A New Public-Key Encryption Scheme

This paper proposes a new public-key encryption scheme which removes one element from the public-key tuple of the original Cramer-Shoup scheme. As a result, a ciphertext is not a quadruple but a triple at the cost of a strong assumption, the third version of knowledge of exponent assumption （KEA3）. Under assumptions of KEA3, a decision Diffie-Hellman （DDH） and a variant of target collision resistance （TCRv）, the new scheme is proved secure against indistinguishable adaptive chosen ciphertext attack （IND-CCA2）. This scheme is as efficient as Damgard ElGamal （DEG） scheme when it makes use of a well-known algorithm for product of exponentiations. The DEG scheme is recently proved IND-CCA1 secure by Bellare and Palacio in ASIACRYPT 2004 under another strong assumption. In addition to our IND-CCA2 secured scheme, we also believe that the security proof procedure itself provides a well insight for ElGamal-based encryption schemes which are secure in real world.     

Construction of a key-dependent message secure symmetric encryption scheme in the ideal cipher model

Key-dependent message （KDM） security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal cipher model （ICM）; we prove that our scheme is KDM secure against active attacks with respect to arbitrary polynomialtime challenge functions. Our main idea is to introduce a universal hash function （UHF） h as a random value for each encrypfion, and then use s = h（sk） as the key of the ideal cipher F, where sk is the private key of our symmetric encryption scheme. Although many other schemes that are secure against KDM attacks have already been proposed, in both the ideal standard models, the much more significance of our paper is the simplicity in which we implement KDM security against active attacks.     

Efficient ID-Based Multi-Decrypter Encryption with Short Ciphertexts

Multi-decrypter encryption is a typical application in multi-user cryptographic branches. In multi-decrypter encryption, a message is encrypted under multiple decrypters＇ public keys in the way that only when all the decrypters cooperate, can the message be read. However, trivial implementation of multi-decrypter encryption using standard approaches leads to heavy computation costs and long ciphertext which grows as the receiver group expands. This consumes much precious bandwidth in wireless environment, such as mobile ad hoc network. In this paper, we propose an efficient identity based multi-decrypter encryption scheme, which needs only one or zero （if precomputed） pairing computation and the ciphertext contains only three group elements no matter how many the receivers are. Moreover, we give a formal security definition for the scheme, and prove the scheme to be chosen ciphertext secure in the random oracle model, and discuss how to modify the scheme to resist chosen ciphertext attack.     

Cryptanalysis and improvement of a certificateless encryption scheme in the standard model

Certificateless public key cryptography elimi- nates inherent key escrow problem in identity-based cryptog- raphy, and does not yet requires certificates as in the tradi- tional public key infrastructure. In this paper, we give crypt- analysis to Hwang et al.＇s certificateless encryption scheme which is the first concrete certificateless encryption scheme that can be proved to be secure against ＂malicious-but- passive＂ key generation center （KGC） attack in the stan- dard model. Their scheme is proved to be insecure even in a weaker security model called ＂honest-but-curious＂ KGC at- tack model. We then propose an improved scheme which is really secure against ＂malicious-but-passive＂ KGC attack in the standard model.     

Threshold public key encryption scheme resilient against continual leakage without random oracles

Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how to correctly decrypt a ciphertext where all servers continually leak information about their secret keys to an external attacker. Dodis et al. and Akavia et al. show two concrete schemes on how to store secrets on continually leaky servers. However, their construc- tions are only interactive between two servers. To achieve continual leakage security among more than two servers, we give the first threshold public key encryption scheme against adaptively chosen ciphertext attack in the continual leak- age model under three static assumptions. In our model, the servers update their keys individually and asynchronously, without any communication between two servers. Moreover, the update procedure is re-randomized and the randomness can leak as well.     

Constructing parallel long-message signcryption scheme from trapdoor permutation

A highly practical parallel signcryption scheme named PLSC from trapdoor per- mutations (TDPs for short) was built to perform long messages directly. The new scheme follows the idea “scramble all, and encrypt small”, using some scrambling operation on message m along with the user’s identities, and then passing, in par- allel, small parts of the scrambling result through corresponding TDPs. This design enables the scheme to flexibly perform long messages of arbitrary length while avoid repeatedly invoking TDP operations such as the CBC mode, or verbosely black-box composing symmetric encryption and signcryption, resulting in notice- able practical savings in both message bandwidth and efficiency. Concretely, the signcryption scheme requires exactly one computation of the “receiver’s TDP” (for “encryption”) and one inverse computation of the “sender’s TDP” (for “authentica- tion”), which is of great practical significance in directly performing long messages, since the major bottleneck for many public encryption schemes is the excessive computational overhead of performing TDP operations. Cutting out the verbosely repeated padding, the newly proposed scheme is more efficient than a black-box hybrid scheme. Most importantly, the proposed scheme has been proven to be tightly semantically secure under adaptive chosen ciphertext attacks (IND-CCA2) and to provide integrity of ciphertext (INT-CTXT) as well as non-repudiation in the random oracle model. All of these security guarantees are provided in the full multi-user, insider-security setting. Moreover, though the scheme is designed to perform long messages, it may also be appropriate for settings where it is imprac- tical to perform large block of messages (i.e. extremely low memory environments such as smart cards).     

New designing of cryptosystems based on quadratic fields

This paper proposes a method to construct new kind of non-maximal imaginary quadratic order （NIQO＊） by combining the technique of Diophantine equation and the characters of non-maximal imaginary quadratic order. It is proved that in the class group of this new kind of NIQO＊, it is very easy to design provable secure cryptosystems based on quadratic field （QF）. With the purpose to prove that this new kind of QF-based cryptosystems are easy to implement, two concrete schemes are presented, i.e., a Schnorr-like signature and an EIGamel-like encryption, by using the proposed NIQO＊. In the random oracle model, it is proved that： （1） under the assumption that the discrete logarithm problem over class groups （CL-DLP） of this new kind of NIQO＊ is intractable, the proposed signature scheme is secure against adaptive chosen-message attacks, i.e., achieving UF-CMA security; （2） under the assumption that the decisional Diffie-Hellman problem over class groups （CL-DDH） of this new kind of NIQO＊ is intractable, the enhanced encryption in this paper is secure against adaptive chosen-ciphertext attacks, i.e., reaching IND-CCA2 security.     

Identity based signature scheme based on cubic residues

We propose a novel method to compute a cubic root of a cubic residue in Eisenstein ring.By applying our method,a new identity based signature scheme is proposed based on cubic residues.We formally prove that our scheme is secure against existential forgery on the adaptive chosen message and identity attacks assuming the hardness of factoring.Our scheme is the first identity based signature scheme based on cubic residues.     

A provable secure fuzzy identity based signature scheme

To use biometrics identities in an identity based encryption system,Sahai and Waters first introduced the notion of fuzzy identity based encryption(FIBE) in 2005.Yang et al.extended it to digital signature and introduced the concept of fuzzy identity based signature(FIBS) in 2008,and constructed an FIBS scheme based on Sahai and Waters’s FIBE scheme.In this paper,we further formalize the notion and security model of FIBS scheme and propose a new construction of FIBS scheme based on bilinear pairing.The proposed scheme not only provides shorter public parameters,private key and signature,but also have useful structures which result in more efficient verification than that of Yang et al.’s FIBS scheme.The proposed FIBS scheme is proved to be existentially unforgeable under a chosen message attack and selective fuzzy identity attack in the random oracle model under the discrete logarithm assumption.     

IK-CPA security implies IE-CCA security in the random oracle model

Key-privacy is a notion of security that is concerned with the key anonymity in public-key encryption.Some popular schemes keep key-privacy,while others do not.Key-privacy has been shown to be orthogonal to data-privacy within one cryptosystem.This paper investigates the relationship between keyprivacy and data-privacy in public-key encryption.We show that the existence of IK-CPA secure cryptosystems implies the existence of IE-CCA secure cryptosystems in the random oracle model.The main contributions include a novel construction of a family of injective one-way trapdoor functions directly based on any IK-CPA secure public-key cryptosystem in the random oracle model.This construction adopts a novel idea in the construction compared to the existing one.The latter was based on unapproximable trapdoor predicates.The novelty of the construction allows to show that the injective trapdoor functions are secure under correlated products with respect to uniform repetitional distribution.That further allows us to conclude,in the random oracle model,that the existence of IK-CPA secure public-key cryptosystems implies the existence of CCA secure cryptosystems by a result of Rosen and Segev.     

高效的适应性选择密文安全公钥加密算法

安全高效的公钥加密算法是信息系统安全的重要保障技术,文中利用陷门承诺函数的思想实现对密文完整性的保护,由此在标准模型下给出一个可证明适应性选择密文攻击安全的公钥加密算法.新算法与著名的CS98公钥加密算法相比公钥参数数量减少20%,私钥参数减少80%;与BMW05公钥加密算法比较,公、私钥参数数量大为减少且安全规约效率...     

标准模型下的高效强安全混合加密方案

如何设计标准模型下满足适应性选择密文安全（IND-CCA2）的高效加密方案,是公钥密码学领域的一个重要研究课题。基于判定型双线性Diffie-Hellman问题,提出了一个高效、短公/私钥长度、强安全的,基于对称加密算法、消息认证码算法、密钥分割算法等基础算法的一次一密型混合加密方案,分析了方案的安全性和效率。方案在标准模型下被证明具有IND-CCA2安全性,支持公开的密文完整性验证,与同类方案相比计算效率高。     

一种基于身份和密钥封装机制的加密方案

提出一个基于身份和密钥封装机制的加密方案,采用对称加密技术实现信息的高效加密解密,利用基于身份的密码算法传递对称密钥。该方案扩展了标准模型下可证明安全的选择密文攻击的加密方案,其安全性规约为判定性Diffie-Hellman假设。分析结果表明,该方案对抵抗自适应选择密文攻击是不可区分的。     

Signcryption from randomness recoverable public key encryption

We propose a new generic construction for signcryption and show that it is secure under the security models which are comparable to the security against adaptive chosen ciphertext attacks for public key encryption and the existential unforgeability against chosen message attacks for signature. In particular, the security models also capture the notion of insider security. The generic construction relies on the existence of a special class of efficient public key encryption schemes which allow the encryption randomness to be recovered during decryption. We also propose two efficient instantiations for the generic construction and show that one of them has less message expansion and yields smaller ciphertext when compared with all the existing signcryption schemes.     

不可信更新的前向安全公钥加密方案：安全性模型和构造

已提出的不可信更新的前向安全公钥加密方案没有安全性证明,因此对方案的安全性存在质疑。对前向安全公钥加密方案进行扩展,给出首个具有可证明安全的不可信更新前向安全公钥加密方案。首先给出了不可信更新的前向安全公钥加密的方案定义和形式化安全性模型;根据方案定义,运用双线性映射技术以及高效的对称加密机制,提出一个不可信更新的前向安全公钥加密方案,并在随机预言机模型下证明了该方案的安全性。通过分析,该方案具有定长密文,定长私钥,固定加/解密开销,固定密钥更新开销的特点,具有一定的实用性。     

可抵御唯密文攻击的基于格的公钥加密

针对最新提出的对Cai-Cusick公钥加密方案的唯密文攻击进行研究, 提出了一个可抵御该攻击的新的公钥加密方案。通过对原始加密方案中某些参数的修改, 改变了公钥中向量长度, 从而实现对原始方案攻击的有效抵御, 并且通过程序模拟出新的加密方案。从数据分析可得, 随着实验次数的增加, 该方案抵御唯密文攻击的成功概率近似为百分之百。这说明了新的加密方案能有效抵御最新提出的唯密文攻击, 且由于该方案延续了原始加密方案的加密步骤, 其也具备了更少密文扩展的特性。今后将进一步研究语义安全的可抵御唯密文攻击的有效加密方案。     

云环境下可搜索加密技术安全机制及应用陷阱

为了能在云计算环境下安全地使用可搜索加密技术,针对近几年来可搜索加密技术的研究成果,总结了云计算环境下对称/非对称可搜索加密技术的主要算法模型与安全模型,分析了安全方案的安全缺陷,并分析了基本可搜索加密方案与加入了密文安全传输、匿名性、第三方代理、隐私保护协议的四类增强方案在基于选择关键字攻击、字典攻击、统计分析攻击、选择明文攻击四类攻击模型下的安全性。最后,总结了可搜索加密技术的应用陷阱,并提出了当前可搜索加密技术面临的安全性挑战。     

明文编码随机化加密方案

对著名的最优非对称填充加密方案（RSA-OAEP）及其改进方案进行分析发现：（1）这些方案的明文填充机制均采用Hash函数来隐藏明文统计特性,然而Hash函数特有的属性导致RSA-OAEP及其改进方案的安全性证明难以在标准模型下进行.很多研究工作表明,在标准模型下假定RSA（或者其变形）是困难的,无法证明RSA-OAEP及其改进方案对自适应性选择密文攻击是安全性的;（2）这些方案加密的消息是明文填充随机化处理后的信息,因此被加密信息比实际明文多出k位（设用于填充的随机数为k位）.针对这两个问题,构造了一个基于配对函数编码的RSA型加密方案.该方案具有如下属性：（1）无需Hash运算就可以隐藏明文统计特性,同时使得被加密消息的长度短于实际明文的长度;（2）在标准模型下对自适应选择密文攻击是安全的;（3）该方案应用于签密时不需要额外协商签名模与加密模的大小顺序.     

云计算中的标准模型下基于证书混合加密方案

随着云计算的快速发展,数据安全已成为云安全的一个关键问题,尤其是云中存储和传输的数据量巨大,对安全性要求较高。另一方面,基于证书密码体制克服了传统公钥密码体制的证书管理问题及基于身份密码体制的密钥托管问题,为构造安全高效的PKI提供了新的方法,但现有基于证书加密方案大都采用双线性对构造,计算效率较低。针对云计算环境,基于判定性缩减Diffie-Hellman难题,提出了一个不含对运算的基于证书混合加密方案,分析了安全性和效率。该方案是建立在密钥封装算法、对称加密算法、消息认证码算法基础上的一次一密型加密方案。分析表明,该方案在标准模型下可以抵抗适应性选择密文攻击,计算效率较高,适合于对云计算中安全性要求较高的长消息的加密。