基于广义XTR体制的签名方案

与RSA和ECC相比较,同等安全程度下XTR密钥长度远远小于RSA,最多只是ECC密钥长度的2倍;而XTR参数和密钥选取远远快于ECC。该文利用有限域中元素迹的快速算法,给出了两种特殊的基于广义XTR体制的签名方案,其安全性等价于解广义XTR群中的离散对数困难问题,但是传输的数据量只有原来方案的1/3.     

基于XTR体制的盲签名方案

XTR是一种新的基于有限域的乘法群的子群中元素迹的紧致表示的公钥密码体制。与RSA和ECC相比较,同等安全程度下 XTR密钥长度远远小于 RSA,最多只是 ECC密钥长度的 2倍,但XTR参数和密钥选取的速度远远快于 ECC。利用基于离散对数问题的盲签名方案以及有限域中元素迹的快速算法,该文给出了两种基于 XTR体制的盲签名方案,其安全性等价于解 XTR-DL困难问题,但是传输的数据量只有原来方案的 1/3。     

XTR公钥密制的改进及可证明安全通信协议

提出一种新的迹函数,将基于3阶LFSR序列的XTR公钥密码体制(称之为XTR3体制),改进为基于4阶LFSR序列的XTR4公钥密码体制。与XTR3体制比较,同等安全程度下XTR4的密钥长度小于XTR3。提出XTR4体制上的密钥交换协议,可证明安全性保密通信协议,一次一密协议,可以应用于多种环境,既能保证安全性,又能显著地提高运算效率。     

XTR体制下基于身份特征的数字签名算法

XTR公钥体制是一种基于子群离散对数问题的密码体制,同现在流行的RSA公钥体制相比,它的密钥长度短,传输效率高;同椭圆曲线公钥体制相比,它的密钥选取简单,计算速度快.因而,从XTR公钥体制被提出以来就倍受关注,本文首次提出了XTR体制下基于身份特征数字签名算法和基于身份特征的数字盲签名算法,这为XTR数字签名算法提供了更为广阔的应用领域.文中证明了这两种算法的安全性,并对其特性和效率进行了分析.这两种数字签名对电子商务和电子政务的发展具有重要价值.     

基于XTR公钥密码体制的群组密钥协商协议设计

群组密钥协商协议是网络中最基本的安全协议之一,相比两方密钥协商协议显得更为复杂,因此,如何设计安全、简洁、高效的群组密钥协商协议成为网络安全中的一个重要问题.文中使用XTR公钥密码体制设计了一个群组密钥协商协议,该协议通过对迹函数的有效计算,获得了3倍的密钥压缩比,减少了协议的通信量.与同类协议相比,具有密钥长度小、安全性高、发送消息少的优点.     

关于DH密钥的多项式转化与比特安全性分析

在Diffie-Hellman密钥协商协议中,如果存在一个问答器OF,∈,和函数F(X),当输入双方的公钥rx和ry后,至少以ε(0<ε<1)的概率给出正确的协商密钥的函数值F(rxy),否则发出错误信息,则能够计算出所有情况下的协商密钥。若Q为GF(q)上的多项式根的个数,文章降低了Q的上界,于是可以用更少次数的问答器询问,恢复出所有的协商密钥。文章进一步研究了XTR-DH密钥的安全性,指出当XTR子群的阶为某些值时,指数密钥x的所有比特具有相同的安全性,同时也用推广的"奇偶检测法"来恢复用p进数表示的指数x的低"比特"位。     

CPK组合公钥体制（v7．0）

0引言 CPK体制（CPK Cryptosystem）是在ECC体制基础上实现的基于标识的非对称公众密钥体制,密钥分为私有密钥和公有密钥。     

基于密钥管理的密钥分发解决方案探析

密钥管理是在参与保密通信的各方中建立密钥并保护密钥的一整套过程和机制,涉及密钥的生成、分发、存储、销毁等各个环节中的保密措施,无论是私钥密码体制还是公钥密码体制,在密钥管理的各个环节中,密钥分发都是最为棘手的问题。文章给出了私钥密码体制和公钥密码体制密钥管理中密钥分发问题的解决方案,并对每种解决方案的原理和所存在的缺陷进行分析,同时指出了应对策略。     

Definitive TechnologyXTR Series

Mythos（神话）XTR音箱系列全新型号是美国音响品牌DefinitiveTechnology音箱最为超薄的型号之一，共分为三个型号和环绕音箱，分别为XTR20、XTR40、XTR50g]XTR60，     

条件接收系统(CAS)技术讲座第四讲广播电视系统中密码学的应用——公开密钥体制

在对称（机密）密钥体制中,加密密钥和解密密钥是相同的,这使得机密密钥体制存在很多缺陷,比如,如果有n个人互相通信,则需要n（n-1）／2个密钥,这给密钥的管理和分配带来很大的问题,此外机密密钥体制在支持数字签名和不可否认性等方面的安全性能也较差。     

REESSE1加密方案中杠杆函数的充分必要性分析

文章介绍了REESSE1公钥体制的加密方案,包括密钥生成、加密和解密3个算法.通过对密钥变换公式中杠杆函数(.)为常数或不存在的假设,讨论了连分式攻击,因而从逆否命题的角度证明了(.)对REESSE1体制私钥安全的必要性.作者通过不确定推理、反例列举和参数归约的方法论述了(.)存在时,REESSE1的私钥安全性等价于多变量排列难题、明文安全性大于离散对数难题,从而证明了(.)对REESSE1体制私钥与明文安全的充分性.最后,指出了私钥中包含三个独立参数的REESSE1体制与私钥中仅包含一个或两个参数的MH、RSA和ElGamal体制相比,复杂性得到了显著提高.     

Efficient identity-based security schemes for ad hoc network routing protocols

Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme.     

现代密码算法研究

密码技术是信息安全的核心技术。密码技术主要包括对称密码算法和非对称密码算法及协议。对称加密算法加密密钥和解密密钥相互推导容易,加/解密速度非常快,适用于大批量数据加密的场合。非对称密钥密码体制从私有密钥推导公开密钥是计算不可行的,虽然公钥加密算法在运行速度方面无法和对称加密算法媲美,但很好地解决了对称密码学面临的密钥的分发与管理问题,同时对于数字签名问题也给出了完美的解答。     

Cryptanalysis of a Key Exchange Protocol Based on Commuting Matrices

A key exchange protocol is considered unsafe.The scheme is based on a set of n commuting square singular matrices of dimension n × n over a finite field,and its security is claimed to rely on the hardness of the matrix version discrete logarithm problem.However,the proposal's design allows for a clean attack strategy.We show that the key exchange protocol is vulnerable to a linear algebra attack which only requires polynomial time to obtain the equivalent keys for all given public keys.We conduct a detailed analysis on the attack method and provide some improved suggestions on the key exchange protocol based on commuting matrices.     

A function node-based Multiple Pairwise Keys Management protocol for Wireless Sensor Networks and energy consumption analysis

In this letter, a Function node-based Multiple Pairwise Keys Management (MPKMF)protocol for Wireless Sensor Networks (WSNs) is firstly designed, in which ordinary nodes and cluster head nodes are responsible for data collection and transmission, and function nodes are responsible for key management. There are more than one function nodes in the cluster consulting the key generation and other security decision-making. The function nodes are the second-class security center because of the characteristics of the distributed WSNs. Secondly, It is also described that the formation of function nodes and cluster heads under the control of the former, and five kinds of keys, I.e., individual key,pairwise keys, cluster key, management key, and group key. Finally, performance analysis and ex-periments show that, the protocol is superior in communication and energy consumption. The delay of establishing the cluster key meets the requirements, and a multiple pairwise key which adopts the coordinated security authentication scheme is provided.     

A conference key distribution system

Encryption is used in a communication system to safeguard information in the transmitted messages from anyone other than the intended receiver(s). To perform the encryption and decryption the transmitter and receiver(s) ought to have matching encryption and decryption keys. A clever way to generate these keys is to use the public key distribution system invented by Diffie and Hellman. That system, however, admits only one pair of communication stations to share a particular pair of encryption and decryption keys, The public key distribution system is generalized to a conference key distribution system (CKDS) which admits any group of stations to share the same encryption and decryption keys. The analysis reveals two important aspects of any conference key distribution system. One is the multitap resistance, which is a measure of the information security in the communication system. The other is the separation of the problem into two parts: the choice of a suitable symmetric function of the private keys and the choice of a suitable one-way mapping thereof. We have also shown how to use CKDS in connection with public key ciphers and an authorization scheme.