基于无证书的格基代理签密方案

无证书代理签密在信息安全领域发挥着越来越重要的作用。现有的大多数无证书代理签密基于传统数学理论,无法抵制量子计算攻击。该文采用格密码技术提出基于无证书的格基代理签密(L-CLPSC)方案。L-CLPSC在带错误学习(LWE)问题和小整数解(SIS)问题的困难假设下满足自适应选择密文攻击下的不可区分性和自适应选择消息攻击下的不可伪造性。相比较而言,L-CLPSC具有更高的计算效率和更低的通信代价。     

一种基于环上LWE的广义签密方案

广义签密可以灵活地工作在签密、签名和加密三种模式,具有很强的实用性.本文结合基于格的签名方案和密钥交换协议,构造了一个无陷门的广义签密方案.方案构造中引入了区分函数,根据输入的发送方与接收方密钥情况来自动识别加密、签名和签密三种模式,保障了算法在这三种工作模式下的优美对称性.基于环上判定性LWE问题,并借鉴FO13的方法,证明了该方案满足自适用抗选择密文攻击不可区分性安全性(IND-CCA2)和自适用抗选择消息攻击强不可伪造性安全性(SUF-CMA).该方案是基于Fiat-Shamir的中止(abort)框架,没有用到复杂的原像抽样和陷门生成算法,具有较高的计算效率.     

对一个格基身份签名方案的分析和改进

首先分析了Liu等人2013年给出的一个格基身份签名（IBS）方案在安全性证明中存在的问题,进而说明方案的证明达不到作者所宣称的选择身份和自适应选择消息攻击下的强不可伪造性。其次,使用Boyen10签名技术（PKC 2010）对此方案中签名算法进行改进,并在标准模型下证明了改进方案在选择身份和自适应选择消息攻击下具有强不可伪造性的安全性质。另外,对比分析了改进的方案和其他IBS方案的效率和安全性。     

一个动态门限的基于属性签密方案

签密能同时实现加密与签名,并且代价小于传统的先签名再加密。该文在Li等人(2010)签名方案的基础上提出了一个动态门限的基于属性签密方案,除具有一般签密方案的保密性和认证性外,还同时具有签密者属性隐私安全性和多接收者特性。在随机预言机模型下,利用判定双线性Diffie-Hellman (DBDH)问题和计算Diffie- Hellman (CDH)问题的困难性,证明了该方案满足在适应性选择密文攻击下的不可区分性及适应性选择消息下的不可伪造性。     

两种签密方案的安全性分析及改进

签密是能够在同一算法中提供认证性和机密性的密码方案,而所需要的计算量、通信成本和密文长度比先签名后加密的分开来实现要低,有较多的实际应用需求。多签密方案是多个签密者对同一明文执行签密操作。该文分析了两个签密方案:Li等(2006)提出的签密方案和Zhang等(2008)提出的多签密方案,并通过选择明文攻击证明二者不能不具有语义安全性,并在此基础上提出了改进的方案,采用隐藏消息明文方法抵抗选择明文攻击,采用多签密成员签名认证的方法防止多成员签密密文被篡改,可抵抗选择明文攻击和选择身份攻击,达到语义安全性。     

可证安全的传统公钥密码-无证书公钥密码异构聚合签密方案

异构签密可以保证异构密码系统之间数据的机密性和不可伪造性。分析现有的异构签密方案,发现它们只针对单个消息,无法实现批验证。聚合签密能够把不同用户对多个消息产生的签密密文同时发送给接收者,而且可以提供批量验证,降低验证开销。该文提出一个传统公钥密码-无证书公钥密码异构聚合签密方案,该方案不仅能够保证传统公钥密码(TPKI)和无证书公钥密码(CLPKC)系统间通信的机密性和认证性,而且聚合验证时不需要双线性对。在随机预言模型下,基于间隙双线性Diffie-Hellman困难问题、计算Diffie-Hellman困难问题和离散对数问题,证明该方案满足自适应性选择密文攻击下的不可区分性和自适应选择消息下的不可伪造性。     

NTRU格上高效的身份基线性同态签名方案

针对现有的格上身份基线性同态签名方案密钥存储量大、结构复杂导致方案实际运行效率相对偏低的问题,提出了一个NTRU(Number Theory Research Unit)格上高效的身份基线性同态签名方案。首先在密钥生成阶段利用NTRU密钥生成算法产生主密钥,接着采用格基委派算法给出身份签名私钥,最后运行NTRU格上原像抽样算法产生出线性同态签名。对方案的安全性证明与性能分析结果表明,新方案满足正确性,具有弱内容隐私性。在随机预言机模型下,该方案在小整数解问题困难性条件下满足适应性选择身份和选择消息的存在性不可伪造性。同时,由于采用NTRU格的特殊结构,新方案在密钥量与运行效率方面与已有方案相比较均具有显著的优势,这对于计算资源受限环境的同态认证中具有重要的应用价值。     

强不可伪造的基于身份服务器辅助验证签名方案

标准模型下的基于身份签名方案大多数是存在性不可伪造的,无法阻止攻击者对已经签名过的消息重新伪造一个合法的签名,并且验证签名需要执行耗时的双线性对运算。为了克服已有基于身份签名方案的安全性依赖强和计算代价大等缺陷,提出了一个强不可伪造的基于身份服务器辅助验证签名方案,并在标准模型下证明了新方案在合谋攻击、自适应选择身份和消息攻击下是安全的。分析结果表明,新方案有效减少了双线性对的计算量,大大降低了签名验证算法的计算复杂度,在效率上优于已有的基于身份签名方案。     

一种基于身份的环签密方案

使用威尔配对,本文提出了一种基于身份的环签密方案,给出了具体的算法.该方案能够使消息的发送者以一种完全匿名的方式发送消息,并且同时实现保密性和认证性两种功能.我们证明了在决策双线性Diffie-Hellman问题难解的假设下,新提出的方案对自适应选择密文攻击是安全的.与传统的先签名后加密的方案相比,本方案中密文长度有了明显的降低,在低带宽的要求下更加可行.     

基于国产密码算法SM9的可追踪属性签名方案

国产密码算法SM9是我国自主设计的标识密码方案,现已受到各界的广泛关注。为了解决现有属性签名(ABS)方案验签效率不高这一问题,该文基于国密SM9算法构造新的支持树形访问策略的属性签名方案,该方案的验签操作仅需1次双线性对映射和1次指数运算。此外,所提方案具有签名者身份可追踪功能,防止恶意签名者利用属性签名的匿名性进行非法签名操作,从而避免传统属性签名中无条件匿名性下的签名滥用问题。安全分析结果表明所提方案在随机谕言机模型下具有不可伪造性,同时也可抗合谋攻击。与现有的可追踪属性签名方案相比,所提方案的追踪算法效率更高,签名与验签开销也更低。实验结果表明,所提方案验签算法的计算复杂度与策略规模无关,完成1次验签算法仅需2 ms。     

Provable security signcryption scheme based on RLWE without trapdoor

In view of the existing efficiency and security problems of lattice based signcryption,with the ABB16’s signature scheme ring-TESLA,a signcryption scheme without trapdoor named RLWE-SC was constructed,which achieved indistinguish ability against adaptive chosen cipher text attack (IND-CCA2) security and strongly existential unforgeability against chosen message attack (SUF-CMA) security respectively in terms of confidentiality and authentication based on the problem of learning with errors on ring.The size of the public and private keys was optimized by the construction on the ring.The complex trapdoor generation and preimage sample calculation was avoided by the structure without trapdoor.Efficiency analysis and experiment shows that RLWE-SC has better computational and communication performance than other similar lattice-based signcryption schemes with the same security strength.     

Novel hierarchical identity-based encryption scheme from lattice

Aiming at the high complexity in user’s private key extraction and large expansion ratio of trapdoor size in previous hierarchical identity-based encryption (HIBE) schemes,a new HIBE scheme was proposed.The implicit extension method to improve preimage sampling algorithm was used,and then combined the improved algorithm with MP12 trapdoor delegation algorithm to construct an efficient HIBE user’s private key extraction algorithm.Finally,the new extraction algorithm and the Dual-LWE algorithm was integrated to complete the scheme.Compared with the similar schemes,the efficiency of the proposed scheme was improved in system establishment and user’s private key extraction stage,the trapdoor size grows only linearly with the system hierarchical depth,and the improved preimage sample algorithm partly solves the Gaussian parameter increasing problem induced by MP12 trapdoor delegation.The security of the proposed scheme strictly reduces to the hardness of decisional learning with errors problem in the standard model.     

Novel identity-based fully homomorphic encryption scheme from lattice

The previous identity-based homomorphic encryption schemes from lattice was analyzed.That the high complexity in previous schemes was mainly caused by trapdoor generation and preimage sampling was pointed out.A new solution was proposed.A novel identity-based encryption scheme from lattice by combining new trapdoor function and dual-LWE algorithm organically was constructed,and it was transformed to an identity-based fully homomorphic encryption scheme from lattice by employing the idea of eigenvector.Comparative analysis shows that the scheme’s complexity of trapdoor generation has a significant reduction,the complexity of preimage sampling has a nearly three-fold reduction,and the SIVP approximation factor has a $\sqrt{m}$ times reduction.The security of the proposed scheme strictly reduces to the hardness of decisional learning with errors problem in the standard model.     

Leakage-resilient certificateless signcryption scheme

In practical applications,the potential adversary may exploit partial information about the secret keys by side-channel attacks ,traditional certificateless signcryption schemes can’t resist these key-leakage attacks.A leakage-resilient certificateless signcryption scheme based on Elliptic Curve Cryptography and bilinear pairing was presented.In the random oracle,proved that the security of the scheme is based on the decisional Diffie-Hellman assumption.The scheme is also proved semantically secure against adaptive posterior chosen-ciphertext key-leakage attacks (KL-CCA2),and existentially unforgeable against chosen-message key-leakage attacks(KL-CMA).The proposed scheme was free from non-interactive zero knowledge proof system and needs no bilinear paring operation in signcryption phase.Compared with other schemes of the same kind,the proposed scheme can resist key-leakage attacks and maintains high efficiency.     

Efficient Linear Homomorphic Encryption from LWE Over Rings

As the basis for secure public-key encryption under various cases, the learning with errors (LWE) problem has proved to be versatile for encryption schemes. Unfortunately, it tends not to be efficient enough for practical applications. For improving the efficiency issues and quickening the practical applications of the lattice-based public-key cryptosystems, an efficient homomorphic encryption scheme is presented in this paper, which is based on the learning with errors over rings (R-LWE) assumption, and its security is reducible to the hardness of the shortest vector problem in the worst case on ideal lattices. Furthermore, the scheme possesses homomorphism feature that encryption operations are consistent with message operations. The security analysis shows that the proposed encryption scheme is secure against chosen-plaintext attacks in the standard model. At the same time, the efficiency analysis and simulation results indicate that the scheme is much more efficient than previous lattice-based cryptosystems.     

基于格理论的装备保障信息网络快速身份认证方案

量子算法和量子计算机对装备保障信息网络的认证方案已构成严重的潜在威胁。针对当前装备保障信息网络身份认证方案无法抵抗量子计算机攻击、认证效率相对较低的问题,引入格理论的本原格抽样算法和双峰高斯抽样技术,提出了装备保障信息网络在量子环境下安全且快速的身份认证方案,给出了方案的正确性、安全性的理论证明以及方案运行效率的比较分析。结果表明,基于随机预言机证明模型,该方案在小整数解问题困难性假设下达到了适应性选择身份和选择消息攻击的存在性不可伪造性;在保证安全的前提下,新方案在私钥提取阶段和身份认证阶段的运行效率均高于已有的几个同类格基身份认证方案。这为提高我国装备保障信息网络安全认证能力提供了新的思路和方法。     

基于身份的多接收者匿名签密改进方案

对庞等提出的首个考虑发送者和接收者双重匿名性的基于身份的多接收者匿名签密方案进行安全性分析,结果表明该方案不满足选择密文攻击下的密文不可区分性,在现有安全模型下,攻击者可以区分不同消息的签密密文。提出一个在随机预言模型下选定身份安全的改进方案,新方案在CDH和Gap-BDH困难问题假设下分别满足密文的存在不可伪造性和不可区分性。     

Certificate‐Based Signcryption Scheme without Pairing: Directly Verifying Signcrypted Messages Using a Public Key

To achieve confidentiality, integrity, authentication, and non‐repudiation simultaneously, the concept of signcryption was introduced by combining encryption and a signature in a single scheme. Certificate‐based encryption schemes are designed to resolve the key escrow problem of identity‐based encryption, as well as to simplify the certificate management problem in traditional public key cryptosystems. In this paper, we propose a new certificate‐based signcryption scheme that has been proved to be secure against adaptive chosen ciphertext attacks and existentially unforgeable against chosen‐message attacks in the random oracle model. Our scheme is not based on pairing and thus is efficient and practical. Furthermore, it allows a signcrypted message to be immediately verified by the public key of the sender. This means that verification and decryption of the signcrypted message are decoupled. To the best of our knowledge, this is the first signcryption scheme without pairing to have this feature.