A New Public-Key Encryption Scheme

This paper proposes a new public-key encryption scheme which removes one element from the public-key tuple of the original Cramer-Shoup scheme. As a result, a ciphertext is not a quadruple but a triple at the cost of a strong assumption, the third version of knowledge of exponent assumption （KEA3）. Under assumptions of KEA3, a decision Diffie-Hellman （DDH） and a variant of target collision resistance （TCRv）, the new scheme is proved secure against indistinguishable adaptive chosen ciphertext attack （IND-CCA2）. This scheme is as efficient as Damgard ElGamal （DEG） scheme when it makes use of a well-known algorithm for product of exponentiations. The DEG scheme is recently proved IND-CCA1 secure by Bellare and Palacio in ASIACRYPT 2004 under another strong assumption. In addition to our IND-CCA2 secured scheme, we also believe that the security proof procedure itself provides a well insight for ElGamal-based encryption schemes which are secure in real world.     

A Generic Framework for Anonymous Authentication in Mobile Networks

Designing an anonymous user authentication scheme in global mobility networks is a non-trivial task because wireless networks are susceptible to attacks and mobile devices powered by batteries have limited communication, processing and storage capabilities. In this paper, we present a generic construction that converts any existing secure password authen- tication scheme based on a smart card into an anonymous authentication scheme for roaming services. The security proof of our construction can be derived from the underlying password authentication scheme employing the same assumptions. Compared with the original password authentication scheme, the transformed scheme does not sacrifice the authentication effciency, and additionally, an agreed session key can be securely established between an anonymous mobile user and the foreign agent in charge of the network being visited. Furthermore, we present an instantiation of the proposed generic construction. The performance analysis shows that compared with other related anonymous authentication schemes, our instantiation is more effcient.     

Conjugate adjoining problem in braid groups and new design of braid-based signatures

The development of quantum computation casts serious threats to the securities of most existing public-key cryptosystems. Braid-based cryptography is one of the alternatives that have potential advantages in resisting quantum attacks. In this paper, the state of the art of braid cryptography is surveyed, and then a new cryptographic problem—conjugate adjoining problem related to braid groups is proposed. Based on this problem, we design a new braid-based signature scheme. This scheme is efficient and provab...     

Tight chosen ciphertext attack （CCA）-secure hybrid encryption scheme with full public verifiability

In this paper, we propose a new ＂full public verifiability＂ concept for hybrid public-key encryption schemes. We also present a new hybrid public-key encryption scheme that has this feature, which is based on the decisional bilinear Diffie-Hellman assumption. We have proven that the new hybrid public-key encryption scheme is secure against adaptive chosen ciphertext attack in the standard model. The ＂full public verifiability＂ feature means that the new scheme has a shorter ciphertext and reduces the security requirements of the symmetric encryption scheme. Therefore, our new scheme does not need any message authentication code, even when the one-time symmetric encryption scheme is passive attacks secure. Compared with all existing publickey encryption schemes that are secure to the adaptive chosen ciphertext attack, our new scheme has a shorter ciphertext, efficient tight security reduction, and fewer requirements （if the symmetric encryption scheme can resist passive attacks）.     

Multi-agent system motion planning under temporal logic specifications and control barrier function

In this paper, we provide a novel scheme to solve the motion planning problem of multi-agent systems under high-level task specifications. First, linear temporal logic is applied to express the global task specification. Then an efficient and decentralized algorithm is proposed to decompose it into local tasks. Moreover, we use control barrier function to synthesize the local controller for each agent under the linear temporal logic motion plan with safety constraint. Finally, simulation results show the effectiveness and efficiency of our proposed scheme.     

Signcryption with fast online signing and short signcryptext for secure and private mobile communication

Signcryption scheme is one of the useful tools for secure communication where authenticity and confidentiality are simultaneously required.Now,mobile devices are more and more widely used for communication,and thus it is desirable to design a scheme suitable to mobile applications.In this paper,we propose a signcryption scheme which is efficient enough to be implemented on mobile devices.In our scheme,we need only one multiplication in an online phase,and thus a signcryptor can generate a signcryptext very efficiently in the online phase.Moreover,the size of signcryptext is very short compared with exsiting schemes,and thus our scheme is very efficient in terms of communication overhead.The security of our signcryption scheme is proven in the random oracle model.     

Lifting scheme of symmetric tight wavelets frames

This paper proposes a method to realize the lifting scheme of tight frame wavelet filters. As for 4-channel tight frame wavelet filter, the tight frame transforms＇ matrix is 2×4, but the lifting scheme transforms＇ matrix must be 4×4. And in the case of 3-channel tight frame wavelet filter, the transforms＇ matrix is 2×3, but the lifting scheme transforms＇ matrix must be 3×3. In order to solve this problem, we introduce two concepts： transferred polyphase matrix for 4-channel filters and transferred unitary matrix for 3-channel filters. The transferred polyphase matrix is symmetric/antisymmetric. Thus, we use this advantage to realize the lifting scheme.     

Differential Evolution with Adaptive Mutation and Parameter Control Using Lévy Probability Distribution

Differential evolution (DE) has become a very popular and effective global optimization algorithm in the area of evolutionary computation. In spite of many advantages such as conceptual simplicity, high efficiency and ease of use, DE has two main components, i.e., mutation scheme and parameter control, which significantly influence its performance. In this paper we intend to improve the performance of DE by using carefully considered strategies for both of the two components. We first design an adaptive mutation scheme, which adaptively makes use of the bias of superior individuals when generating new solutions. Although introducing such a bias is not a new idea, existing methods often use heuristic rules to control the bias. They can hardly maintain the appropriate balance between exploration and exploitation during the search process, because the preferred bias is often problem and evolution-stage dependent. Instead of using any fixed rule, a novel strategy is adopted in the new adaptive mutation scheme to adjust the bias dynamically based on the identified local fitness landscape captured by the current population. As for the other component, i.e., parameter control, we propose a mechanism by using the Lvy probability distribution to adaptively control the scale factor F of DE. For every mutation in each generation, an F i is produced from one of four different Lvy distributions according to their historical performance. With the adaptive mutation scheme and parameter control using Lvy distribution as the main components, we present a new DE variant called Lvy DE (LDE). Experimental studies were carried out on a broad range of benchmark functions in global numerical optimization. The results show that LDE is very competitive, and both of the two main components have contributed to its overall performance. The scalability of LDE is also discussed by conducting experiments on some selected benchmark functions with dimensions from 30 to 200.     

System identification with binary-valued observations under both denial-of-service attacks and data tampering attacks:defense scheme and its optimality

In this paper,we investigate the defense problem against the joint attacks of denial-of-service attacks and data tampering attacks in the framework of system identification with binary-valued observations.By estimating the key parameters of the joint attack and compensating them in the identification algorithm,a compensation-oriented defense scheme is proposed.Then the identification algorithm of system parameter is designed and is further proved to be consistent.The asymptotic normality of the algorithm is obtained,and on this basis,we propose the optimal defense scheme.Furthermore,the implementation of the optimal defense scheme is discussed.Finally,a simulation example is presented to verify the effectiveness of the main results.     

System identification with binary-valued observations under both denial-of-service attacks and data tampering attacks: defense scheme and its optimality

In this paper, we investigate the defense problem against the joint attacks of denial-of-service attacks and data tampering attacks in the framework of system identification with binary-valued observations. By estimating the key parameters of the joint attack and compensating them in the identification algorithm, a compensation-oriented defense scheme is proposed. Then the identification algorithm of system parameter is designed and is further proved to be consistent. The asymptotic normality of the algorithm is obtained, and on this basis, we propose the optimal defense scheme. Furthermore, the implementation of the optimal defense scheme is discussed. Finally, a simulation example is presented to verify the effectiveness of the main results.     

基于SPKI的电子支付系统

SPKI证书主要用于访问控制,它强调分布式处理,允许任何拥有公私钥对的实体自由发布证书而不需要一个权威的第三方,从而使得证书的颁发更加简单方便。SPKI的一个重要特点是SPKI证书是基于公钥的而非基于名字。因此,使用SPKI证书便可以很容易地保护隐私。本文提出了一个基于SPKI的电子支付系统,该系统可以解决电子支付中的匿名名性问题。不仅如此,该系统还可以很好地保证交易时的公平性,解决电子商务支付中出现的其它很多问题。     

SPKI2.0信任模型的改进及应用

本文简要介绍了SPKI证书,同时提出使用SPKI证书进行访问控制时容易出现的问题,即查找证书链失败的问题,并提出了对SPKI授权认证模型改进的方法,使得当授权证书链不存在时客户端建立新的证书链访问资源服务器,并将此模型应用于网上电子商务中。     

用SPKI/SDSI证书实现网络文件访问控制*

比较了两种传统访问控制方法的优缺点,指出了新的基于SPKI/SDSI证书的访问控制方法的特点。简要介绍了SPKI/SDSI证书的工作原理和工作模型,设计了一个用SPKI/SDSI证书进行网络文件访问控制的系统,说明了系统的每个部分的具体实现方法,并给出了关键问题的部分代码或处理步骤。     

基于GSM的移动微支付方案

本文提出了一种基于GSM移动环境的微支付方案,它通过将计算、存储和通信量转移到静态的网络主机上使得移动电话的负荷最小化。在整个支付过程中,移动电话发送和接收的信息非常简单,且避开了复杂的公钥运算,减少了系统延时并消除了因通信失败而造成不完全支付的可能性。同时,本方案使用会话密钥对交易信息进行加密,保护了移动用户隐私和支付信息的安全。与其它移动微支付方案相比,由于本方案完全没有使用公开密钥算法,因而效率大大提高。此外,方案还为移动用户提供了有限的匿名性。     

SPKI/SDSI名字证书缩减闭包算法及改进

论文简要分析了SPKI/SDSI证书系统的特点及用途,介绍了SPKI/SDSI名字证书及名字证书缩减闭包的概念。给出了SPKI/SDSI名字证书缩减闭包计算的基本算法—B3HTNRC及其改进算—B2HTNCRC,对两种算法进行了实验比较,实验结果表明在输入证书集扩展越大时改进算法B2HTNCRC比B3HTNCRC的效率要越高。     

基于SIP协议的网络电话安全方案及实现

以基于身份的非对称加密技术为核心,引入身份证书和更具灵活性的XML格式属性证书,解决用户身份认证、私钥分发和安全实现增值服务问题。与话者在通话时,利用证书向PKDC进行身份认证,获取私钥,用于加密传输会话密钥。在信令协商过程中,CPL服务器通过验证用户的属性证书提取用户属性,更加便捷地实现增值服务。     

一种高效的SPKI/SDSI2.0策略分析算法

信任管理方法提供了一种新的思路,弥补了传统授权机制应用于分布式系统的不足.SPKI/SDSI2.0是目前较普及的信任管理系统,系统中的每个主体都可以发放证书.在一个特定的系统状态中,系统管理员需要知道关于系统的一些"特性",如某一主体是否有权访问被保护资源、一个本地名有哪些成员等.当证书数量庞大时,这些问题需要借助一定的工具才能回答.但以前的算法均集中于对授权问题的讨论,没有考虑与名字相关的系统策略分析,且分析效率偏低.提出了一种基于逻辑的SPKI/SDSI2.0策略分析算法EPAAS,从本质上拓宽了策略分析的领域,利用它不仅可以分析SPKI/SDSI2.0的授权问题及名字问题,还可以将这两类问题结合起来对系统策略进行综合查询;此外,EPAAS将策略分析的时间复杂度由原先算法的O(n<'3>/l)降至O(n),提高了分析效率.EPAAS用标准的Datalog程序表示SPKI/SDSI2.0的系统状态,以Datalog程序的最小Herbrand模型作为它的语义,证明了该语义的可靠性.     

Delegation with supervision

Delegation certificates (e.g. SPKI) support the decentralized management of access rights in organizations without the need for a centralized server to mediate every delegation operation. However, it does not allow the access rights to be delegated in a flexible way. For instance, a user cannot be granted the authorization to perform delegation of permission without granting himself/herself the authorization to exercise the associated permission at the same time. In this paper, we propose an improved delegation model, where the various users in a delegation chain may perform supervision on the delegate to exercise the delegated permission. We describe the way to support the model using SPKI as an example. Also, we describe how to support efficient authorization in delegation with supervision using proxy signature techniques.     

Bit-oriented quantum public-key encryption based on quantum perfect encryption

A bit-oriented quantum public-key encryption scheme is presented. We use Boolean functions as private-key and randomly changed pairs of quantum state and classical string as public-keys. Following the concept of quantum perfect encryption, we prepare the public-key with Hadamard transformation and Pauli transformation. The quantum part of public-keys is various with different classical strings. In contrast to the typical classical public-key scheme, one private-key in our scheme corresponds to an exponential number of public-keys. We investigate attack to the private-key and prove that the public-key is a totally mixed state. So the adversary cannot acquire any information about private-key from measurement of the public-key. Then, the attack to encryption is analyzed. Since the trace distance between two different ciphertexts is zero, the adversary cannot distinguish between the two ciphertext states and also obtains nothing about plaintext and private-key. Thus, we have the conclusion that the proposed scheme is information-theoretically secure under an attack of the private-key and encryption.     

Double-trapdoor anonymous tags for traceable signatures

This paper introduces a novel tool, public-key anonymous tag system, which is useful in building controlled privacy-protecting protocols. The double-trapdoor structure of the system not only allows the authority to create a token which can trace someone’s tags without violating anonymity of the tag issuer, but also allows the issuer to claim or deny the authorship of a tag in the stateless manner. An efficient instantiation based on simple assumptions in the standard model is presented. We then use it for a modular construction of traceable signatures. Our scheme supports a signature authorship claiming (and denial) that binds a claim to the public-key of the signer unlike that in known schemes. It is also the first scheme in the literature which features concurrent joining of users, stronger anonymity, and so on without random oracles.