基于仲裁者的身份加密方案研究

将基于仲裁的身份加密与无证书加密相结合,设计了一个基于仲裁的身份加密(V-MIBE)方案。新方案利用椭圆曲线上的双线性映射构造,通过无证书加密思想解决密钥托管的问题,通过引入仲裁机构解决密钥撤销的问题,新方案能够抵抗替换用户公钥的攻击。与现有的基于身份的加密方案相比,新方案的安全性能显著提高。     

Breaking the short certificateless signature scheme

Certificateless cryptography eliminates the need of certificates in the Public Key Infrastructure and solves the inherent key escrow problem in the identity-based cryptography. Recently, Huang et al. proposed two certificateless signature schemes from pairings. They claimed that their first short certificateless signature scheme is provably secure against a normal type I adversary and a super type II adversary. In this paper, we show that their short certificateless signature scheme is broken by a type I adversary who can replace users’ public keys and access to the signing oracle under the replaced public keys.     

Cryptanalysis and improvement of a certificateless encryption scheme in the standard model

Certificateless public key cryptography eliminates inherent key escrow problem in identity-based cryptography, and does not yet requires certificates as in the traditional public key infrastructure. In this paper, we give crypt-analysis to Hwang et al.’s certificateless encryption scheme which is the first concrete certificateless encryption scheme that can be proved to be secure against “malicious-but-passive” key generation center (KGC) attack in the standard model. Their scheme is proved to be insecure even in a weaker security model called “honest-but-curious” KGC attack model. We then propose an improved scheme which is really secure against “malicious-but-passive” KGC attack in the standard model.     

对两种无需证书的数字签名方案的分析及改进

指出樊睿等人的基于无证书的代理签名方案和明洋等人的基于无证书的广义指定验证者签名方案都无法抵抗替换公钥攻击,同时樊睿等人的方案也无法抵抗原始签名人改变攻击,攻击者可以伪造一个他授权代理签名人对相同消息的代理签名,此外,还指出明洋等人在安全性证明中将重放技术直接应用在无证书环境中是不正确的。通过将代理授权证书和用户的公钥作为密码哈希函数的输入,使攻击者无法替换用户的公钥及更改代理授权证书,改进方案有效提高了原方案的安全性,同时保留了原方案的其他优点。     

Niederreiter公钥密码方案的改进

针对现有Niederreiter公钥密码方案容易遭受区分攻击和信息集攻击（ISD）的现状,提出一种改进的Niederreiter公钥密码方案。首先,对Niederreiter公钥密码方案中的置换矩阵进行了改进,把原有的置换矩阵替换为随机矩阵;其次,对Niederreiter公钥密码方案中的错误向量进行了随机拆分,隐藏错误向量的汉明重量;最后,对Niederreiter公钥密码方案的加解密过程进行了改进,以提高方案的安全性。分析表明,改进方案可以抵抗区分攻击和ISD;改进方案的公钥量小于Baldi等提出的方案（BALDI M, BIANCHI M, CHIARALUCE F, et al. Enhanced public key security for the McEliece cryptosystem. Journal of Cryptology, 2016, 29（1）： 1-27）的公钥量,在80比特的安全级下,改进方案的公钥量从原方案的28408比特降低到4800比特;在128比特的安全级下,改进方案的公钥量从原方案的57368比特降低到12240比特。作为抗量子密码方案之一,改进方案的生存力和竞争力增强。     

基于三角矩阵的密钥协商协议的密码学分析

密钥协商是实现参与者在公平的开放环境下建立会话密钥的重要手段。最近,Alvarez等人提出了一种新的密钥协商协议,该协议的会话密钥是通过分块上三角矩阵的幂乘得到的。但研究发现,该协议并不安全,其安全参数可以简单地通过计算一个方程组来获得。详细分析了该协议,并提出了一种切实可行的攻击方法,而且该方法可以推广到使用类似技术设计的密钥协商协议中。     

一种基于SGC-PKE的SIP可认证密钥协商方案

会话初始协议（SIP）在许多领域已经开始发挥重要的作用。作为下一代互联网中的核心协议之一,SIP实体间通讯的安全性成为了至关重要的问题。通过对SIP现有的安全机制进行分析和比较,在此基础之上提出了一种新的基于自生成证书公钥加密体制（SGC-PKE）的可认证密钥协商方案,保证了SIP消息在传输过程中的完整性和机密性,并克服了使用公钥基础设施（PKI）带来的缺点。     

无证书代理盲签名方案的密码学分析与改进

对黄隽等人提出的无证书代理盲签名方案进行安全分析,指出该方案不仅不能抵抗公钥替换攻击,而且也不能抵抗恶意但被动的KGC的攻击,给出了具体的攻击方法。针对此方案的安全缺陷,提出一种改进方案,使得改进后的方案具有更高的安全性,并且改进后方案的效率与原方案相同。     

Improvement of a proxy multi-signature scheme without random oracles

A proxy multi-signature scheme permits two or more original singers to delegate their signing powers to the same proxy signer. Recently, Liu et al. proposed the first proxy multi-signature that be proven secure in the standard model [Liu et al. (2008) [20]], which can be viewed as a two-level hierarchical signature due to Waters. However, because of the direct employment of Waters’ signature, their scheme needs a relatively large number of public parameters and is not tightly reduced to the security assumption. In this paper, inspired by Boneh, Boyen’s technique and Waters’ technique, we propose a new proxy multi-signature scheme without random oracles, whose unforgeability can be tightly reduced to the CDH assumption in bilinear groups. The new scheme can be regarded as an improvement to overcome the weaknesses of Liu et al.’s scheme. Compared with Liu et al.’s scheme, the improvement has three merits, tighter security reduction, shorter system parameters and higher efficiency.     

Analysis and improvement of an authenticated multiple key exchange protocol

In 2010, Vo et al. (2010) [7] proposed an enhancement of authenticated multiple key exchange protocol based on Lee et al.’s protocol. In this paper, we will show that Vo et al.’s multiple key exchange protocol cannot resist reflection attack. It means that their protocol fails to provide mutual authentication. Furthermore, we propose an improvement of Vo et al.’s protocol. Our proposed protocol with reflection attack resilience can really provide mutual authentication.     

CRYSTAL-KYBER硬件设计优化空间探索

公钥密码学对全球数字信息系统的安全起着至关重要的作用。然而,随着量子计算机研究的发展和Shor算法等的出现,公钥密码学的安全性受到了潜在的极大的威胁。因此,能够抵抗量子计算机攻击的密码算法开始受到密码学界的关注,美国国家标准与技术研究院(National Institute of Standards and Technology,NIST)发起了后量子密码(Post-quantum cryptography,PQC)算法标准全球征集竞赛。在参选的算法中,基于格的算法在安全性、公钥私钥尺寸和运算速度中达到了较好的权衡,因此是最有潜力的后量子加密算法体制。而CRYSTALS-KYBER作为基于格的密钥封装算法(Key encapsulation mechanism,KEM),通过了该全球征集竞赛的三轮遴选。对于后量子密码算法,算法的硬件实现效率是一个重要评价指标。因此,本文使用高层次综合工具(High-level synthesis,HLS),针对CRYSTALS-KYBER的三个主模块(密钥生成,密钥封装和密钥解封装),在不同参数集下探索了硬件设计的实现和优化空间。作为一种快速便捷的电路设计方法,HLS可以用来对不同算法的硬件实现进行高效和便捷的探索。本文利用该工具,对CRYSTALS-KYBER的软件代码进行了分析,并尝试不同的组合策略来优化HLS硬件实现结果,并最终获得了最优化的电路结构。同时,本文编写了tcl-perl协同脚本,以自动化地搜索最优优化策略,获得最优电路结构。实验结果表明,适度优化循环和时序约束可以大大提高HLS综合得到的KYBER电路性能。与已有的软件实现相比,本文具有明显的性能优势。与HLS实现工作相比,本文对Kyber-512的优化使得封装算法的性能提高了75%,解封装算法的性能提高了55.1%。与基准数据相比,密钥生成算法的性能提高了44.2%。对于CRYSTALS-KYBER的另外两个参数集(Kyber-768和Kyber-1024),本文也获得了类似的优化效果。     

Cryptanalysis of a certificateless signcryption scheme in the standard model

Certificateless signcryption is a useful primitive which simultaneously provides the functionalities of certificateless encryption and certificateless signature. Recently, Liu et al. [15] proposed a new certificateless signcryption scheme, and claimed that their scheme is provably secure without random oracles in a strengthened security model, where the malicious-but-passive KGC attack is considered. Unfortunately, by giving concrete attacks, we indicate that Liu et al. certificateless signcryption scheme is not secure in this strengthened security model.     

Cryptanalysis of a knapsack-based probabilistic encryption scheme

Wang et al. [B. Wang, Q. Wu, Y. Hu, A knapsack-based probabilistic encryption scheme, Information Sciences 177(19) (2007) 3981-3994] proposed a high density knapsack-based probabilistic encryption scheme with non-binary coefficients. In this paper, we present a heuristic attack that can be used to recover the private key parameters from the known public key parameters. In particular, we show that the restrictions imposed on the system parameters allow the attacker to recover a short list of candidates for the first half of the public key. The second half of the public key can then be recovered using an attack based on lattice basis reduction. Finally, by encrypting an arbitrary plaintext using the known public key then decrypting the resulting ciphertext using these estimated candidate solutions, the right private key can be uniquely determined.     

对一种新型代理签名方案的进一步分析和改进

通过对鲁荣波等人提出的新型代理签名方案进行分析,指出该方案不满足公钥替换攻击,并给出了攻击方法。在此基础上提出一种改进的代理签名方案,克服了原方案的安全缺陷,有效地防止原始签名人的伪造攻击。与原方案相比,改进的方案在效率不变的情况下具有更高的安全性。     

一个无证书代理签名方案的安全性分析

无证书公钥密码体制消除了公钥基础设施中的证书,同时解决了基于身份的公钥密码体制中的密钥托管问题.最近,樊睿等人在一个无证书签名方案的基础上提出了一个无证书代理签名方案,并声称该方案满足无证书代理签名方案的所有安全性质.可是,通过对该无证书代理签名方案进行分析,证明了该方案对于无证书密码体制中两种类型的攻击即公钥替换攻击和恶意KGC(Key Generating Centre)攻击都是不安全的.给出了攻击方法,分析了其中的原因并提出了相应的防止措施.     

Cryptanalysis and improvement of authentication scheme for roaming service in ubiquitous network

Abstract

The paper analyzes a recently proposed secure authentication and key agreement scheme for roaming service in a ubiquitous network. In 2018, Lee et al. proposed a biometric-based anonymous authentication scheme for roaming in ubiquitous networks. But, we found that Lee et al. scheme is prone to the off-line dictionary attack when a user’s smart device is stolen, replay attack due to static variables and de-synchronization attack when an adversary blocks a message causing failure of authentication mechanism. Further, the scheme lacks no key control property and has incorrect XOR calculation. In the sequel, we presented an improved biometric based scheme to remove the weaknesses in Lee et al.’s scheme, which also does not require an update of identity in every session, hence preventing de-synchronization attack. Also, the security of the proposed schemes were analyzed in a widely accepted random oracle model. Further, computational and communication cost comparisons indicate that our improved scheme is more suitable for ubiquitous networks.     

An efficient incomparable public key encryption scheme

Public keys are closely related to the identity of recipients in public key encryption setting. In privacy-sensitive applications of public key encryption, it is desirable to hide the relation between the public key and the identity of the recipient. The main functional approach in the privacy enhanced public key encryption scheme is to give anonymity of the public keys of recipients. In this case, all the users in the system are potential recipients of every ciphertext. Waters, Felten, and Sahai proposed an incomparable public key encryption scheme which guarantees the anonymity of recipients against both eavesdroppers and senders. In their scheme, all the recipients must complete the same amount of computations to identify the ciphertexts which direct to them. In this paper, we focus on reducing the number of computations for the recipients while preserving the security level of Waters et al.’s scheme. Our method is to separate the decryption process into two steps, first the recipient determines whether a ciphertext is directed to him or her, and only if the direction is correct, the recipient recovers the corresponding plaintext. This improves the efficiency of the system.     

基于椭圆曲线密码系统的组合公钥技术

提出了一种基于椭圆曲线密码系统的组合公钥技术。组合公钥技术将一定数量的私钥因子和公钥因子组成私钥因子矩阵和公钥因子矩阵,并通过映射算法和组合因子矩阵分别计算出用户的公钥和私钥,试图解决大型专用网中大规模密钥管理的难题。     

一种无证书的代理环签名方案

2003年,Zhang等人提出了代理环签名方案,具有代理签名和环签名的优点,在代理人代表授权人签名时,能提供代理人的匿名性。鉴于无证书密码体制的优点,在一种无证书的环签名的基础上,并在授权时采用短签名方案,提出一种无证书的代理环签名方案,该方案不需要证书的管理,也没有密钥的托管问题,并且满足代理环签名所要求的可验证性,无条件匿名性,不可伪造性,不可否认性,可鉴别性等性质。     

Insider attacks on multi-proxy multi-signature schemes

In 2004, Hwang and Chen demonstrated new multi-proxy multi-signature schemes that allow a group of authorized proxy signers to sign messages on behalf of a group of original signers. Later, Lyuu and Wu pointed out Hwang et al.’s schemes were not secure and then proposed a modified scheme. They claimed that their modified schemes were secure. But in this paper we show a new attack on the Lyuu-Wu et al.’s schemes. Moreover, the original Hwang-Chen’s schemes are also vulnerable to this insider attack. Furthermore, we point out some improvements for the Lyuu-Wu scheme and Hwang-Chen schemes according to Wang et al.’s methods [Wang GL, Han XX, Zhu B. On the security of two threshold signature schemes with traceable signers. In: Applied Cryptography and Network Security (ACNS 2003). Lect Notes Comput Sci (LNCS), vol. 2846, Springer-Verlag; 2003. p. 111-222]. These improvements can resist our insider attack.