Lattice-based certificateless encryption scheme

Certificateless public key cryptography (CL-PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL-PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be certificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large integer factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate-less encryption scheme based on lattices, more precisely, using the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factorization and discrete logarithms, the most operations are matrixvector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model.     

可抵御唯密文攻击的基于格的公钥加密

针对最新提出的对Cai-Cusick公钥加密方案的唯密文攻击进行研究, 提出了一个可抵御该攻击的新的公钥加密方案。通过对原始加密方案中某些参数的修改, 改变了公钥中向量长度, 从而实现对原始方案攻击的有效抵御, 并且通过程序模拟出新的加密方案。从数据分析可得, 随着实验次数的增加, 该方案抵御唯密文攻击的成功概率近似为百分之百。这说明了新的加密方案能有效抵御最新提出的唯密文攻击, 且由于该方案延续了原始加密方案的加密步骤, 其也具备了更少密文扩展的特性。今后将进一步研究语义安全的可抵御唯密文攻击的有效加密方案。     

标准模型下可证安全的无证书全同态加密体制

针对现有全同态加密体制普遍存在的公钥尺寸大的缺陷,结合无证书公钥加密的思想,提出一种无证书全同态加密体制设计方案,无需对公钥进行身份认证,因而有效提高密码系统的整体应用效率。体制利用满秩差分矩阵实现身份信息的嵌入,摆脱了对于哈希函数的依赖,因而在安全性证明中无需引入随机谕示假设;借助一对彼此对偶的正态分布采样函数实现部分私钥的提取,进而结合容错学习问题实例生成体制私钥;通过双重加密使服务器失去对用户密文进行解密的能力,从而杜绝密钥托管问题。体制的安全性在标准模型下归约到容错学习问题的难解性。     

Cryptanalysis and improvement of a certificateless encryption scheme in the standard model

Certificateless public key cryptography elimi- nates inherent key escrow problem in identity-based cryptog- raphy, and does not yet requires certificates as in the tradi- tional public key infrastructure. In this paper, we give crypt- analysis to Hwang et al.＇s certificateless encryption scheme which is the first concrete certificateless encryption scheme that can be proved to be secure against ＂malicious-but- passive＂ key generation center （KGC） attack in the stan- dard model. Their scheme is proved to be insecure even in a weaker security model called ＂honest-but-curious＂ KGC at- tack model. We then propose an improved scheme which is really secure against ＂malicious-but-passive＂ KGC attack in the standard model.     

Cryptanalysis and improvement of a certificateless encryption scheme in the standard model

Certificateless public key cryptography eliminates inherent key escrow problem in identity-based cryptography, and does not yet requires certificates as in the traditional public key infrastructure. In this paper, we give crypt-analysis to Hwang et al.’s certificateless encryption scheme which is the first concrete certificateless encryption scheme that can be proved to be secure against “malicious-but-passive” key generation center (KGC) attack in the standard model. Their scheme is proved to be insecure even in a weaker security model called “honest-but-curious” KGC attack model. We then propose an improved scheme which is really secure against “malicious-but-passive” KGC attack in the standard model.     

基于格的分层无证书代理签名方案

现有基于经典数论问题假设的无证书代理签名方案无法抵御量子计算机攻击,在应用于有大量用户的系统时会存在单点失效和不易扩展等局限。针对这些问题,提出一种基于格的分层无证书代理签名方案。首先,采用拒绝采样技术和无陷门技术提高密钥生成的计算效率;其次,不同层级的原始签名人和代理签名人通过交换随机选取的矩阵进行互认证,实现代理授权;最后,在随机预言机模型下的小整数解（SIS）困难问题假设下证明了该方案的安全性。相较于现有的代理签名方案,所提方案允许签名人来自不同层级且隶属于不同密钥生成中心（KGC）。性能评价实验结果表明,该方案的公钥尺寸是一个常数,代理签名和验证开销与层级无关,且代理密钥和签名尺寸非层级的线性量。因此,该方案可更好地满足大规模分布式异构网络对均衡负载的需求,是高效可行的。     

Lattice-based signcryption with equality test in standard model

A signcryption, which is an integration of a public key encryption and a digital signature, can provide confidentiality and authenticity simultaneously. Additionally, a signcryption associated with equality test allows a third party (e.g., a cloud server) to check whether or not two ciphertexts are encrypted from the same message without knowing the message. This application plays an important role especially in computing on encrypted data. In this paper, we propose the first lattice-based signcryption scheme equipped with a solution to testing the message equality in the standard model. The proposed signcryption scheme is proven to be secure against insider attacks under the learning with errors assumption and the intractability of the short integer solution problem. As a by-product, we also show that some existing lattice-based signcryptions either is insecure or does not work correctly.     

标准模型下强安全的无证书签密方案

首先指出近期提出的一种无证书签密方案易受到公钥替换攻击,并给出了相关攻击实例。进而提出一种新的无双线性对的无证书签密方案,通过对实体的无证书公钥和托管公钥进行独立的密码学验证,确保了新方案不遭受与现有方案类似的公钥替换攻击。在标准模型下,新方案被证明是安全的,能够实现无证书签密的不可伪造性和机密性。对比分析表明,新方案在确保强安全性的同时具有较好的计算性能。     

Improved certificate-based encryption in the standard model

Certificate-based encryption has been recently proposed as a means to simplify the certificate management inherent to traditional public key encryption. In this paper, we present an efficient certificate-based encryption scheme which is fully secure in the standard model. Our construction is more efficient (in terms of computational cost and ciphertext size) than any of the previous constructions known without random oracles.     

Cryptanalysis of a certificateless signcryption scheme in the standard model

Certificateless signcryption is a useful primitive which simultaneously provides the functionalities of certificateless encryption and certificateless signature. Recently, Liu et al. [15] proposed a new certificateless signcryption scheme, and claimed that their scheme is provably secure without random oracles in a strengthened security model, where the malicious-but-passive KGC attack is considered. Unfortunately, by giving concrete attacks, we indicate that Liu et al. certificateless signcryption scheme is not secure in this strengthened security model.     

Bit-oriented quantum public-key encryption based on quantum perfect encryption

A bit-oriented quantum public-key encryption scheme is presented. We use Boolean functions as private-key and randomly changed pairs of quantum state and classical string as public-keys. Following the concept of quantum perfect encryption, we prepare the public-key with Hadamard transformation and Pauli transformation. The quantum part of public-keys is various with different classical strings. In contrast to the typical classical public-key scheme, one private-key in our scheme corresponds to an exponential number of public-keys. We investigate attack to the private-key and prove that the public-key is a totally mixed state. So the adversary cannot acquire any information about private-key from measurement of the public-key. Then, the attack to encryption is analyzed. Since the trace distance between two different ciphertexts is zero, the adversary cannot distinguish between the two ciphertext states and also obtains nothing about plaintext and private-key. Thus, we have the conclusion that the proposed scheme is information-theoretically secure under an attack of the private-key and encryption.     

对标准模型下无证书签名方案的安全性分析

通过对一个标准模型下可证安全的无证书签名方案进行分析,指出该方案是不安全的。分析了一种针对该方案的公钥替换攻击和改进方案,说明该公钥替换攻击是一种平凡的伪造攻击,指出了这个改进方案也是不安全的。提出了一种新的密钥生成中心KGC攻击,即通用恶意KGC攻击,在这种攻击下,这两个无证书签名方案的KGC总是能够在系统参数生成阶段生成包含陷门信息的系统参数,利用这些参数,KGC不需要计算出用户的私钥就可以冒充任意系统用户对任意消息进行伪造签名。给出了攻击方法,并针对这种通用恶意KGC攻击提出了新的改进方案,使其能够抵抗这种攻击。     

标准模型下可证安全的有效无证书签密方案

目前大多数无证书签密方案都是在随机预言模型下提出的,针对随机预言模型下的方案往往无法在实际应用中构造相应实例这一问题,采用标准模型的方法来进行构造。在对几个已有标准模型下相应方案分析的基础上,指出它们都是不安全的。以Au等所提出的方案(AU M H, LIU J K, YUEN T H, 〖WTBX〗et al〖WTBZ〗. Practical hierarchical identity based encryption and signature schemes without random oracles. http://eprint.iacr.org/2006/368.pdf)为基础,利用椭圆曲线上的双线性对性质,提出了一个新的标准模型下可证安全的无证书签密方案。最后,利用决策双线性Diffie-Hellman(DBDH)等困难问题,证明该方案满足适应性选择密文攻击下的不可区分性以及适应性选择消息和身份攻击下的存在不可伪造性,因而方案是安全可靠的。     

Secure public-key encryption scheme without random oracles

Since the first practical and secure public-key encryption scheme without random oracles proposed by Cramer and Shoup in 1998, Cramer–Shoup’s scheme and its variants remained the only practical and secure public-key encryption scheme without random oracles until 2004. In 2004, Canetti et al. proposed a generic transformation from a selective identity-based encryption scheme to a public-key encryption by adding a one-time strongly signature scheme. Since then, some transformation techniques from a selective identity-based encryption scheme to a public-key encryption have been proposed to enhance the computational efficiency, for example, Boneh–Katz’s construction and Boyen–Mei–Waters’ scheme. These transformations have either traded-off the publicly verifiable properties or tightness of security reduction. In 2007, Zhang proposed another generic transformation by adding Chameleon hash functions. In this paper, we introduce another technique from the Boneh–Boyen’s selective identity-based encryption scheme to a public-key encryption which is publicly verifiable and is slightly more efficient than Zhang’s transformation. The proposed public-key encryption scheme is based on the decisional bilinear Diffie–Hellman assumption and the target collision resistant hash functions.     

关键词可检索的公钥加密技术综述

随着云计算技术的深入研究与应用,远程数据云存储的安全与隐私保护问题已成为企业和学术界共同关注的问题。传统数据加密方法虽然能部分解决上述的问题,但这些方法同时也给远程用户的查询和使用造成很多阻碍。针对这个问题,可查询加密技术提出了可行的一个解决方向,允许用户对远程存储的加密数据进行检索,因而也成为目前信息安全领域的一个研究热点。对公钥可查询加密中带有关键词检索的公钥加密(PEKS)的起源、背景及近年来研究成果进行综述,给出PEKS的形式化定义和安全性定义,详细论述PEKS中的安全信道依赖问题、查询功能改进等方面的研究成果,最后提出PEKS未来的发展趋势和理论研究中的热点及开放性问题。     

A new randomized message-locked encryption in the standard model

In this paper, we propose a new construction for randomized message-locked encryption (MLE) with privacy chosen-distribution attacks (PRV-CDA) and strong tag consistency (STC) securities in the standard model via UCEs. The new construction is based on \(\mathsf {UCE}[\mathsf {S}^{sup}\cap \mathsf {S}^{q\text {-}query}]\) secure family of hash functions, adaptively secure non-interactive zero knowledge proof system (NIZK) and indistinguishable chosen-plaintext attacks (IND-CPA) secure symmetric encryption (SE). Compared with existing randomized MLE schemes such as Bellare et al.’s XtESPKE scheme (Eurocrypt 2013), our scheme gives concrete instantiation and detailed security proofs. Although Abadi et al.’s construction for randomized MLE (Crypto 2013) achieves STC and PRV-CDA2, but their construction is designed in the random oracle model and cannot be instantiated, while our scheme can be instantiated in the standard model and achieves both STC and PRV-CDA securities.     

New forward-secure public-key encryption without random oracles

Forward-secure public-key cryptography is an important technique for protecting private keys. It provides the benefits of frequent updating private keys without changing public keys. The most attractive property of forward security is that even if an attacker obtains the private key for the current time period, she still cannot compromise the private keys for the past time. In this paper, we newly present a forward-secure public-key encryption scheme without random oracles and prove it to be chosen-ciphertext secure in the standard model. In the proposed scheme, the ciphertext size and the decryption time have no correlation with the number of time periods and other performance indices have at most poly logarithmic complexities in terms of the number of time periods. As far as we know, it is the first forward-secure public-key encryption scheme that achieves direct chosen-ciphertext security in the standard model.     

基于ElGamal的新型分布式前向安全门限公钥体制

门限体制和前向安全体制是解决公钥加密体制和数字签名体制中密钥泄露问题的主要方法。将二者结合，必将极大提高系统密钥的安全性。利用HASH函数的单向性和分布式随机数产生算法，提出一种新型的分布式密钥产生、更新算法。应用于E1Gamal公钥体制，提出同时具有门限性和前向安全性的新型分布式E1Gamal公钥体制，并给出安全性证明。     

Group signature implies public-key encryption with non-interactive opening

In this paper, we show that public-key encryption with non-interactive opening (PKENO) can be constructed from an arbitrary group signature (GS) scheme which is secure in the dynamic group setting and provides opening soundness. Moreover, the resulting PKENO construction is efficient if the underlying GS scheme is efficient and the message space of the PKENO scheme is restricted to short messages. Hence, our result not only shows that the existence of this type of GS implies the existence of PKENO, but also that designing a practical GS scheme is as difficult as designing a practical PKENO scheme. Our transform is constructed by carefully investigating the relationship between the functionalities of GS and that of PKENO, and developing a novel (but specific) multiple encryption technique. This multiple encryption technique plays an important role for simultaneously achieving both practical efficiency and security.     

标准模型下的高效强安全混合加密方案

如何设计标准模型下满足适应性选择密文安全（IND-CCA2）的高效加密方案,是公钥密码学领域的一个重要研究课题。基于判定型双线性Diffie-Hellman问题,提出了一个高效、短公/私钥长度、强安全的,基于对称加密算法、消息认证码算法、密钥分割算法等基础算法的一次一密型混合加密方案,分析了方案的安全性和效率。方案在标准模型下被证明具有IND-CCA2安全性,支持公开的密文完整性验证,与同类方案相比计算效率高。