积计算的谓词加密方案,具有乘法同态性。与现有的谓词加密方案相比,该方案不仅支持同态操作,并且在对最终计算结果的解密权限上,该方案的控制更加精确。在当前云环境背景下,实现了对计算结果访问控制细粒度更高的安全多方计算,并且验证方案达到不可区分的属性隐藏抵抗选择明文攻击（IND-AH-CPA）安全。     

一种轻量级Web通信加密方案*

为保护用户Web通信安全,针对现有Web加密中的运算负荷问题,提出了可保护用户隐私的轻量级Web通信加密方案。该方案很大程度降低服务器在会话密钥协商时的运算负荷,实现通信业务流加密、抵抗第三方监控,进而有效保护用户隐私。     

网络身份认证系统的设计与应用

互联网的发展和信息技术的普及,给人们的工作和生活带来了前所未有的便利。然而,由于互联网所具有的广泛性和开放性,决定了互联网不可避免地存在着信息安全隐患。使用公开密钥基础设施技术实施构建完整的加密/签名体系,并应用在证券行业,更有效地解决了上述难题,在充分利用互联网实现资源共享的前提下,从真正意义上确保了网上交易与信息传递的安全。     

机器可读旅行文档的安全分析

新一代通关检测系统使用了生物特征认证技术。而合有生物特征信息的机器可读旅行文档（Mrtds）的安全是一个极为重要的问题。本文中我们首先分析了对Mrtds中机器可读区数据的潜在威胁。然后总结了由国际民航组织（ICAO）推荐的系统安全方案，也就是基于公钥体系的数字签名。基于这些内容，我们把Mrtds的认证过程看作是被保护数据，相应的hash值和数字签名以及持有者共四个环节之间的连接。对于用于每个连接中的技术，也就是公钥体系，数字签名和生物认证技术，我们提出了一些附加的要求和安全特征。结果，改进的系统加固了每个连接，从而获得了更高的系统安全性。     

数字签名技术及其在Java中的具体实现

本文主要论述了数字签名技术的基本实现原理,包括公钥加密技术、报文分解函数（MDF）等实现数字签名应用的关键技术。另外还详细讨论了一些应用数字签名应用协议,对其协议的具体内容及实际应用进行了较为细致的论述,最后给出了一个用Java语言实现的具体数字签名实验系统。     

Improved convertible authenticated encryption scheme with provable security

Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated recipient to reveal an ordinary signature for dealing with a later dispute over repudiation. Based on the ElGamal cryptosystem, in 2009, Lee et al. proposed a CAE scheme with only heuristic security analyses. In this paper, we will demonstrate that their scheme is vulnerable to the chosen-plaintext attack and then further propose an improved variant. Additionally, in the random oracle model, we prove that the improved scheme achieves confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) and unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA).     

Certificateless cryptography with KGC trust level 3

A normal certificateless cryptosystem can only achieve KGC trust level 2 according to the trust hierarchy defined by Girault. Although in the seminal paper introducing certificateless cryptography, Al-Riyami and Paterson introduced a binding technique to lift the KGC trust level of their certificateless schemes to level 3, many subsequent work on certificateless cryptography just focused on the constructions of normal certificateless schemes, and a formal study on the general applicability of the binding technique to these existing schemes is still missing. In this paper, to address the KGC trust level issue, we introduce the notion of Key Dependent Certificateless Cryptography (KD-CLC). Compared with conventional certificateless cryptography, KD-CLC can achieve stronger security, and more importantly, KGC trust level 3. We then study generic techniques for transforming conventional CLC to KD-CLC. We start with the binding technique by Al-Riyami and Paterson, and show that there are some technical difficulties in proving that the binding technique is generally applicable. However, we show that a slightly modified version of the binding technique indeed can be proved to work under the random oracle assumption. Finally, we show how to perform the transformation using a standard cryptographic primitive instead of a random oracle.     

代理可转换认证加密方案

结合代理签名和可转换认证加密两种方案,提出了代理可转换认证加密方案和(t,n)门限代理方案。方案能够使一个代理人代理被代理人认证加密一个消息给某个特定的接收者。     

一种改进的高效无线传感器网交叉加密方案

无线传感器网中许多敏感、机密的数据需要加密保护。但受限于网络本身的特点,难以直接应用有线网中现有的安全技术,而需要更加高效的加密方式。在前人的基础上,改进并提出了一种新的加密方案。该方案基于对称密钥密码系统;网络中节点与其每个一、二跳邻节点分别共享一对密钥;传输数据时只用跟二跳邻节点的共享密钥加密,这样就构成了所谓的交叉加密。     

基于格式保留的敏感信息加密方案

格式保留加密具有加密后数据格式和数据长度不变的特点,不会破坏数据格式约束,从而降低改造数据格式的成本。分析现有敏感信息格式保留加密方案,均基于对称加密体制,存在密钥传输安全性低和密钥管理成本较高等问题。提出了身份密码环境下基于格式保留的敏感信息加密方案,与现有的格式保留加密方案相比,通信双方不需要传递密钥,通过密钥派生函数来生成加密密钥和解密密钥,利用混合加密的方式提高了敏感信息传输的安全性。并且证明了该方案满足基于身份的伪随机置换安全,在适应性选择明文攻击下具有密文不可区分性。