Efficient attribute-based signature and signcryption realizing expressive access structures

This paper addresses the open problem of designing attribute-based signature (ABS) schemes with constant number of bilinear pairing operations for signature verification or short signatures for more general policies posed by Gagné et al. in Pairing 2012. Designing constant-size ABS for expressive access structures is a challenging task. We design two key-policy ABS schemes with constant-size signature for expressive linear secret-sharing scheme (LSSS)-realizable monotone access structures. Both the schemes utilize only 3 pairing operations in signature verification process. The first scheme is small universe construction, while the second scheme supports large universes of attributes. The signing key is computed according to LSSS-realizable access structure over signer’s attributes, and the message is signed with an attribute set satisfying the access structure. Our ABS schemes provide the existential unforgeability in selective attribute set security model and preserve signer privacy. We also propose a new attribute-based signcryption (ABSC) scheme for LSSS-realizable access structures utilizing only 6 pairings and making the ciphertext size constant. Our scheme is significantly more efficient than existing ABSC schemes. While the secret key (signing key or decryption key) size increases by a factor of number of attributes used in the system, the number of pairing evaluations is reduced to constant. Our protocol achieves (a) ciphertext indistinguishability under adaptive chosen ciphertext attacks assuming the hardness of decisional Bilinear Diffie–Hellman Exponent problem and (b) existential unforgeability under adaptive chosen message attack assuming the hardness of computational Diffie–Hellman Exponent problem. The security proofs are in selective attribute set security model without using any random oracle heuristic. In addition, our ABSC achieves public verifiability of the ciphertext, enabling any party to verify the integrity and validity of the ciphertext.     

Attribute-based key-insulated signature for boolean formula

In order to minimize the impact of secret signing key exposure in attribute-based signature scenario, we construct an attribute-based key-insulated signature (ABKIS) scheme for expressive monotone boolean function access structures utilizing only four pairing operations in verification process and making the signature length constant, that is, the number of pairings required for signature verification and the size of signature are independent of the size of attribute set participated in the respective process. The (strong) key-insulated selective security of our ABKIS scheme is reduced to the computational Diffie–Hellman Exponent problem without using any random oracles. The proposed construction attains signer privacy, which is a fundamental requirement of the signature schemes in the attribute-based setting.     

Certificateless signature scheme with security enhanced in the standard model

Certificateless cryptography is an attractive paradigm, which combines the advantages of identity-based cryptography (without certificate) and traditional public key cryptography (no escrow). Recently, to solve the drawbacks of the existing certificateless signature (CL-S) schemes without random oracles, Yu et al. proposed a new CL-S scheme, which possesses several merits including shorter system parameters and higher computational efficiency than the previous schemes. However, in this work, we will point out that their CL-S scheme is insecure against key replacement attack and malicious-but-passive KGC attack. We further propose an improved scheme that overcomes the security flaws without affecting the merits of the original scheme. We prove that our scheme is existentially unforgeable against adaptive chosen message attacks under the computational Diffie–Hellman assumption in the standard model.     

Delegation of signing rights using certificateless proxy signatures

A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer within a given context. It has lots of practical applications in distributed systems, grid computing, mobile agent applications, distributed shared object systems, global distribution networks, and mobile communications. In the last years, fruitful achievements have been seen in certificateless public key cryptography which has the advantages of no certificate management and no key escrow compared with traditional public key cryptography and identity-based public key cryptography respectively. However, the existing certificateless proxy signature schemes is either insecure or without formal security analysis. In this paper, we formalize the security model of certificateless proxy signature schemes and propose a provably secure certificateless proxy signature scheme with formal security proof under the computational Diffie–Hellman assumption.     

A lightweight attribute-based encryption scheme for the Internet of Things

Internet of Things (IoT) is an emerging network paradigm, which realizes the interconnections among the ubiquitous things and is the foundation of smart society. Since IoT are always related to user’s daily life or work, the privacy and security are of great importance. The pervasive, complex and heterogeneous properties of IoT make its security issues very challenging. In addition, the large number of resources-constraint nodes makes a rigid lightweight requirement for IoT security mechanisms. Presently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission, storage and sharing in the distributed environment such as IoT. However, the existing ABE schemes are based on expensive bilinear pairing, which make them not suitable for the resources-constraint IoT applications. In this paper, a lightweight no-pairing ABE scheme based on elliptic curve cryptography (ECC) is proposed to address the security and privacy issues in IoT. The security of the proposed scheme is based on the ECDDH assumption instead of bilinear Diffie–Hellman assumption, and is proved in the attribute based selective-set model. By uniformly determining the criteria and defining the metrics for measuring the communication overhead and computational overhead, the comparison analyses with the existing ABE schemes are made in detail. The results show that the proposed scheme has improved execution efficiency and low communication costs. In addition, the limitations and the improving directions of it are also discussed in detail.     

Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated, but the original encryptor might be unavailable to re-encrypt the message, which makes it impractical. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to update access policies in ciphertext-policy attribute-based encryption (CP-ABE) systems efficiently without encrypting each ciphertext with new access policies. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the augmented multi-sequences of exponents decisional Diffie–Hellman assumption. We also present a different construction in which certain attributes in an access policy can be preserved by the original encryptor, while other attributes can be revoked efficiently so that the ability of attribute revocation can be appropriately restrained.     

一个可证安全的高效的代理盲签名方案

代理盲签名结合了代理签名和盲签名的优点,在电子商务等领域有着广阔的应用前景。目前大多数代理盲签名的安全性是启发式分析,没有形式化证明,并且大多没有考虑多一伪造攻击。提出了一个新型的代理盲签名安全模型,并在该模型下提出了一个基于双线性对的代理盲签名方案,并在随机预言机模型下,证明了其在选择消息/授权文件攻击下是不可伪造的,其安全性可分别规约为CDH问题和Chosen-Target CDH问题。分析表明,该方案满足代理盲签名的主要安全要求,而且和已有的方案相比,本方案更加高效。     

Identity based signcryption scheme without random oracles

Many identity based signcryption schemes have been proposed so far. However, all the schemes were proven secure in the random oracle model which has received a lot of criticism that the proofs in the random oracle model are not proofs. In this paper, motivated by Waters' identity based encryption scheme, we propose the first identity based signcryption scheme without random oracles. We prove that the proposed scheme is secure in the standard model. Specifically, we prove its semantic security under the hardness of Decisional Bilinear Diffie–Hellman problem and its unforgeability under the Computational Diffie–Hellman assumption.     

Detection and analysis of secure intelligent universal designated verifier signature scheme for electronic voting system

Security is a paramount concern for various applications, such as electronic voting system as sensitive data is to be transmitted among the nodes during transmission. Recently, Wu and Lin (Inf Technol Control 42:231–237, 2013) proposed a new probabilistic signature scheme and used it to construct two universal designated verifier signature schemes. They demonstrated that their scheme was secure under the bilinear inverse Diffie–Hellman assumption. However, in this paper, we will show that their scheme cannot provide unforgeability, i.e., the adversary could forge a legal signature of any message. The analysis shows that their schemes are not suitable for practical applications. To overcome these weaknesses, we proposed three improved schemes which are provably secure in the random oracles. In summary, our contributions in this paper was listed in following three folds: (1) we have shown that Wu et al. schemes cannot provide unforgeability, i.e., the adversary could forge a legal signature of any message. (2) We have proposed three improved schemes which overcomes the drawbacks of Wu et al. scheme and finally, (3) we have implemented the real-time packet analyzer for detection of invalid signature in electronic voting system using Snort. The analysis shows that the existing scheme is not suitable for practical applications and our implemented scheme is able to detect the vulnerability in the electronic voting system. The designed scheme generated alerts at regular intervals so that administrator takes adequate measures to mitigate the intrusion presented in the system.     

移动社交网络中细粒度朋友发现隐私保护机制

在移动社交网络中,用户可以通过匹配彼此的特征属性进行朋友发现,针对单属性管理中心用户属性密钥更容易被攻击者窃取和服务高峰出现的性能瓶颈问题,提出一种由多个属性管理中心、分级管理用户属性子密钥方案.在该方案中,多个属性中心细粒度地管理用户的不同特征属性,并根据用户特征属性生成属性子密钥,交友请求者只有满足交友发起者设置的交友访问策略,才能正确地将各子密钥组合成完整的解密密钥,进而解密存储在交友中心的用户加密数据文件.通过对属性子密钥进行分级分类管理,不仅避免了单属性管理中心容易被攻击而造成的密钥泄漏以及单点故障风险,而且多属性中心协同工作提高了交友匹配计算效率.通过验证方案是否可挑战明文攻击,证明可达到CPA安全,可以有效地保护用户的隐私不被泄露.同时与既有方案进行了充分的对比实验,确保该方案计算开销最小,可以提供良好的用户体验.     

基于节点分割的社交网络属性隐私保护

现有研究表明,社交网络中用户的社交结构信息和非敏感属性信息均会增加用户隐私属性泄露的风险.针对当前社交网络隐私属性匿名算法中存在的缺乏合理模型、属性分布特征扰动大、忽视社交结构和非敏感属性对敏感属性分布的影响等弱点,提出一种基于节点分割的隐私属性匿名算法.该算法通过分割节点的属性连接和社交连接,提高了节点的匿名性,降低了用户隐私属性泄露的风险.此外,量化了社交结构信息对属性分布的影响,根据属性相关程度进行节点的属性分割,能够很好地保持属性分布特征,保证数据可用性.实验结果表明,该算法能够在保证数据可用性的同时,有效抵抗隐私属性泄露.     

车联网中支持直接撤销的外包属性签名方案

数字签名在应对车联网中数据窜改威胁时扮演着重要作用,然而现有的签名方案面临着灵活性、效率、隐私保护、用户密钥管理等诸多问题,难以在车联网中释放潜力。针对这些问题,提出了一个面向车联网的直接可撤销外包属性签名方案。该方案使用了基于线性秘密分享的签名策略机制,赋予车联网用户在签名生成和验证方面的灵活性和隐私保护。此外,设计了一种高效的用户密钥直接撤销机制,以提供对用户的实时撤权。所提方案还构造了一种外包验证方法,从而显著降低了验证者的计算和存储开销。安全性分析结果表明,所提方案在选择消息攻击下具有不可伪造性,并且能够抵抗合谋攻击。实验结果表明了该方案相较于其他方案的优势及其在车联网中的实用性。     

一种大属性域版本控制的云安全用户属性动态撤销策略

密文策略属性基加密(ciphertext-policy attribute-based encryption, CP-ABE)作为一种一对多的数据加密技术,因能实现密文数据安全和细粒度的权限访问控制而引起学术界的广泛关注。尽管目前在该领域已取得了一些研究成果,然而,大多数CP-ABE方案均基于小属性域,系统属性同时被多个用户共享而难以实现动态的属性撤销,现有的属性撤销机制在功能复杂性、计算高效性、以及抗合谋攻击安全性方面存在的问题都成为它在实际应用中的障碍。针对上述问题,提出一种大属性域版本控制的云安全用户属性动态撤销策略。该方案在密文策略属性加密中构造属性及用户版本密钥,通过更新属性版本密钥实现用户属性撤销,更新用户版本密钥实现用户撤销。由此避免了基于重加密实现撤销带来的计算和通信开销。该方案基于q-DBPBDHE假设,在随机预言模型下证明是静态性安全的。最后,对方案进行了性能分析与实验验证,实验结果表明:在保证密文前后向安全性的前提下,该方案可以实现动态的用户属性撤销和用户撤销且可以抵制多重合谋攻击,较同类方案本文方案具有较优的功能特性和计算效率。此外,所提方案基于大属性域,在实际...     

An improved efficient identity-based proxy signature in the standard model

Many identity-based proxy signature (IBPS) schemes have been proposed, but most were proved to be secure using a random oracle model, which has attracted considerable criticism. Cao and Cao proposed an IBPS scheme using the standard model, but their scheme was shown to be insecure because it could not resist a delegator attack. In order to overcome this weakness, Gu et al. proposed a new IBPS scheme in 2013 that uses the standard model and they also provided a detailed security model for IBPS. However, in this study, we demonstrate that Gu et al.'s scheme is still vulnerable to delegator attack. In order to correct this problem, we propose an improvement of the IBPS scheme described by Gu et al. We also present an efficiency analysis for our scheme and a detailed security proof based on the computational Diffie–Hellman assumption.     

The n-Diffie–Hellman problem and multiple-key encryption

The main contributions of this paper are twofold. On the one hand, the twin Diffie–Hellman (twin DH) problem proposed by Cash et?al. is extended to the n-Diffie–Hellman (n-DH) problem for an arbitrary integer n, and this new problem is shown to be at least as hard as the ordinary DH problem. Like the twin DH problem, the n-DH problem remains hard even in the presence of a decision oracle that recognizes solution to the problem. On the other hand, observe that the double-size key in the Cash et?al. twin DH-based encryption scheme can be replaced by two separated keys each for one entity that results in a 2-party encryption scheme which holds the same security feature as the original scheme but removes the key redundancy. This idea is further extended to an n-party case, which is also known as n-out-of-n encryption. As examples, a variant of ElGamal encryption and a variant of Boneh–Franklin IBE have been presented; both of them have proved to be chosen ciphertext attack secure under the computational DH assumption and the computational bilinear Diffie–Hellman assumption, respectively, in the random oracle model. The two schemes are efficient, due partially to the size of their ciphertext, which is independent to the value n.     

云存储中支持属性撤销的多关键词可搜索加密方案

云存储的便捷性和管理高效性使得越来越多的用户选择将数据存放在云端。为支持用户对云端加密数据进行检索,提出云存储中基于属性加密支持属性撤销的多关键词搜索方案。采用线性秘密共享矩阵来表示访问控制结构,实现密文细粒度访问控制,在属性撤销过程中不需要更新密钥,应对用户属性变更的情况,在此基础上构造基于多项式方程的搜索算法支持多关键词搜索,从而提高搜索精度。理论分析和实验结果表明,该方案具有陷门不可伪造性和关键词隐私性,能够保证用户数据的隐私和安全,相比CP-ABE方案,具有较高的存储性能和计算效率,功能性更强。     

基于群签名与属性加密的区块链可监管隐私保护方案

区块链技术的去中心化、数据难篡改等特性使其在溯源问题上体现出明显优势,基于区块链的溯源系统可以解决传统系统中信息孤岛、共享程度低以及数据可篡改等问题,从而保证数据的可追溯性。然而,区块链溯源系统中的数据可追溯性与用户隐私保护之间难以取得平衡。提出一种结合群签名、隐私地址协议、零知识证明以及属性加密的分布式可监管隐私保护方案。对群签名的群管理员机制进行改进,设置多群管理员生成用户私钥片段,用户根据返回的私钥片段计算自身私钥,并根据需要有选择性地对溯源数据进行属性加密,同时为链上数据设置特定的访问结构,以实现数据与用户的“一对多”通信。群管理员利用群公钥对交易双方的身份进行追踪与追责。符合数据特定访问结构的用户通过自身的属性私钥对密文进行解密从而获取数据信息。实验结果表明,该方案能在保证数据可追溯并实现交易双方监管的同时,提高链上数据的隐私保护水平,与现有隐私保护方案相比安全性更高。     

基于身份部分盲签名方案的分析与改进

部分盲签名致力于解决匿名性和可控性之间的矛盾，在保护用户隐私的同时又能在必要时追溯用户身份。目前基于身份的部分盲签名方案中普遍存在公共信息被篡改的问题。通过对刘二根的方案的安全性分析，指出其方案中用户可以非法修改公共信息。在此基础上，提出一个改进的基于身份的部分盲签名方案。在随机预言模型下，基于离散对数困难问题，证明了方案在满足部分盲性的同时，能有效抵抗适应性选择消息下的存在性伪造攻击。新方案没有使用计算开销较大的双线性对运算，且克服了公共信息被篡改的缺陷，与现有方案相比，在安全和效率方面都有显著提高。     

Efficient key insulated attribute based signature without bilinear pairings for mobile communications

Attribute based signature (ABS) is a significant cryptographic notion providing secure authentication during data sharing. A signer can sign a message using the private keys he processes. However, user’s private key exposure may happen from time to time and this will bring potential threat to the whole system. Thus, key evolving mechanism should be introduced into ABS schemes. Besides, the efficiency of existing ABS schemes can be further improved since the process of signing and verification require massive bilinear pairings, which occupies costly computing resources on mobile terminal devices. To better tackle the above problems and provides a more secure data authentication method in mobile communication systems, in this paper, we firstly propose a key insulated attribute based signature scheme without pairings (KI-ABS-WP). Then we give the formalized definition as well as the concreted constructions of our scheme. In our KI-ABS-WP, uses needn’t run any bilinear pairings, thus the total computation cost has been reduced to a large extent. If key exposure occurs, key insulation mechanism guarantees system’s both backward and forward security. Finally, by security proof and efficiency comparison, our KI-ABS-WP is shown to be more superior for data authentication in mobile communication systems.     

基于动态属性的数字签名方案

基于属性的数字签名方案能很好地实现用户身份的隐藏。但所提出的签名方案中, 用户属性都是静态的,当系统中的成员属性发生变更后,没有相应的修改机制,需要重新分配属性密钥,这将为系统增添极大负担。在实际应用中存在问题。基于条件加密的思想,设计了一个具有动态属性的数字签名方案,该方案能在该用户满足某属性后,由认证方给用户提供签名,并让用户自行计算其属性密钥。对签名方案的安全性进行了讨论。