Practical continuous leakage-resilient CCA secure identity-based encryption

Leakage of private information including private keys of user has become a threat to the security of computing systems. It has become a common security requirement that a cryptographic scheme should withstand various leakage attacks. In the real life, an adversary can break the security of cryptography primitive by performing continuous leakage attacks. Although, some research on the leakage-resilient cryptography had been made, there are still some remaining issued in previous attempts. The identity-based encryption (IBE) constructions were designed in the bounded-leakage model, and might not be able to meet their claimed security under the continuous-leakage attacks. In the real applications, the leakage is unbounded. That is, a practical cryptography scheme should keep its original security in the continuous leakage setting. The previous continuous leakageresilient IBE schemes either only achieve chosen-plaintext attacks security or the chosen-ciphertext attacks (CCA) security is proved in the selective identity model. Aiming to solve these problems, in this paper, we show how to construct the continuous leakage-resilient IBE scheme, and the scheme’s adaptive CCA security is proved in the standard model based on the hardness of decisional bilinear Diffie-Hellman exponent assumption. For any adversary, all elements in the ciphertext are random, and an adversary cannot obtain any leakage on the private key of user from the corresponding given ciphertext. Moreover, the leakage parameter of our proposal is independent of the plaintext space and has a constant size.     

基于身份的受控文档透明加解密方案

针对日益严峻的文档安全形势,为了更好地保护受控文档,将基于身份的加密机制与透明加密(OTFE)技术相结合,提出基于身份的受控文档透明加解密方案。采用文件系统过滤驱动技术监控程序对受控文档的操作,并使用基于身份的加密机制执行加解密操作。特别地,提出将原始密文耦合后分块存储的新算法,使得敌手不可能获取完整密文进而恢复出原始明文。从系统层面和算法层面对方案进行了详细描述,安全分析表明该方案能有效地保护受控文档。     

基于仲裁的SM9标识加密算法

SM9-IBE是我国于2016年发布的标识加密算法行业标准.标识加密算法以用户的标识(如邮件地址、身份证号等)作为公钥,从而降低系统管理用户密钥的复杂性.然而,标识加密算法的密钥撤销和更新问题却变得更加困难.此外,SM9算法的结构特殊使得已有技术无法完全适用于该算法.为此,本文提出一种基于仲裁的SM9标识加密算法,可快...     

An efficient CCA-secure cryptosystem over ideal lattices from identity-based encryption

We first construct an efficient IND-sID-CPA secure IBE cryptosystem from ideal lattices, and proceed with its security proof under the standard model in detail. Then with an asymptotically efficient strongly unforgeable one-time signature, we propose a new CCA secure public key encryption (PKE) scheme over ideal lattices by universal paradigm of IBE transformation. Performance of the resulting PKE system is very close to the underlying IBE scheme and its security can be tightly reduced to decisional R-LWE hardness assumption. Compared with known CCA secure PKE schemes from standard lattices, our new scheme is simpler and more efficient.     

基于身份密码学的安全性研究综述

目前IBE已经成为公钥加密领域的一个研究热点,而安全性是构建IBE方案的重要因素.在设计公钥加密方案时,通常主要考虑在各种攻击模型下所要达到的安全目标,使用安全目标与攻击模型相结合的方式来定义安全性.在对已提出的IBE方案进行归纳分析的基础上,概括了IBE安全性的形式化定义;总结了安全性所依赖的各种数学难题基础,对各种数学难题之间的强弱关系进行了分析;进而,基于这些强弱关系描述了IBE安全性之间的相互转化规律以及达到高安全性的转化方法,这些方法有一个共同点,就是在加密方案的构造过程中使用了某种测试;接下来,从安全性和效率的角度对比了已提出的典型IBE方案,指出低安全性向高安全性转化必然会带来额外开销,导致效率下降;最后,总结了IBE的缺点、未来研究趋势以及开放性问题.     

适用于移动用户高效访问外包数据的非对称代理重加密方案

为使移动设备更加方便快捷地解密存储于云端的外包数据,根据基于身份的广播加密（IBBE）系统和基于身份的加密（IBE）系统,使用Green等提出的解密外包的技术（GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts.Proceedings of the 20th USENIX Conference on Security.Berkeley：USENIX Association,2011：34）,提出一种改进的非对称跨加密系统的代理重加密（MACPRE）方案。该方案更适合计算能力有限的移动设备安全共享云端数据。移动用户在解密重加密后的数据时,运行一次指数运算和一次配对运算便可以将明文恢复,大大提高了移动用户解密的效率,降低了移动用户的能耗。该方案的安全性可以归约到底层的IBE方案和IBBE方案的安全性。理论分析和实验结果表明,该方案使得移动设备花费较少的时间便可以将存储在云端的数据解密,缓解了移动设备计算能力的不足,实用性较强。     

条件型非对称跨加密系统的代理重加密方案

为了减轻云应用中移动设备解密的负担,利用基于身份的广播加密（IBBE）、基于身份的加密（IBE）、基于身份的条件型广播代理重加密方案,提出了多条件型非对称跨加密系统的代理重加密方案。该方案允许发送方将信息加密成IBBE密文,一次性发送给多个接收方,其中任一接收方又可以授权给代理者一个多条件型的重加密密钥,代理者利用该多条件型重加密密钥,能将符合多个条件的原始密文重加密成一个新的接收方可以解密的IBE密文。该方案实现了从IBBE加密系统到IBE加密系统的非对称代理重加密,而且代理者可以根据条件将最初的原始密文进行重加密,避免了不需要进行重加密的原始密文被代理者重加密,提高了代理者重加密的效率,同时节约了接收方获悉正确明文的时间。     

Secure deduplication with efficient user revocation in cloud storage

Secure deduplication is a promising solution to greatly reduce the storage space of the cloud. However, the encryption key is deterministically derived from the plaintext, such that who owns the plaintext has the derived key to decrypt the ciphertext. Therefore, how to revoke a user in deduplication schemes is a critical challenge. In the existing work, when updating the data authority, the data owner has to download the data from the cloud, decrypt, re-encrypt and finally upload them to the cloud. This process increases the communication and computation overheads. In this paper, we first propose a multi-user updatable encryption scheme. Specifically, the data owner can update the remote ciphertext under a new group key by sending an update token to the cloud. Then we adopt this technique to propose a new secure deduplication scheme supporting efficiently revoking an unauthorized user. In our scheme, the data owner just needs to send a token to the cloud to update the data authority, which saves the communication and computation costs. The security and efficiency analysis demonstrate that our proposed deduplication scheme can achieve the desired security properties with high efficiency.     

新型安全电子邮件加密系统的设计与实现

基于身份公钥加密是一种以用户的身份标识符作为公钥的新型加密体制。本文首先介绍基于身份的公钥加密方案(IBE),给出IBE安全加密体制的基本框架结构与工作原理;设计了一个IBE密钥管理方案,实现IBE公钥和私钥的安全分发;提出了一套基于IBE的安全电子邮件系统,开发了一个PKG密钥服务器和Outlook邮件客户端加密插件,并实现IBE密钥管理方案;最后讨论了IBE邮件加密系统的安全问题。     

基于身份的同态密钥协商

在整数环上的同态加密机制和IBE公钥密码体制基础上,提出了基于IBE的同态密钥协商。该协议建立的会话密钥是等献的、前向保密的。和Diffie-Hellman系列密钥协商协议相比,所提出的密钥协商协议具有更快的运算速度;和基于口令的密钥协商协议相比,所提出的密钥协商协议具有较好的安全性。最后利用BAN逻辑证明了该协议的安全性。     

基于时间分割代理加密的一般性构造方法

基于时间分割代理加密是一种典型的代理密码方案,可以将解密权委托给代理解密者,从而减轻原解密者的解密负担,具有广泛的应用前景,但研究成果相对较少。基于身份加密可直接将用户的身份标识作为公钥,简化了公钥证书的管理,近年来受到广泛关注,研究者提出很多方案。根据基于时间分割代理加密和基于身份加密在算法构成和安全模型两方面的区别与联系,提出一个基于时间分割代理加密的一般性构造方法,并证明其安全性。该方法可将任意一个安全的基于身份加密方案转换成安全的基于时间分割代理加密方案。通过该方法得到标准模型下安全的基于时间分割代理加密方案,大大丰富了基于时间分割代理加密方案的数量和类型。     

一种改进的基于位置的攻击容忍WSN安全方案

基于身份的公钥体制(IBE)在无线传感网(WSN)中的安全应用越来越多,尤其是基于位置ID的攻击容忍安全方案研究已被广泛关注,但对WSN而言该方案主要面临两大问题:(1)基于双线性对的IBE计算耗费过大;(2)要求节点位置固定即不支持节点位置的移动。研究提出了一种面向WSN的轻量级IBE加密方案TinyCKE,利用ECC组合密钥实现基于ID的公钥加密机制,较基于双线性对的IBE更适用于计算资源受限的传感节点;基于TinyCKE设计改进了一种基于位置的攻击容忍安全方案,通过对节点位置范围标识及其ID私钥有效时间的统一管理,支持节点在允许范围内任意移动并支持基于ECC组合密钥的高效认证,且使恶意节点对私钥的攻击限定在一个更新周期内,具有对节点位置和私钥时间的攻击容忍性。     

一种基于商密SM9的高效标识广播加密方案

广播加密允许发送者为一组指定的用户同时加密数据,并通过公开信道传输密文.只有加密时指定的授权用户才能正确解密,非授权用户即使合谋也无法获得明文数据.得益于这些优点,广播加密被广泛用在云计算、物联网等应用中,实现多用户数据共享和秘密分享.SM9标识加密算法是我国自主设计的商用密码,用于数据加密,保护数据隐私,但只适用于单...     

可实现隐私保护的基于属性密文可搜索方案

针对现有的基于属性的密文可搜索方案存在隐私泄露问题以及当授权用户不在线时如何安全有效地将密文以及搜索权限委托给其他人的问题进行了研究,将隐藏访问结构的基于属性密文可搜索方案与代理重加密技术融合,提出了具有部分隐藏访问结构的支持代理重加密的功能的基于属性的密文检索方案。该方案不仅有效地解决了上述问题,而且还支持关键字的更新。最后在随机预言模型下基于DL(D-linear)假设和q-BDHE (decisional q-parallel bilinear Diffie-Hellman exponent)假设,证明了本方案的安全性。     

An efficient ID-based cryptographic encryption based on discrete logarithm problem and integer factorization problem

ID-based encryption (identity-based) is a very useful tool in cryptography. It has many potential applications. The security of traditional ID-based encryption scheme wholly depends on the security of secret keys. Exposure of secret keys requires reissuing all previously assigned encryptions. This limitation becomes more obvious today as key exposure is more common with increasing use of mobile and unprotected devices. Under this background, mitigating the damage of key exposure in ID-based encryption is an important problem. To deal with this problem, we propose to integrate forward security into ID-based encryption. In this paper, we propose a new construction of ID-based encryption scheme based on integer factorization problem and discrete logarithm problem is semantically secure against chosen plaintext attack (CPA) in random oracle model. We demonstrate that our scheme outperforms the other existing schemes in terms of security, computational cost and the length of public key.     

An IBE scheme using ECC combined public key

ECC combined public key is a new technology of scalable key management. In this paper, we propose an identity-based encryption (IBE) scheme using ECC combined public key (CPK). The scheme is based on bilinear maps between groups and proved semantically secure in the random oracle model under a variant of Computational Diffie-Hellman (CDH) assumption–Bilinear Diffie-Hellman (BDH) assumption.     

A survey of certificateless encryption schemes and security models

This paper surveys the literature on certificateless encryption schemes. In particular, we examine the large number of security models that have been proposed to prove the security of certificateless encryption schemes and propose a new nomenclature for these models. This allows us to “rank” the notions of security for a certificateless encryption scheme against an outside attacker and a passive key generation centre, and we suggest which of these notions should be regarded as the “correct” model for a secure certificateless encryption scheme. We also examine the security models that aim to provide security against an actively malicious key generation centre and against an outside attacker who attempts to deceive a legitimate sender into using an incorrect public key (with the intention to deny the legitimate receiver that ability to decrypt the ciphertext). We note that the existing malicious key generation centre model fails to capture realistic attacks that a malicious key generation centre might make and propose a new model. Lastly, we survey the existing certificateless encryption schemes and compare their security proofs. We show that few schemes provide the “correct” notion of security without appealing to the random oracle model. The few schemes that do provide sufficient security guarantees are comparatively inefficient. Hence, we conclude that more research is needed before certificateless encryption schemes can be thought to be a practical technology.     

基于身份加密的安全电子邮件系统

基于身份加密是一种以用户的身份标识符作为公钥的加密体制,文章介绍了基于身份的加密方案,与PKI进行了比较。分析了基于身份加密的电子邮件系统的交互模型和安全设计,给出了系统的具体实现。     

一种基于属性的固定密文长度广播加密方案*

针对目前基于属性的广播加密方案存在密文较长、加解密时计算花销较大等问题,提出了一种高效的密文策略的基于属性的广播加密方案。该方案基于椭圆曲线加密算法,采用动态门限访问结构,加密方可根据需要动态调整门限值。该方案仅当用户的身份信息包含在广播的授权用户集合中并且用户的属性包含在访问结构中时,解密方方可通过双线性配对运算进行密文解密。方案的密文长度及加解密双线性对运算次数固定,计算效率高并且通信开销小。仿真结果验证了方案的有效性。方案安全性是建立在q-BDHE假设之上,在标准模型下可证CPA安全。