共查询到20条相似文献,搜索用时 15 毫秒
1.
Efficient searching on encrypted data outsourced to the cloud remains a research challenge. Identity-based encryption with equality test (IBEET) scheme has recently been identified as a viable solution, in which users can delegate a trapdoor to the server and the server then searches on user outsourced encrypted data to determine whether two different ciphertexts are encryptions of the same plaintext. Such schemes are, unfortunately, inefficient particularly for deployment on mobile devices (with limited power/battery life and computing capacity). In this paper, we propose an efficient IBEET scheme with bilinear pairing, which reduces the need for time-consuming HashToPoint function. We then prove the security of our scheme for one-way secure against chosen identity and chosen ciphertext attacks (OW–ID–CCA) in the random oracle model (ROM). The performance evaluation of our scheme demonstrates that in comparison to the scheme of Ma (2016), our scheme achieves a reduction of 36.7% and 39.24% in computation cost during the encryption phase and test phase, respectively, and that our scheme is suitable for (mobile) cloud deployment. 相似文献
2.
When data security is facing growing threats, ordinary encryption techniques cannot meet the needs of comparing, sharing, and classifying data hidden in ciphertexts. At the same time, the advent of the quantum computing era has brought unprecedented challenges to traditional cryptography. Fortunately, a lattice-based PKEET scheme can solve the above problems. In this paper, we design a lattice-based PKE-DET scheme that can support the delegated tester function with satisfying anti-quantum computing security and resisting OMRA attacks. To the best of our knowledge, this is the first PKE-DET scheme that has both kinds of security at the same time. Under the standard model, we prove the security of the scheme based on the LWE hardness assumption. Compared with existing schemes, our scheme has many advantages, such as high security, delegated tester authorization, and small storage space. 相似文献
3.
It is tricky to determine whether two ciphertexts contain the same message when the messages are encrypted with different public keys. public key encryption with equality test (PKEET) addresses this problem without decryption. By integrating PKEET with identity-based encryption, identity-based encryption with equality test (IBEET) simplifies the certificate management in PKEET. In this paper, we first propose an IBEET scheme that can resist offline message recovery attacks (OMRA) and requires neither the dual-tester setting nor the group mechanism. With the help of some mathematical assumptions, we demonstrate the security of our scheme. Experiment results reveal that our scheme is efficient. From the perspective of usability, we explain why our scheme is more appropriate to be applied in healthcare social Apps than other OMRA-resistant schemes. 相似文献
4.
Attribute-based encryption (ABE) is an attractive extension of public key encryption, which provides fine-grained and role-based access to encrypted data. In its key-policy flavor, the secret key is associated with an access policy and the ciphertext is marked with a set of attributes. In many practical applications, and in order to address scenarios where users become malicious or their secret keys are compromised, it is necessary to design an efficient revocation mechanism for ABE. However, prior works on revocable key-policy ABE schemes are based on classical number-theoretic assumptions, which are vulnerable to quantum attacks. In this work, we propose the first revocable key-policy ABE scheme that offers an efficient revocation mechanism while maintaining fine-grained access control to encrypted data. Our scheme is based on the learning with errors (LWE) problem, which is widely believed to be quantum-resistant. Our scheme supports polynomial-depth policy function and has short secret keys, where the size of the keys depends only on the depth of the supported policy function. Furthermore, we prove that our scheme satisfies selective revocation list security in the standard model under the LWE assumption. 相似文献
5.
Public Key Encryption with Keyword Search (PEKS) makes it possible for a cloud server (CS) to match a trapdoor and a ciphertext. However, with the upgrowth of quantum techniques, most of the existing PEKS schemes will be broken by quantum computers in the coming future. Moreover, they are also under the threat of potential key exposure. Lattice-based forward secure PEKS scheme (FS-PEKS) overcomes the two problems above by combining the techniques of forward security and lattice-based cryptography. However, FS-PEKS schemes work in public key infrastructure (PKI), which will incur complicated certificate management procedures. In this work, to overcome the key management issue but still guarantee security even when attackers corrupt the keys, we extend the FS-PEKS scheme into the identity-based framework and present a forward secure identity-based encryption with keyword search (FS-IBEKS) scheme from lattice. The proposed scheme is secured under the selective identity against chosen plaintext attack (IND-sID-CPA) in the random oracle model. To further improve the security, we present another FS-IBEKS scheme into the standard model and give concrete security proof under the adaptive identity against chosen plaintext attack (IND-ID-CPA). The comprehensive performance evaluation demonstrates that our FS-IBEKS schemes are feasible for cloud computing. 相似文献
6.
7.
提出了一种新的带错误学习问题(learning with errors,LWE)的变种,这种变种中的秘密向量和错误向量的每一个分量都是取自于一个小区间上的一致分布,其中,运用了Applebaum等人提出的转换技术.这种技术将一致秘密的LWE样本映射到另一些LWE样本,这些样本的秘密是服从和错误一样的分布,同时只损失了一小部分的样本.这个变种有和标准LWE一样的最坏情形到平均情形的归约性,同时,它去除了标准LWE问题中的高斯抽样算法.基于新的变种,构造了一个密钥相关消息安全的公钥加密方案.方案去除了原来方案中的高斯抽样算法,取而代之的是小区间上的一致分布的抽样算法,从而降低了密钥生成算法和加密算法的开销. 相似文献
8.
《Journal of Computer and System Sciences》2016,82(5):756-757
Zheng, Xiang and Zhou published in Journal of Computer and System Sciences in 2015 a “strong provably secure IBE scheme without bilinear map”. In this note, we provide two very simple attacks on their scheme. 相似文献
9.
一种基于身份的认证加密新方案 总被引:5,自引:0,他引:5
将传统的对称加密方法与基于身份的公钥加密系统相结合,设计了一种基于身份的认证加密方案,该方案用椭圆曲线上的双线性映射构造,其安全性基于双线性的计算Diffie-Hellman假设和单向的Hash函数。与以往的文献中基于身份的公钥加密方法相比,该方案系统初始化简单、加密/解密效率高,具有较低的通信成本。 相似文献
10.
针对现有全同态加密体制普遍存在的公钥尺寸大的缺陷,结合无证书公钥加密的思想,提出一种无证书全同态加密体制设计方案,无需对公钥进行身份认证,因而有效提高密码系统的整体应用效率。体制利用满秩差分矩阵实现身份信息的嵌入,摆脱了对于哈希函数的依赖,因而在安全性证明中无需引入随机谕示假设;借助一对彼此对偶的正态分布采样函数实现部分私钥的提取,进而结合容错学习问题实例生成体制私钥;通过双重加密使服务器失去对用户密文进行解密的能力,从而杜绝密钥托管问题。体制的安全性在标准模型下归约到容错学习问题的难解性。 相似文献
11.
Improved certificate-based encryption in the standard model 总被引:1,自引:0,他引:1
Certificate-based encryption has been recently proposed as a means to simplify the certificate management inherent to traditional public key encryption. In this paper, we present an efficient certificate-based encryption scheme which is fully secure in the standard model. Our construction is more efficient (in terms of computational cost and ciphertext size) than any of the previous constructions known without random oracles. 相似文献
12.
现有全同态加密体制普遍存在密文尺寸较大和采用单比特加密所导致的效率较低问题.在Gentry等人提出的全同态加密体制(简称GS W13体制)的基础上,通过修改其展开方式,利用近似特征向量技术,提出了一种新的全同态加密体制.在随机喻示模型下,将新体制的安全性归约到判定性容错学习问题(decisional lear-ning with errors,DLWE)的难解性,给出了其正确性和安全性的证明.又在不改变系统参数的条件下,采用多比特加密,对新体制进行优化.与GSW13体制相比,新体制的密文尺寸减小61.47%,加密运算量减少68.97%.新体制不仅减小密文扩张,而且减少同态运算计算次数,从而提高了体制效率. 相似文献
13.
14.
基于身份公钥加密是一种以用户的身份标识符作为公钥的新型加密体制。本文首先介绍基于身份的公钥加密方案(IBE),给出IBE安全加密体制的基本框架结构与工作原理;设计了一个IBE密钥管理方案,实现IBE公钥和私钥的安全分发;提出了一套基于IBE的安全电子邮件系统,开发了一个PKG密钥服务器和Outlook邮件客户端加密插件,并实现IBE密钥管理方案;最后讨论了IBE邮件加密系统的安全问题。 相似文献
15.
Semantic security and anonymity are the two main properties that an identity-based encryption scheme can satisfy. Such properties can be defined in either an adaptive or a selective scenario, which differ on the moment where the attacker chooses the identity/ies that are the target of the attack. There are well-known separations between selective and adaptive semantic security on the one hand, and between selective and adaptive anonymity on the other hand.In this paper we investigate the relations between these selective and adaptive notions, for identity-based encryption schemes enjoying at the same time some security and anonymity properties. On the negative side, we prove that there is a separation between selective and adaptive anonymity even for schemes which enjoy adaptive semantic security. On the positive side, we prove that selective semantic security and adaptive anonymity imply adaptive semantic security. 相似文献
16.
Key revocation is critical for the practicality of any public key cryptosystem and identity-based encryption (IBE) system. When a user’s private key is compromised, it is important for him/her to revoke his/her key. Up to now, little work has been published on key revocation in IBE systems. We propose a low-complexity key update technique to solve the revocation problem in an IBE system in which any revoked user is able to re-join the system without changing his or her identity or re-setup the system. 相似文献
17.
同态加密在云计算等领域具有重要的应用价值,针对现有同态加密方案中私钥个数多和需要预设乘法同态次数的缺陷,基于一个具有特殊b的误差学习问题(learning with errors problem, LWE)变种bLWE(the “special b” variant of the learning with errors problem),得到具有循环安全性的重线性化过程,据此构造了一个较高效的同态加密方案.与Brakerski等人的方案相比,方案的构造者不需要事先知道服务器中乘法同态次数,且私钥个数由原来的L+1个大幅度地缩小为1个.最后,在标准模型下对重线性化过程的循环安全性和方案的CPA安全性进行了严格证明. 相似文献
18.
Jia YuAuthor Vitae Fanyu KongAuthor VitaeXiangguo ChengAuthor Vitae Rong HaoAuthor VitaeJianxi FanAuthor Vitae 《Journal of Systems and Software》2012,85(2):382-391
Traditional identity-based signatures depend on the assumption that secret keys are absolutely secure. Once a secret key is exposed, all signatures associated with this secret key have to be reissued. Therefore, limiting the impact of key exposure in identity-based signature is an important task. In this paper, we propose to integrate the intrusion-resilient security into identity-based signatures to deal with their key exposure problem. Compared with forward-secure identity-based signatures and key-insulated identity-based signatures, our proposal can achieve higher security. The proposed scheme satisfies that signatures in any other time periods are secure even after arbitrarily many compromises of base and signer, as long as the compromises do not happen simultaneously. Furthermore, the intruder cannot generate signatures pertaining to previous time periods, even if she compromises base and signer simultaneously to get all their secret information. The scheme enjoys nice average performance. There are no cost parameters including key setup time, key extract time, base (signer) key update time, base (signer) key refresh time, signing time, verifying time, and signature size, public parameter size, base (signer) storage size having complexity more than O(log T) in terms of the total number of time periods T in this scheme. We also give the security definition of intrusion-resilient identity-based signature scheme and prove that our scheme is secure based on this security definition in the random oracle model assuming CDH problem is hard. 相似文献
19.
Waters在欧密2005上提出的基于身份加密方案是选择明文安全的,这就使得该方案很难应用于一些安全性要求较高的环境中。针对这一问题,设计了一个标准模型下选择密文安全的基于身份的加密扩展方案。该扩展方案基于Waters的方案,其密文中增加一个附加信息,而扩展方案是选择密文安全的,所以解决了Waters方案仅达到选择明文安全的问题。在标准模型下,扩展方案的安全性归约为判定性双线性Diffie-Hellman困难假设。安全性分析表明,扩展方案抵抗自适应选择密文攻击是不可区分的。 相似文献
20.
目前全同态加密的效率亟待提高,为了提高全同态加密的效率,提出一个LWE(learning with errors)上的短公钥多位全同态加密方案.方案中从离散高斯分布上选取LWE样例,并且将高斯噪音与之相加,导致LWE样例从 2n log q下降到n+1,使得方案的公钥长度变短.详细给出了该方案的噪音增长分析与安全性证明;此外,对目前密钥交换技术进行了优化,并且针对多位全同态加密,给出了密钥交换优化版本的形式化描述;最后,针对目前全同态加密的实践应用,给出了分析全同态加密具体安全参数的方法.分析了该方案与BGH13方案的具体安全参数,数据显示该方案的具体参数长度要优于BGH13方案. 相似文献