The Internet of Things(IoT)has taken the interconnected world by storm.Due to their immense applicability,IoT devices are being scaled at exponential proportions worldwide.But,very little focus has been given to secur...The Internet of Things(IoT)has taken the interconnected world by storm.Due to their immense applicability,IoT devices are being scaled at exponential proportions worldwide.But,very little focus has been given to securing such devices.As these devices are constrained in numerous aspects,it leaves network designers and administrators with no choice but to deploy them with minimal or no security at all.We have seen distributed denial-ofservice attacks being raised using such devices during the infamous Mirai botnet attack in 2016.Therefore we propose a lightweight authentication protocol to provide proper access to such devices.We have considered several aspects while designing our authentication protocol,such as scalability,movement,user registration,device registration,etc.To define the architecture we used a three-layered model consisting of cloud,fog,and edge devices.We have also proposed several pre-existing cipher suites based on post-quantum cryptography for evaluation and usage.We also provide a fail-safe mechanism for a situation where an authenticating server might fail,and the deployed IoT devices can self-organize to keep providing services with no human intervention.We find that our protocol works the fastest when using ring learning with errors.We prove the safety of our authentication protocol using the automated validation of Internet security protocols and applications tool.In conclusion,we propose a safe,hybrid,and fast authentication protocol for authenticating IoT devices in a fog computing environment.展开更多
Among several post quantum primitives proposed in the past few decades, lattice-based cryptography is considered as the most promising one, due to its underlying rich combinatorial structure, and the worst-case to ave...Among several post quantum primitives proposed in the past few decades, lattice-based cryptography is considered as the most promising one, due to its underlying rich combinatorial structure, and the worst-case to average-case reductions. The first lattice-based group signature scheme with verifier-local revocation(VLR) is treated as the first quantum-resistant scheme supported member revocation, and was put forward by Langlois et al. This VLR group signature(VLR-GS) has group public key size of O(nm log N log q), and a signature size of O(tm log N log q log β). Nguyen et al. constructed a simple efficient group signature from lattice, with significant advantages in bit-size of both the group public key and the signature. Based on their work, we present a VLR-GS scheme with group public key size of O(nm log q) and signature size of O(tm log q). Our group signature has notable advantages: support of membership revocation, and short in both the public key size and the signature size.展开更多
In order to achieve secure signcryption schemes in the quantum era, Li Fagen et al. [Concurrency and Computation: Practice and Experience, 2012, 25(4): 2112-2122] and Wang Fenghe et al. [Applied Mathematics & Inf...In order to achieve secure signcryption schemes in the quantum era, Li Fagen et al. [Concurrency and Computation: Practice and Experience, 2012, 25(4): 2112-2122] and Wang Fenghe et al. [Applied Mathematics & Information Sciences, 2012, 6(1): 23-28] have independently extended the concept of signcryption to lattice-based cryptography. However, their schemes are only secure under the random or- acle model. In this paper, we present a lattice-based signcryp- tion scheme which is secure under the standard model. We prove that our scheme achieves indistinguishability against adaptive chosen-ciphertext attacks (IND-CCA2) under the learning with errors (LWE) assumption and existential unforgeability against adaptive chosen-message attacks (EUF- CMA) under the small integer solution (SIS) assumption.展开更多
This paper proposes the first lattice-based sequential aggregate signature (SAS) scheme with lazy verification that is provably secure in the random oracle model. As opposed to large integer factoring and discrete l...This paper proposes the first lattice-based sequential aggregate signature (SAS) scheme with lazy verification that is provably secure in the random oracle model. As opposed to large integer factoring and discrete logarithm based systems, the security of the construction relies on worst-case lattice problem, namely, under the small integer solution (SIS) assumption. Generally speaking, SAS schemes enable any group of signers ordered in a chain to sequentially combine their signatures such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Unlike prior such proposals, the new scheme does not require a signer to retrieve the keys of other signers and verify the aggregate-so-far before adding its own signature, and the signer can add its own signature to an unverified aggregate and forward it along immediately, postponing verification until load permits or the necessary public keys are obtained. Indeed, the new scheme does not even require a signer to know the public keys of other signers.展开更多
Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built ...Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).展开更多
Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptogra...Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptography attracts much attention recently. Several efficient lattice-based ring signatures have been naturally constructed from lattice basis delegation, but all of them have large verification key sizes. Our observation finds that a new concept called the split- small integer solution (SIS) problem introduced by Nguyen et al. at PKC'I 5 is excellent in reducing the public key sizes of lattice-based ring signature schemes from basis delegation. In this research, we first define an extended concept called the extended split-SIS problem, and then prove that the hardness of the extended problem is as hard as the approximating shortest independent vectors problem (SIVP) problem within certain polynomial factor. Moreover, we present an improved ring signature and prove that it is anonymous and unforgeable against the insider corruption. Finally, we give two other improved existing ring signature schemes from lattices. In the end, we show the comparison with the original scheme in terms of the verification key sizes. Our research data illustrate that the public key sizes of the proposed schemes are reduced significantly.展开更多
Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In C...Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL- PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be cer- tificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large in- teger factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate- less encryption scheme based on lattices, more precisely, us- ing the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factoriza- tion and discrete logarithms, the most operations are matrix- vector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model.展开更多
Lattice-based hierarchical identity-based broadcast encryption(H-IBBE)schemes have broad application prospects in the quantum era,because it reduces the burden of private key generator(PKG)and is suitable for one-to-m...Lattice-based hierarchical identity-based broadcast encryption(H-IBBE)schemes have broad application prospects in the quantum era,because it reduces the burden of private key generator(PKG)and is suitable for one-to-many communication.However,previous lattice-based H-IBBE schemes are mostly constructed in the random oracle model with more complex trapdoor delegation process and have lower practical application.A lattice-based H-IBBE is proposed in the fixed dimension under the standard model,which mainly consists of binary tree encryption(BTE)system,MP12 trapdoor function and ABB10b trapdoor delegation algorithm.First,this paper uses BTE system to eliminate the random oracle so that the scheme can be implemented under the standard model,and it also uses MP12 trapdoor function to reduce trapdoor generation complexity and obtains a safe and efficient trapdoor matrix;Second,this paper uses ABB10b trapdoor delegation algorithm to delegate user爷s private key,and the trapdoor matrices'dimensions are the same before and after the trapdoor delegation.Comparative analysis shows that trapdoor delegation process reduces complexity,and the size of cipher-text and trapdoor matrix does not increase with deeper trapdoor delegation process.This paper achieves indistinguishability of cipher-texts under a selective chosen-cipher-text and chosen-identity attack(INDr-sID-CCA)security in the standard model based on learning with errors(LWE)hard assumption.展开更多
Dual receiver encryption(DRE)is an important cryptographic primitive introduced by Diament et al.at CCS’04,which allows two independent receivers to decrypt a same ciphertext to obtain the same plaintext.This primiti...Dual receiver encryption(DRE)is an important cryptographic primitive introduced by Diament et al.at CCS’04,which allows two independent receivers to decrypt a same ciphertext to obtain the same plaintext.This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols.In this paper,we obtain some results as follows.·Using weak lattice-based programmable hash functions(wLPHF)with high min-entropy(Crypto’16),we give a generic IND-CCA secure DRE construction in the standard model.Furthermore,we get a concrete DRE scheme by instantiating a concrete wLPHF with high min-entropy.·For DRE notion in the identity-based setting,identity-based DRE(IB-DRE),basing on lattice-based programmable hash functions(LPHF)with high min-entropy,we give a framework of IND-ID-CPA secure IB-DRE construction in the standard model.When instantiating with concrete LPHFs with high min-entropy,we obtain five concrete IB-DRE schemes.展开更多
Dual receiver encryption(DRE)is an important cryptographic primitive introduced by Diament et al.at CCS’04,which allows two independent receivers to decrypt a same ciphertext to obtain the same plaintext.This primiti...Dual receiver encryption(DRE)is an important cryptographic primitive introduced by Diament et al.at CCS’04,which allows two independent receivers to decrypt a same ciphertext to obtain the same plaintext.This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols.In this paper,we obtain some results as follows.·Using weak lattice-based programmable hash functions(wLPHF)with high min-entropy(Crypto’16),we give a generic IND-CCA secure DRE construction in the standard model.Furthermore,we get a concrete DRE scheme by instantiating a concrete wLPHF with high min-entropy.·For DRE notion in the identity-based setting,identity-based DRE(IB-DRE),basing on lattice-based programmable hash functions(LPHF)with high min-entropy,we give a framework of IND-ID-CPA secure IB-DRE construction in the standard model.When instantiating with concrete LPHFs with high min-entropy,we obtain five concrete IB-DRE schemes.展开更多
The rapid evolution of quantum computing poses significant threats to traditional cryptographic schemes,particularly in Decentralized Finance(DeFi)systems that rely on legacy mechanisms like RSA and ECDSA for digital ...The rapid evolution of quantum computing poses significant threats to traditional cryptographic schemes,particularly in Decentralized Finance(DeFi)systems that rely on legacy mechanisms like RSA and ECDSA for digital identity verification.This paper proposes a quantum-resilient,blockchain-based identity verification framework designed to address critical challenges in privacy preservation,scalability,and post-quantum security.The proposed model integrates Post-quantum Cryptography(PQC),specifically lattice-based cryptographic primitives,with Decentralized Identifiers(DIDs)and Zero-knowledge Proofs(ZKPs)to ensure verifiability,anonymity,and resistance to quantum attacks.A dual-layer architecture is introduced,comprising an identity layer for credential generation and validation,and an application layer for DeFi protocol integration.To evaluate its performance,the framework is tested on multiple real-world DeFi platforms using metrics such as verification latency,throughput,attack resistance,energy efficiency,and quantum attack simulation.The results demonstrate that the proposed framework achieves 90%latency reduction and over 35%throughput improvement compared to traditional blockchain identity solutions.It also exhibits a high quantum resistance score(95/100),with successful secure verification under simulated quantum adversaries.The revocation mechanism—implemented using Merkle-tree-based proofs—achieves average response times under 40 ms,and the system maintains secure operations with energy consumption below 9 J per authentication cycle.Additionally,the paper presents a security and cost tradeoff analysis using ZKP schemes such as Bulletproofs and STARKs,revealing superior bits-per-byte efficiency and reduced proof sizes.Real-world adoption scenarios,including integration with six major DeFi protocols,indicate a 25%increase in verified users and a 15%improvement in Total Value Locked(TVL).The proposed solution is projected to remain secure until 2041(basic version)and 2043(advanced version),ensuring long-term sustainability and future-proofing against evolving quantum threats.This work establishes a scalable,privacy-preserving identity model that aligns with emerging post-quantum security standards for decentralized ecosystems.展开更多
With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibilit...With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibility of information leakage.In this paper,we propose a anti-quantum dynamic authenticated group key agreement scheme(AQDA-GKA)according to the ring-learning with errors(RLWE)problem,which is suitable for IoT environments.First,the proposed AQDA-GKA scheme can implement a group key agreement against quantum computing attacks by leveraging an RLWE-based key agreement mechanism.Second,this scheme can achieve dynamic node management,ensuring that any node can freely join or exit the current group.Third,we formally prove that the proposed scheme can resist quantum computing attacks as well as collusion attacks.Finally,the performance and security analysis reveals that the proposed AQDA-GKA scheme is secure and effective.展开更多
Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in differ...Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.展开更多
By integrating topology optimization and lattice-based optimization,a novel multi-scale design method is proposed to create solid-lattice hybrid structures and thus to improve the mechanical performance as well as red...By integrating topology optimization and lattice-based optimization,a novel multi-scale design method is proposed to create solid-lattice hybrid structures and thus to improve the mechanical performance as well as reduce the structural weight.To achieve this purpose,a two-step procedure is developed to design and optimize the innovative structures.Initially,the classical topology optimization is utilized to find the optimal material layout and primary load carrying paths.Afterwards,the solid-lattice hybrid structures are reconstructed using the finite element mesh based modeling method.And lattice-based optimization is performed to obtain the optimal crosssection area of the lattice structures.Finally,two typical aerospace structures are optimized to demonstrate the effectiveness of the proposed optimization framework.The numerical results are quite encouraging since the solid-lattice hybrid structures obtained by the presented approach show remarkably improved performance when compared with traditional designs.展开更多
Blind signature allows a user to get a signature of a signer on an arbitrary message,and the verifier can convince that the signature is indeed signed by the signer without leaking any information about the message.Th...Blind signature allows a user to get a signature of a signer on an arbitrary message,and the verifier can convince that the signature is indeed signed by the signer without leaking any information about the message.This property is necessary when the user’s privacy needs protection,such as a bank bill,a trade secret,etc.As an alternative of public key infrastructure,the identity-based system can simplify the key management procedures in certificate-based public key systems.Inspired by the requirement of identity-based blind signature in the post quantum world,we research on identity-based blind signature based on hard lattice problems under the random Oracle model.We propose a construction built upon the blind signature by Rückert,and it is proved to be one-more unforgeable against selective identity and chosen message attacks(s ID-CMA)and unconditionally blind.The proposed scheme has 2 moves,and its security can be reduced to the small integer solution(SIS)problem.展开更多
Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Insp...Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Inspired by the pioneering work of Bellare and Fuchsbauer,we present a primitive called policy-based group signature.In policy-based group signatures,group members can on behalf of the group to sign documents that meet their own policies,and the generated signatures will not leak the identity and policies of the signer.Moreover,the group administrator is allowed to reveal the identity of signer when a controversy occurs.Through the analysis of application scenarios,we concluded that the policy-based group signature needs to meet two essential security properties:simulatability and traceability.And we construct a scheme of policy-based group signature from lattice through techniques such as commitment,zero-knowledge proof,rejection sampling.The security of our scheme is proved to be reduced to the module short integer solution(MSIS)and module learning with errors(MLWE)hard assumptions.Furthermore,we make a performance comparison between our scheme and three lattice-based group signature schemes.The result shows that our scheme has more advantages in storage overhead and the sizes of key and signature are decreased roughly by 83.13%,46.01%,respectively,compared with other schemes.展开更多
Lattice-based digital signature has become one of the widely recognized post-quantum algorithms because of its simple algebraic operation,rich mathematical foundation and worst-case security,and also an important tool...Lattice-based digital signature has become one of the widely recognized post-quantum algorithms because of its simple algebraic operation,rich mathematical foundation and worst-case security,and also an important tool for constructing cryptography.This survey explores lattice-based digital signatures,a promising post-quantum resistant alternative to traditional schemes relying on factoring or discrete logarithm problems,which face increasing risks from quantum computing.The study covers conventional paradigms like Hash-and-Sign and Fiat-Shamir,as well as specialized applications including group,ring,blind,and proxy signatures.It analyzes the versatility and security strengths of lattice-based schemes,providing practical insights.Each chapter summarizes advancements in schemes,identifying emerging trends.We also pinpoint future directions to deploy lattice-based digital signatures including quantum cryptography.展开更多
Since the advent of Bitcoin,cryptocurrencies have gained substantial popularity,and crypto wallets have evolved into the predominant tool for safeguarding and managing cryptographic keys to access cryptocurrency funds...Since the advent of Bitcoin,cryptocurrencies have gained substantial popularity,and crypto wallets have evolved into the predominant tool for safeguarding and managing cryptographic keys to access cryptocurrency funds.Deterministic wallets are proposed as an advanced wallet mechanism to provide benefits such as low-maintenance,easy backup and recovery,and support for functionalities required by cryptocurrencies.Alkeilani Alkadri et al.(ACM CCS’20)presented the first post-quantum secure deterministic wallet scheme,but it exhibits a gap to bridge before achieving practical applicability,as reflected in both their concrete parameters size and computational efficiency.In this paper,we propose an efficient post-quantum secure deterministic wallet scheme.In particular,we present a new construction method for deterministic wallets,prove the security in the quantum random oracle model,and provide an efficient instantiation.The comparison result,with the work of Alkeilani Alkadri et al.(ACM CCS’20),shows our work has a comprehensive improvement on efficiency,e.g.,the pk size is≈40.7 times shorter,sk is≈9.2 times shorter,and the signing time is≈3.1 times faster.展开更多
In this work,we make systematic optimizations of key encapsulation mechanisms based on Module Learning-with-Errors,covering algorithmic design,fundamental operation of the Number Theoretic Transform(NTT),approaches to...In this work,we make systematic optimizations of key encapsulation mechanisms based on Module Learning-with-Errors,covering algorithmic design,fundamental operation of the Number Theoretic Transform(NTT),approaches to expanding the encapsulated key size,and AVX2/ARM implementations.We observe that decryption can be simplified,leading to a both faster and less error-prone decryption process.Based on a systematic study of variants of NTT,we present a new variant named hybrid-NTT that combines the advantages of existing NTT methods,and derive its optimality in computational complexity.We analyze and compare the different approaches to expand the size of the key to be encapsulated and conclude with the most economic approach.Each above optimization technique is of independent value,and we apply all of them to KYBER and Aigis,resulting in new scheme variants named OSKR and OKAI,respectively.For all new schemes proposed in this work,we provide optimized AVX2 and ARM Cortex-M4 implementations and present the performance benchmarks.Our AVX2 implementation provides up to 19.7%and 26.4%speedups compared with KYBER and Aigis,respectively.Meanwhile,with our new parameter set and optimization techniques,we show up to a 17%improvement compared with KYBER on the ARM Cortex-M4 platform.展开更多
The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into...The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into four groups:lattice methods,algebraic methods,combinatorial methods,and exhaustive searching.The Blum–Kalai–Wasserman(BKW)algorithm is an important variety of combinatorial algorithms,which was first presented for solving the Learning Parity With Noise(LPN)problem and then extended to solve LWE.In this paper,we give an overview of BKW algorithms for solving LWE.We introduce the framework and key techniques of BKW algorithms and make comparisons between different BKW algorithms and also with lattice methods by estimating concrete security of specific LWE instances.We also briefly discuss the current problems and potential future directions of BKW algorithms.展开更多
文摘The Internet of Things(IoT)has taken the interconnected world by storm.Due to their immense applicability,IoT devices are being scaled at exponential proportions worldwide.But,very little focus has been given to securing such devices.As these devices are constrained in numerous aspects,it leaves network designers and administrators with no choice but to deploy them with minimal or no security at all.We have seen distributed denial-ofservice attacks being raised using such devices during the infamous Mirai botnet attack in 2016.Therefore we propose a lightweight authentication protocol to provide proper access to such devices.We have considered several aspects while designing our authentication protocol,such as scalability,movement,user registration,device registration,etc.To define the architecture we used a three-layered model consisting of cloud,fog,and edge devices.We have also proposed several pre-existing cipher suites based on post-quantum cryptography for evaluation and usage.We also provide a fail-safe mechanism for a situation where an authenticating server might fail,and the deployed IoT devices can self-organize to keep providing services with no human intervention.We find that our protocol works the fastest when using ring learning with errors.We prove the safety of our authentication protocol using the automated validation of Internet security protocols and applications tool.In conclusion,we propose a safe,hybrid,and fast authentication protocol for authenticating IoT devices in a fog computing environment.
基金the National Natural Science Foundations of China(Nos.61472309,61672412,61572390and 61402353)the 111 Project(No.B08038)Research Program of Anhui Education Committee(Nos.KJ2016A626,KJ2016A627)
文摘Among several post quantum primitives proposed in the past few decades, lattice-based cryptography is considered as the most promising one, due to its underlying rich combinatorial structure, and the worst-case to average-case reductions. The first lattice-based group signature scheme with verifier-local revocation(VLR) is treated as the first quantum-resistant scheme supported member revocation, and was put forward by Langlois et al. This VLR group signature(VLR-GS) has group public key size of O(nm log N log q), and a signature size of O(tm log N log q log β). Nguyen et al. constructed a simple efficient group signature from lattice, with significant advantages in bit-size of both the group public key and the signature. Based on their work, we present a VLR-GS scheme with group public key size of O(nm log q) and signature size of O(tm log q). Our group signature has notable advantages: support of membership revocation, and short in both the public key size and the signature size.
基金This work was supported by the National Natural Science Foundation of China (Grant Nos. 61272057, 61202434, 61170270, 61100203, 61003286, 61121061), the Fundamental Research Funds for the Central Universities (2012RC0612, 2011YB01), Langfang Teachers University Youth Fund (LSZQ200804), Hebei Education Funds for Youth Project (Q2012020, QN20131077).
文摘In order to achieve secure signcryption schemes in the quantum era, Li Fagen et al. [Concurrency and Computation: Practice and Experience, 2012, 25(4): 2112-2122] and Wang Fenghe et al. [Applied Mathematics & Information Sciences, 2012, 6(1): 23-28] have independently extended the concept of signcryption to lattice-based cryptography. However, their schemes are only secure under the random or- acle model. In this paper, we present a lattice-based signcryp- tion scheme which is secure under the standard model. We prove that our scheme achieves indistinguishability against adaptive chosen-ciphertext attacks (IND-CCA2) under the learning with errors (LWE) assumption and existential unforgeability against adaptive chosen-message attacks (EUF- CMA) under the small integer solution (SIS) assumption.
基金supported by the National Natural Science Foundations of China (61173151, 61472309)
文摘This paper proposes the first lattice-based sequential aggregate signature (SAS) scheme with lazy verification that is provably secure in the random oracle model. As opposed to large integer factoring and discrete logarithm based systems, the security of the construction relies on worst-case lattice problem, namely, under the small integer solution (SIS) assumption. Generally speaking, SAS schemes enable any group of signers ordered in a chain to sequentially combine their signatures such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Unlike prior such proposals, the new scheme does not require a signer to retrieve the keys of other signers and verify the aggregate-so-far before adding its own signature, and the signer can add its own signature to an unverified aggregate and forward it along immediately, postponing verification until load permits or the necessary public keys are obtained. Indeed, the new scheme does not even require a signer to know the public keys of other signers.
基金Project supported by the National Key R&D Program of China(No.2017YFB0802000)the National Natural Science Foundation of China(Nos.61672412,61472309,and 61572390)the China Scholarship Council(No.201406960041)
文摘Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).
基金supported by the National Natural Science Foundations of China (61472309, 61572390, 61303198, 61402353)the 111 Project (B08038)+1 种基金National Natural Science Foundations of Ningbo (201601HJ-B01382)Research Program of Anhui Education Committee (KJ2016A626, KJ2016A627)
文摘Ring signature enables the members to sign anonymously without a manager, it has many online applications, such as e-voting, e-money, whistle blowing etc. As a promising post-quantum candidate, lattice-based cryptography attracts much attention recently. Several efficient lattice-based ring signatures have been naturally constructed from lattice basis delegation, but all of them have large verification key sizes. Our observation finds that a new concept called the split- small integer solution (SIS) problem introduced by Nguyen et al. at PKC'I 5 is excellent in reducing the public key sizes of lattice-based ring signature schemes from basis delegation. In this research, we first define an extended concept called the extended split-SIS problem, and then prove that the hardness of the extended problem is as hard as the approximating shortest independent vectors problem (SIVP) problem within certain polynomial factor. Moreover, we present an improved ring signature and prove that it is anonymous and unforgeable against the insider corruption. Finally, we give two other improved existing ring signature schemes from lattices. In the end, we show the comparison with the original scheme in terms of the verification key sizes. Our research data illustrate that the public key sizes of the proposed schemes are reduced significantly.
基金This work was supported by the National Natural Science Foundations of China (Grant Nos. 61173151, 61173152 and 61100229) and Huawei Technologies Co., Ltd., (YBCB2011116).
文摘Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL- PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be cer- tificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large in- teger factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate- less encryption scheme based on lattices, more precisely, us- ing the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factoriza- tion and discrete logarithms, the most operations are matrix- vector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model.
基金supported by the National Natural Science Foundation of China (61300216)the ‘13th Five-Year’ National Crypto Development Foundation (MMJJ20170122)+2 种基金the Project of Education Department of Henan Province (16A520013,18A413001)the Natural Science Foundation of Henan Polytechnic University (T2018-1)the Doctoral Fund of Henan Polytechnic University (B2014-044,B2016-36)
文摘Lattice-based hierarchical identity-based broadcast encryption(H-IBBE)schemes have broad application prospects in the quantum era,because it reduces the burden of private key generator(PKG)and is suitable for one-to-many communication.However,previous lattice-based H-IBBE schemes are mostly constructed in the random oracle model with more complex trapdoor delegation process and have lower practical application.A lattice-based H-IBBE is proposed in the fixed dimension under the standard model,which mainly consists of binary tree encryption(BTE)system,MP12 trapdoor function and ABB10b trapdoor delegation algorithm.First,this paper uses BTE system to eliminate the random oracle so that the scheme can be implemented under the standard model,and it also uses MP12 trapdoor function to reduce trapdoor generation complexity and obtains a safe and efficient trapdoor matrix;Second,this paper uses ABB10b trapdoor delegation algorithm to delegate user爷s private key,and the trapdoor matrices'dimensions are the same before and after the trapdoor delegation.Comparative analysis shows that trapdoor delegation process reduces complexity,and the size of cipher-text and trapdoor matrix does not increase with deeper trapdoor delegation process.This paper achieves indistinguishability of cipher-texts under a selective chosen-cipher-text and chosen-identity attack(INDr-sID-CCA)security in the standard model based on learning with errors(LWE)hard assumption.
基金This work was supported by National Natural Science Foundation of China(Grant No.61379141 and No.61772521)Key Research Program of Frontier Sciences,CAS(Grant No.QYZDB-SSW-SYS035),and the Open Project Program of the State Key Laboratory of Cryptology.
文摘Dual receiver encryption(DRE)is an important cryptographic primitive introduced by Diament et al.at CCS’04,which allows two independent receivers to decrypt a same ciphertext to obtain the same plaintext.This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols.In this paper,we obtain some results as follows.·Using weak lattice-based programmable hash functions(wLPHF)with high min-entropy(Crypto’16),we give a generic IND-CCA secure DRE construction in the standard model.Furthermore,we get a concrete DRE scheme by instantiating a concrete wLPHF with high min-entropy.·For DRE notion in the identity-based setting,identity-based DRE(IB-DRE),basing on lattice-based programmable hash functions(LPHF)with high min-entropy,we give a framework of IND-ID-CPA secure IB-DRE construction in the standard model.When instantiating with concrete LPHFs with high min-entropy,we obtain five concrete IB-DRE schemes.
基金supported by National Natural Science Foundation of China(Grant No.61379141 and No.61772521)Key Research Program of Frontier Sciences,CAS(Grant No.QYZDB-SSW-SYS035)the Open Project Program of the State Key Laboratory of Cryptology.
文摘Dual receiver encryption(DRE)is an important cryptographic primitive introduced by Diament et al.at CCS’04,which allows two independent receivers to decrypt a same ciphertext to obtain the same plaintext.This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols.In this paper,we obtain some results as follows.·Using weak lattice-based programmable hash functions(wLPHF)with high min-entropy(Crypto’16),we give a generic IND-CCA secure DRE construction in the standard model.Furthermore,we get a concrete DRE scheme by instantiating a concrete wLPHF with high min-entropy.·For DRE notion in the identity-based setting,identity-based DRE(IB-DRE),basing on lattice-based programmable hash functions(LPHF)with high min-entropy,we give a framework of IND-ID-CPA secure IB-DRE construction in the standard model.When instantiating with concrete LPHFs with high min-entropy,we obtain five concrete IB-DRE schemes.
文摘The rapid evolution of quantum computing poses significant threats to traditional cryptographic schemes,particularly in Decentralized Finance(DeFi)systems that rely on legacy mechanisms like RSA and ECDSA for digital identity verification.This paper proposes a quantum-resilient,blockchain-based identity verification framework designed to address critical challenges in privacy preservation,scalability,and post-quantum security.The proposed model integrates Post-quantum Cryptography(PQC),specifically lattice-based cryptographic primitives,with Decentralized Identifiers(DIDs)and Zero-knowledge Proofs(ZKPs)to ensure verifiability,anonymity,and resistance to quantum attacks.A dual-layer architecture is introduced,comprising an identity layer for credential generation and validation,and an application layer for DeFi protocol integration.To evaluate its performance,the framework is tested on multiple real-world DeFi platforms using metrics such as verification latency,throughput,attack resistance,energy efficiency,and quantum attack simulation.The results demonstrate that the proposed framework achieves 90%latency reduction and over 35%throughput improvement compared to traditional blockchain identity solutions.It also exhibits a high quantum resistance score(95/100),with successful secure verification under simulated quantum adversaries.The revocation mechanism—implemented using Merkle-tree-based proofs—achieves average response times under 40 ms,and the system maintains secure operations with energy consumption below 9 J per authentication cycle.Additionally,the paper presents a security and cost tradeoff analysis using ZKP schemes such as Bulletproofs and STARKs,revealing superior bits-per-byte efficiency and reduced proof sizes.Real-world adoption scenarios,including integration with six major DeFi protocols,indicate a 25%increase in verified users and a 15%improvement in Total Value Locked(TVL).The proposed solution is projected to remain secure until 2041(basic version)and 2043(advanced version),ensuring long-term sustainability and future-proofing against evolving quantum threats.This work establishes a scalable,privacy-preserving identity model that aligns with emerging post-quantum security standards for decentralized ecosystems.
基金Supported by the National Engineering Research Center of Classified Protection and Safeguard Technology for Cybersecurity(No.C23640-XD-07)the Open Foundation of Key Laboratory of Cyberspace Security of Ministry of Education of China and Henan Key Laboratory of Network Cryptography(No.KLCS20240301)。
文摘With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibility of information leakage.In this paper,we propose a anti-quantum dynamic authenticated group key agreement scheme(AQDA-GKA)according to the ring-learning with errors(RLWE)problem,which is suitable for IoT environments.First,the proposed AQDA-GKA scheme can implement a group key agreement against quantum computing attacks by leveraging an RLWE-based key agreement mechanism.Second,this scheme can achieve dynamic node management,ensuring that any node can freely join or exit the current group.Third,we formally prove that the proposed scheme can resist quantum computing attacks as well as collusion attacks.Finally,the performance and security analysis reveals that the proposed AQDA-GKA scheme is secure and effective.
基金This work was supported by the Defense Industrial Technology Development Program(Grant No.JCKY2021208B036).
文摘Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.
基金supported by National Key Research and Development Program(No.2017YFB1102800)Key Project of NSFC(Nos.51790171 and 51761145111)NSFC for Excellent Young Scholars(No.11722219)。
文摘By integrating topology optimization and lattice-based optimization,a novel multi-scale design method is proposed to create solid-lattice hybrid structures and thus to improve the mechanical performance as well as reduce the structural weight.To achieve this purpose,a two-step procedure is developed to design and optimize the innovative structures.Initially,the classical topology optimization is utilized to find the optimal material layout and primary load carrying paths.Afterwards,the solid-lattice hybrid structures are reconstructed using the finite element mesh based modeling method.And lattice-based optimization is performed to obtain the optimal crosssection area of the lattice structures.Finally,two typical aerospace structures are optimized to demonstrate the effectiveness of the proposed optimization framework.The numerical results are quite encouraging since the solid-lattice hybrid structures obtained by the presented approach show remarkably improved performance when compared with traditional designs.
基金Supported by the National Natural Science Foundation of China(61472309,61572390,61672412,61402353)
文摘Blind signature allows a user to get a signature of a signer on an arbitrary message,and the verifier can convince that the signature is indeed signed by the signer without leaking any information about the message.This property is necessary when the user’s privacy needs protection,such as a bank bill,a trade secret,etc.As an alternative of public key infrastructure,the identity-based system can simplify the key management procedures in certificate-based public key systems.Inspired by the requirement of identity-based blind signature in the post quantum world,we research on identity-based blind signature based on hard lattice problems under the random Oracle model.We propose a construction built upon the blind signature by Rückert,and it is proved to be one-more unforgeable against selective identity and chosen message attacks(s ID-CMA)and unconditionally blind.The proposed scheme has 2 moves,and its security can be reduced to the small integer solution(SIS)problem.
基金supported by the National Natural Science Foundation of China(61802117)Support Plan of Scientific and Technological Innovation Team in Universities of Henan Province(20IRTSTHN013)the Youth Backbone Teacher Support Program of Henan Polytechnic University under Grant(2018XQG-10).
文摘Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Inspired by the pioneering work of Bellare and Fuchsbauer,we present a primitive called policy-based group signature.In policy-based group signatures,group members can on behalf of the group to sign documents that meet their own policies,and the generated signatures will not leak the identity and policies of the signer.Moreover,the group administrator is allowed to reveal the identity of signer when a controversy occurs.Through the analysis of application scenarios,we concluded that the policy-based group signature needs to meet two essential security properties:simulatability and traceability.And we construct a scheme of policy-based group signature from lattice through techniques such as commitment,zero-knowledge proof,rejection sampling.The security of our scheme is proved to be reduced to the module short integer solution(MSIS)and module learning with errors(MLWE)hard assumptions.Furthermore,we make a performance comparison between our scheme and three lattice-based group signature schemes.The result shows that our scheme has more advantages in storage overhead and the sizes of key and signature are decreased roughly by 83.13%,46.01%,respectively,compared with other schemes.
基金supported by National Key R and D Program of China(Grant No.2022ZD0116800).
文摘Lattice-based digital signature has become one of the widely recognized post-quantum algorithms because of its simple algebraic operation,rich mathematical foundation and worst-case security,and also an important tool for constructing cryptography.This survey explores lattice-based digital signatures,a promising post-quantum resistant alternative to traditional schemes relying on factoring or discrete logarithm problems,which face increasing risks from quantum computing.The study covers conventional paradigms like Hash-and-Sign and Fiat-Shamir,as well as specialized applications including group,ring,blind,and proxy signatures.It analyzes the versatility and security strengths of lattice-based schemes,providing practical insights.Each chapter summarizes advancements in schemes,identifying emerging trends.We also pinpoint future directions to deploy lattice-based digital signatures including quantum cryptography.
基金supported by the National Natural Science Foundation of China(62072305).
文摘Since the advent of Bitcoin,cryptocurrencies have gained substantial popularity,and crypto wallets have evolved into the predominant tool for safeguarding and managing cryptographic keys to access cryptocurrency funds.Deterministic wallets are proposed as an advanced wallet mechanism to provide benefits such as low-maintenance,easy backup and recovery,and support for functionalities required by cryptocurrencies.Alkeilani Alkadri et al.(ACM CCS’20)presented the first post-quantum secure deterministic wallet scheme,but it exhibits a gap to bridge before achieving practical applicability,as reflected in both their concrete parameters size and computational efficiency.In this paper,we propose an efficient post-quantum secure deterministic wallet scheme.In particular,we present a new construction method for deterministic wallets,prove the security in the quantum random oracle model,and provide an efficient instantiation.The comparison result,with the work of Alkeilani Alkadri et al.(ACM CCS’20),shows our work has a comprehensive improvement on efficiency,e.g.,the pk size is≈40.7 times shorter,sk is≈9.2 times shorter,and the signing time is≈3.1 times faster.
基金supported by the National Key Research and Development Program of China under Grant No.2022YFB2701600the General Project of the State Key Laboratory of Cryptography under Grant No.MMKFKT202227+1 种基金the Technical Standard Project of Shanghai Scientific and Technological Committee under Grant No.21DZ2200500the Shanghai Collaborative Innovation Fund under Grant No.XTCX-KJ-2023-54.
文摘In this work,we make systematic optimizations of key encapsulation mechanisms based on Module Learning-with-Errors,covering algorithmic design,fundamental operation of the Number Theoretic Transform(NTT),approaches to expanding the encapsulated key size,and AVX2/ARM implementations.We observe that decryption can be simplified,leading to a both faster and less error-prone decryption process.Based on a systematic study of variants of NTT,we present a new variant named hybrid-NTT that combines the advantages of existing NTT methods,and derive its optimality in computational complexity.We analyze and compare the different approaches to expand the size of the key to be encapsulated and conclude with the most economic approach.Each above optimization technique is of independent value,and we apply all of them to KYBER and Aigis,resulting in new scheme variants named OSKR and OKAI,respectively.For all new schemes proposed in this work,we provide optimized AVX2 and ARM Cortex-M4 implementations and present the performance benchmarks.Our AVX2 implementation provides up to 19.7%and 26.4%speedups compared with KYBER and Aigis,respectively.Meanwhile,with our new parameter set and optimization techniques,we show up to a 17%improvement compared with KYBER on the ARM Cortex-M4 platform.
基金supported by National Natural Science Foundation of China(No.U1936209).
文摘The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into four groups:lattice methods,algebraic methods,combinatorial methods,and exhaustive searching.The Blum–Kalai–Wasserman(BKW)algorithm is an important variety of combinatorial algorithms,which was first presented for solving the Learning Parity With Noise(LPN)problem and then extended to solve LWE.In this paper,we give an overview of BKW algorithms for solving LWE.We introduce the framework and key techniques of BKW algorithms and make comparisons between different BKW algorithms and also with lattice methods by estimating concrete security of specific LWE instances.We also briefly discuss the current problems and potential future directions of BKW algorithms.
