Certificateless threshold cryptosystem secure against chosen-ciphertext attack

This paper proposes the first certificateless threshold decryption scheme which avoids both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. The scheme is secure against threshold chosen-ciphertext attack. It tolerates the Type I adversary that can replace public key and the Type II adversary that has access to the system’s master key. The formal proof of security is presented in the random oracle model, assuming some underlying problems closely related to the Bilinear Diffie-Hellman Problem are computationally hard.     

An ID-based group-oriented decryption scheme secure against adaptive chosen-ciphertext attacks

ID-based decryption allows a sender to encrypt a message to an identity without access to a public key certificate. This paper proposes an ID-based group-oriented decryption scheme, secure against adaptive chosen-ciphertext attacks, which allows the sender to determine an access structure and generate a valid ciphertext on the chosen message. The correctness of decryption shares can be checked to detect when dishonest users in the access structure provide fake decryption shares. As a result, the message can be cooperatively recovered by users in the determined access structure. The formal proof of security of our scheme is based on the bilinear Diffie–Hellman problem in the random oracle model. Our proposed scheme is more efficient and provides higher security confidence than those in Li et al.’s certificate-based group-oriented decryption scheme.     

Efficient chosen-ciphertext secure certificateless threshold key encapsulation mechanism

As a practical extension of our previous work on certificateless threshold cryptosystem, this paper proposes the first direct certificateless threshold key encapsulation mechanism that inherits the same trust level of the original scheme and removes the length limitation of a traditional public key encryption. Security against threshold chosen-ciphertext attacks are proved in a random oracle model under a new assumption. It tolerates the Type I adversary that can replace public keys and the Type II adversary that has access to the system’s master key. The implied encapsulation scheme is very efficient when compared to the most efficient schemes in a traditional public key cryptosystem, and it is slightly more efficient in terms of key length and encapsulation speed when compared to the identity-based cryptosystems that have the same ciphertext overhead. Finally, we describe several potential modifications of our scheme.     

一种新的基于身份的签密方案

利用椭圆曲线上双线性映射的特性,提出了一种有效的基于身份的签密方案,签密可以同时完成数字签名和公钥加密两项功能,其代价显著低于常规“先签名再加密”方法的代价。而且在椭圆曲线群中构造的基于身份的新方案比一般的签名方案具有更高的安全性。此方案具有有向性,只有特定的接收方可以由签名恢复被签消息,验证签名的有效性。     

An efficient and provable secure identity-based ring signcryption scheme

ID-based ring signcryption schemes (IDRSC) are usually derived from bilinear parings, a powerful but computationally expensive primitive. The number of paring computations of all existing ID-based ring signcryption schemes from bilinear pairings grows linearly with group size, which makes the efficiency of ID-based schemes over traditional schemes questionable. This paper presents a new identity-based ring signcryption scheme, which only takes four pairing operations for any group size and the scheme is proven to be indistinguishable against adaptive chosen ciphertext ring attacks (IND-IDRSC-CCA2) and existentially unforgeable against adaptive chosen message and identity attacks (EUF-IDRSC-ACMA) under the random oracle model.     

An ID-based multi-signer universal designated multi-verifier signature scheme

In an ID-based universal designated verifier signature scheme, a single signer generates a signature that can only be verified by a designated verifier using a simplified public identity such as an e-mail address. In this paper, we expand the scheme to a multi-user setting for generating and verifying signatures in practical applications. An ID-based multi-signer universal designated multi-verifier signature scheme based on bilinear pairings is proposed that allows a set of multi-signer to cooperatively generate a signature and designate a set of multi-verifier to verify it. The security of the proposed scheme is demonstrated to be resistant to existentially forgery from adaptive chosen-message and chosen-ID attacks under the Bilinear Diffie-Hellman problem.     

无线自组网络上基于身份的密钥生成协议

着重研究了无线自组网络上基于身份的密码体制的密钥生成问题,设计了一个分布式的密钥生成协议。该协议不需要预先分发任何秘密信息,不需要假设用户间存在安全信道和可信第三方,在设定系统参数后,自组网络的各站点运行该协议,就可以安全有效地生成与自己身份相对应的用户私钥,从而有效地使用基于身份的密码体制实现自组网络内部的端到端认证和保密通信。     

A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Recently, Yang and Chang proposed an identity-based remote login scheme using elliptic curve cryptography for the users of mobile devices. We have analyzed the security aspects of the Yang and Chang's scheme and identified some security flaws. Also two improvements of the Yang and Chang's scheme have been proposed recently, however, it has been found that the schemes have similar security flaws as in the Yang and Chang's scheme. In order to remove the security pitfalls of the Yang and Chang and the subsequent schemes, we proposed an enhanced remote user mutual authentication scheme that uses elliptic curve cryptography and identity-based cryptosystem with three-way challenge-response handshake technique. It supports flawless mutual authentication of participants, agreement of session key and the leaked key revocation capability. In addition, the proposed scheme possesses low power consumption, low computation cost and better security attributes. As a result, the proposed scheme seems to be more practical and suitable for mobile users for secure Internet banking, online shopping, online voting, etc.     

可证安全的基于身份的门限代理签名方案

在Paterson基于身份的签名方案基础上,提出一个在标准模型下可证安全的基于身份的门限代理签名方案。新方案具有在自适应选择消息攻击下存在不可伪造性,其安全性在标准模型下可归约为CDH问题假定,与基于公钥密码体制的门限代理签名方案相比,新方案的安全性更高。同时,相对随机预言模型下基于身份的门限签名方案,新方案更具有实际意义。     

标准模型下基于身份的签密密钥封装

针对随机预言模型下的签密密钥封装机制依赖现实世界无法实现的随机预言假设的问题,提出在标准模型下可证明安全的基于身份签密密钥封装机制(IBSC-KEM)。新提出的IBSC-KEM方案基于一种受到广泛研究的身份加密机制,在标准模型下被规约为求解q-ABDHE问题和判定性q-ABDHE问题,具有机密性和不可伪造性。新方案主要计算开销为5次群G上的指数运算、3次群GT上的指数运算和3次双线性对运算,与类似的签密方案比较,计算开销较低。此外,新方案还具有公开可验证性,适用于构建安全的端到端传输。     

基于身份的Ad Hoc网络群签名算法设计

现有Ad Hoc网络存在公钥基础设施缺乏、网络拓扑结构变化以及节点资源受限等缺陷,故传统的基于可信机构的密码机制不再适用.为了解决Ad Hoc网络中的密钥管理及认证签名问题,利用基于身份密码体制的优点,结合基于联合秘密共享的门限群签名体制,设计了应用于Ad Hoc网络的基于身份的群签名算法.算法分析及网络仿真实验表明,提出的算法有效地节省了网络数据的传输量和节点签名的计算量,解决了现有Ad Hoc网络认证方案不能处理节点私钥更新和抵抗合谋攻击等问题.在保证安全性和有效性的同时控制了计算量,因此适用于Ad Hoc网络.     

对一个基于身份的密钥协商协议的分析与改进

根据2007年王圣宝等人提出的一类基于身份的密钥协商协议的特点,对私钥泄漏模仿攻击的分类进行了扩充,之后具体分析了王等人的协议,发现该协议不能抵抗扩充的私钥泄漏模仿攻击。进一步分析了存在攻击的原因,并对协议进行了改进,最后对改进后的协议的安全性质进行了分析。     

标准模型下选择密文安全的基于身份加密方案

Waters在欧密2005上提出的基于身份加密方案是选择明文安全的,这就使得该方案很难应用于一些安全性要求较高的环境中。针对这一问题,设计了一个标准模型下选择密文安全的基于身份的加密扩展方案。该扩展方案基于Waters的方案,其密文中增加一个附加信息,而扩展方案是选择密文安全的,所以解决了Waters方案仅达到选择明文安全的问题。在标准模型下,扩展方案的安全性归约为判定性双线性Diffie-Hellman困难假设。安全性分析表明,扩展方案抵抗自适应选择密文攻击是不可区分的。