A new convertible authenticated encryption scheme with message linkages

In this article, we present an authenticated encryption scheme with message linkages used to deliver a large message. To protect the receiver’s benefit, the receiver can easily convert the signature into an ordinary one that can be verified by anyone. Several feasible attacks will be discussed, and the security analysis will prove that none of them can successfully break the proposed scheme.     

Improvements of authenticated encryption schemes with message linkages for message flows

Recently, Tseng et al. proposed two authenticated encryption schemes (basic scheme and generalized scheme) with message linkages, which are efficient in terms of the communication and computation costs in comparison with all the previously proposed schemes. The basic authenticated encryption scheme suited for only after receiving the entire signature blocks, the recipient can then recover the message blocks. In order to allow the receiver to perform the receiving and the recovering processes simultaneously according to application requirements and the transmission efficiency of the network, the generalized authenticated encryption scheme was then proposed. In this paper, we show that both Tseng et al.’s authenticated encryption schemes do not achieve integrity and authentication. Improvements are then proposed to repair the weaknesses.     

Provably secure authenticated key exchange protocol under the CDH assumption

Constructing a secure key exchange protocol is one of the most challenging problems in information security. We propose a provably secure two-round two-party authenticated key exchange (2AKE) protocol based on the well-studied CDH assumption in eCK model to provide the strongest definition of security for key exchange protocol when using the matching session to define the partnership. The underlying hardness assumption (CDH assumption) of our protocol is weaker than these of four other provably secure 2AKE protocols in CK model or eCK model and the computational cost of our protocol is reasonable. We also present a three-round variant of our protocol to realize key conformation.     

可证明安全公钥加密体制研究综述

为了全面清晰地描述可证明安全公钥加密体制的研究现状,从时间和核心技术两个角度对主流基础公钥加密体制可证明安全性研究进行了系统的描述.给出了可证明安全公钥加密体制研究的发展历程、核心技术流派和研究现状,并指出了需要进一步研究的问题,对迅速全面把握可证明安全公钥加密体制研究动态具有重要参考意义.     

公钥加密体制选择密文安全性的灰盒分析*

为了全面清晰地描述可证明安全公钥加密体制的研究现状,从时间和核心技术两个角度对主流基础公钥加密体制可证明安全性研究进行了系统的描述。给出了可证明安全公钥加密体制研究的发展历程、核心技术流派和研究现状,并指出了需要进一步研究的问题,对迅速全面把握可证明安全公钥加密体制研究动态具有重要参考意义。     

一个高效的基于身份的分层加密方案

基于Gentry方案,利用双线性配对,提出了一个高效的基于身份的分层加密方案,在随机预言机模型下证明满足IND-ID-CCA2安全,通过分析,该方案较Gentry方案缩短了密文长度,解密仅需要进行一次双线性配对,大大提高了加密和解密的效率。     

Dynamic and efficient joint encryption scheme in the plain public key model

In this paper, we propose a joint encryption scheme (JES) based on discrete logarithms in the plain public key model, in which a sender can easily encrypt messages under the public keys of a group of recipients, so that only by collaborating together can all the recipients recover messages. Neither the size of the ciphertext nor the encryption computation depends on the number of the recipients. We show that the JES scheme is semantically secure against adaptive chosen ciphertext attacks in the random oracle model under the assumption of Computational Diffie-Hellman problems.     

一种可证安全无对运算的签密方案分析与改进

近期,Chen等人提出了无对运算的无证书签密方案,通过加解密双方私钥和公钥相结合生成密文加密密钥,并在随机预言机模型下证明了该方案满足适应性选择密文攻击下不可区分性和适应性选择消息攻击下不可伪造性。对Chen方案进行安全分析,发现其方案在选择明文攻击下存在密钥泄露和不能抵抗恶意KGC的不可伪造性攻击问题。由此,基于椭圆曲线群上计算性Diffie-Hellman问题和离散对数问题提出了新的无证书签密方案。新方案避免了原方案的密钥泄露等安全问题。在保证安全性的前提下,新方案运行效率未降低。     

Efficient and secure identity-based encryption scheme with equality test in cloud computing

Efficient searching on encrypted data outsourced to the cloud remains a research challenge. Identity-based encryption with equality test (IBEET) scheme has recently been identified as a viable solution, in which users can delegate a trapdoor to the server and the server then searches on user outsourced encrypted data to determine whether two different ciphertexts are encryptions of the same plaintext. Such schemes are, unfortunately, inefficient particularly for deployment on mobile devices (with limited power/battery life and computing capacity). In this paper, we propose an efficient IBEET scheme with bilinear pairing, which reduces the need for time-consuming HashToPoint function. We then prove the security of our scheme for one-way secure against chosen identity and chosen ciphertext attacks (OW–ID–CCA) in the random oracle model (ROM). The performance evaluation of our scheme demonstrates that in comparison to the scheme of Ma (2016), our scheme achieves a reduction of 36.7% and 39.24% in computation cost during the encryption phase and test phase, respectively, and that our scheme is suitable for (mobile) cloud deployment.     

新的不使用冗余和Hash的安全认证加密方案

最近提出的一类新的认证加密方案首次将消息可恢复签名和对称加密有机结合,而且不需要使用Hash函数或Redundancy函数。但分析发现该方案不具有数字签名所要求的基本条件,不能抵抗消息接收者的伪造攻击。为此提出了一种新的认证加密方案,该方案的安全性以求解离散对数难题和双重模难题为基础,而且可以在发生纠纷时将认证加密的签名转化为普通的签名,任何人都可以验证签名的有效性。     

Authenticated encryption schemes with message linkages for message flows

Two efficient authenticated encryption schemes with message linkages are proposed. One is a basic scheme, that it has the better performance in comparison with the all previously proposed schemes in terms of the communication and the computation costs. However, it has a property as same as the previously proposed schemes, that the message blocks can be recovered only after the entire signature blocks have been received. Therefore, the basic scheme is applicable to encrypt all-or-nothing flow. Thus, we improve the basic scheme and also propose a generalized scheme, which allows the receiver to recover the partial message blocks before receiving the entire signature blocks. That is, the receiver may perform the receiving and the recovering processes simultaneously. Therefore, the generalized scheme is applicable to message flows. The generalized scheme requires smaller bandwidth and computational time as compared to the previously proposed authenticated encryption schemes with message linkages for message flows.     

FS-IBEKS: Forward secure identity-based encryption with keyword search from lattice

Public Key Encryption with Keyword Search (PEKS) makes it possible for a cloud server (CS) to match a trapdoor and a ciphertext. However, with the upgrowth of quantum techniques, most of the existing PEKS schemes will be broken by quantum computers in the coming future. Moreover, they are also under the threat of potential key exposure. Lattice-based forward secure PEKS scheme (FS-PEKS) overcomes the two problems above by combining the techniques of forward security and lattice-based cryptography. However, FS-PEKS schemes work in public key infrastructure (PKI), which will incur complicated certificate management procedures. In this work, to overcome the key management issue but still guarantee security even when attackers corrupt the keys, we extend the FS-PEKS scheme into the identity-based framework and present a forward secure identity-based encryption with keyword search (FS-IBEKS) scheme from lattice. The proposed scheme is secured under the selective identity against chosen plaintext attack (IND-sID-CPA) in the random oracle model. To further improve the security, we present another FS-IBEKS scheme into the standard model and give concrete security proof under the adaptive identity against chosen plaintext attack (IND-ID-CPA). The comprehensive performance evaluation demonstrates that our FS-IBEKS schemes are feasible for cloud computing.     

Provably secure identity-based authenticated key agreement protocols with malicious private key generators

Identity-based authenticated key agreement is a useful cryptographic primitive and has received a lot of attention. The security of an identity-based system relies on a trusted private key generator (PKG) that generates private keys for users. Unfortunately, the assumption of a trusted PKG (or a curious-but-honest PKG) is considered to be too strong in some situations. Therefore, achieving security without such an assumption has been considered in many cryptographic protocols. As a PKG knows the private keys of its users, man-in-the-middle attacks (MIMAs) from a malicious PKG is considered as the strongest attack against a key agreement protocol. Although securing a key agreement process against such attacks is desirable, all existent identity-based key agreement protocols are not secure under such attacks. In this paper, we, for the first time, propose an identity-based authenticated key agreement protocol resisting MIMAs from malicious PKGs that form a tree, which is a commonly used PKG structure for distributing the power of PKGs. Users are registered at a PKG in the tree and each holds a private key generated with all master keys of associated PKGs. This structure is much more efficient, in comparison with other existing schemes such as threshold-based schemes where a user has to register with all PKGs. We present our idea in two protocols. The first protocol is not secure against MIMAs from some kinds of malicious PKGs but holds all other desirable security properties. The second protocol is fully secure against MIMAs. We provide a complete security proof to our protocols.     

一种可证明安全的匿名可认证密钥协商协议

提出了一种新的双方密钥协商协议,新方案采用紧致结构以确保方案的匿名性。之后利用可证明安全理论对新方案进行了严格的安全性分析,同时对方案的匿名性和AKE安全性进行了论证。新方案的消息长度较短,且只需两轮交互,与类似方案相比有较明显的性能优势。     

A novel pairing-free certificateless authenticated key agreement protocol with provable security

Recently, He et al. (Computers and Mathematics with Applications, 2012) proposed an efficient pairing-free certificateless authenticated key agreement (CL-AKA) protocol and claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. By giving concrete attacks, we indicate that their protocol is not secure in the eCK model. We propose an improved protocol and show our improvement is secure in the eCK model under the gap Diffie-Hellman (GDH) assumption. Furthermore, the proposed protocol is very efficient.     

Certificateless undeniable signature scheme

In this paper, we present the first certificateless undeniable signature scheme. The scheme does not suffer from the key escrow problem, which is inherent in identity based cryptosystems. Also it can avoid the onerous management of certificates. Particularly, by using some cryptographic and mathematical techniques, we guarantee that the scheme’s two component protocols satisfy the properties of zero-knowledge proofs. To address the security issues, we extend security notions of undeniable signatures to the complex certificateless setting, and consider two different types of adversaries. Based on these formally defined security notions, we prove that in the random oracle model, the certificateless undeniable signature scheme is secure in the sense of existential unforgeability under the Bilinear Diffie-Hellman assumption, and is secure in the sense of invisibility under the Decisional Bilinear Diffie-Hellman assumption.     

实用的可否认加密方案及安全性证明*

分析了一比特消息可否认加密方案和发送者（或接收者）可否认的加密方案,发现这些方案是不实用的。基于二次剩余问题,使用一个可信第三方,提出了一个方案,实现了发送者和接收者都可否认的加密,可以对多比特消息加密,并且证明语义是安全的。该方案是实用的。     

New (t, n) threshold directed signature scheme with provable security

Directed signature scheme allows only a designated verifier to check the validity of the signature issued to him; and at the time of trouble or if necessary, any third party can verify the signature with the help of the signer or the designated verifier as well. Due to its merits, directed signature scheme is widely used in situations where the receiver’s privacy should be protected. Threshold directed signature is an extension of the standard directed signature, in which several signers may be required to cooperatively sign messages for sharing the responsibility and authority. To the best of our knowledge, threshold directed signature has not been well studied till now. Therefore, in this paper, we would like to formalize the threshold directed signature and its security model, then present a new (t, n) threshold directed signature scheme from bilinear pairings and use the techniques from provable security to analyze its security.     

An efficient ID-based cryptographic encryption based on discrete logarithm problem and integer factorization problem

ID-based encryption (identity-based) is a very useful tool in cryptography. It has many potential applications. The security of traditional ID-based encryption scheme wholly depends on the security of secret keys. Exposure of secret keys requires reissuing all previously assigned encryptions. This limitation becomes more obvious today as key exposure is more common with increasing use of mobile and unprotected devices. Under this background, mitigating the damage of key exposure in ID-based encryption is an important problem. To deal with this problem, we propose to integrate forward security into ID-based encryption. In this paper, we propose a new construction of ID-based encryption scheme based on integer factorization problem and discrete logarithm problem is semantically secure against chosen plaintext attack (CPA) in random oracle model. We demonstrate that our scheme outperforms the other existing schemes in terms of security, computational cost and the length of public key.