In the setting of(t,n)threshold secret sharing,at least t parties can reconstruct the secret,and fewer than t parties learn nothing about the secret.However,to achieve fairness,the existing secret sharing schemes eith...In the setting of(t,n)threshold secret sharing,at least t parties can reconstruct the secret,and fewer than t parties learn nothing about the secret.However,to achieve fairness,the existing secret sharing schemes either assume a trusted party exists or require running multi-round,which is not practical in a real application.In addition,the cost of verification grows dramatically with the number of participants and the communication complexity is O(t),if there is not a trusted combiner in the reconstruction phase.In this work,we propose a fair server-aided multi-secret sharing scheme for weak computational devices.The malicious behavior of clients or server providers in the scheme can be verified,and the server provider learns nothing about the secret shadows and the secrets.Unlike other secret sharing schemes,our scheme does not require interaction among users and can work in asynchronous mode,which is suitable for mobile networks or cloud computing environments since weak computational mobile devices are not always online.Moreover,in the scheme,the secret shadow is reusable,and expensive computation such as reconstruction computation and homomorphic verification computation can be outsourced to the server provider,and the users only require a small amount of computation.展开更多
As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE ...As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE currently lacks revocation mechanism,which is vital for a real system.Worse still,we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE.Given the widespread use of SM9-IBE,an efficient and robust user revocation mechanism becomes an urgent issue.In this work,we propose a dedicated server-aided revocation mechanism,which for the first time achieves the secure,immediate and robust user revocation for SM9-IBE.Provided with a compact system model,the proposed method leverages an existing server to perform all heavy workloads during user revocation,thus leaving no communication and computation costs for the key generation center and users.Moreover,the mechanism supports key-exposure resistance,meaning the user revocation mechanism is robust even if the revocation key leaks.We then formally define and prove the security.At last,we present theoretical comparisons and an implementation in terms of computational latency and throughput.The results indicate the efficiency and practicability of the proposed mechanism.展开更多
As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE ...As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE currently lacks revocation mechanism,which is vital for a real system.Worse still,we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE.Given the widespread use of SM9-IBE,an efficient and robust user revocation mechanism becomes an urgent issue.In this work,we propose a dedicated server-aided revocation mechanism,which for the first time achieves the secure,immediate and robust user revocation for SM9-IBE.Provided with a compact system model,the proposed method leverages an existing server to perform all heavy workloads during user revocation,thus leaving no communication and computation costs for the key generation center and users.Moreover,the mechanism supports key-exposure resistance,meaning the user revocation mechanism is robust even if the revocation key leaks.We then formally define and prove the security.At last,we present theoretical comparisons and an implementation in terms of computational latency and throughput.The results indicate the efficiency and practicability of the proposed mechanism.展开更多
基金This work was supported by the National Natural Science Foundation of China(U1604156,61602158,61772176)Science and Technology Research Project of Henan Province(172102210045).
文摘In the setting of(t,n)threshold secret sharing,at least t parties can reconstruct the secret,and fewer than t parties learn nothing about the secret.However,to achieve fairness,the existing secret sharing schemes either assume a trusted party exists or require running multi-round,which is not practical in a real application.In addition,the cost of verification grows dramatically with the number of participants and the communication complexity is O(t),if there is not a trusted combiner in the reconstruction phase.In this work,we propose a fair server-aided multi-secret sharing scheme for weak computational devices.The malicious behavior of clients or server providers in the scheme can be verified,and the server provider learns nothing about the secret shadows and the secrets.Unlike other secret sharing schemes,our scheme does not require interaction among users and can work in asynchronous mode,which is suitable for mobile networks or cloud computing environments since weak computational mobile devices are not always online.Moreover,in the scheme,the secret shadow is reusable,and expensive computation such as reconstruction computation and homomorphic verification computation can be outsourced to the server provider,and the users only require a small amount of computation.
基金This work was partially supported by National Natural Science Foundation of China(Nos.61772520,61802392,61972094,61472416,61632020)Key Research and Development Project of Zhejiang Province(Nos.2017C01062,2020C01078)Beijing Municipal Science&Technology Commission(Project Number.Z191100007119007,Z191100007119002).
文摘As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE currently lacks revocation mechanism,which is vital for a real system.Worse still,we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE.Given the widespread use of SM9-IBE,an efficient and robust user revocation mechanism becomes an urgent issue.In this work,we propose a dedicated server-aided revocation mechanism,which for the first time achieves the secure,immediate and robust user revocation for SM9-IBE.Provided with a compact system model,the proposed method leverages an existing server to perform all heavy workloads during user revocation,thus leaving no communication and computation costs for the key generation center and users.Moreover,the mechanism supports key-exposure resistance,meaning the user revocation mechanism is robust even if the revocation key leaks.We then formally define and prove the security.At last,we present theoretical comparisons and an implementation in terms of computational latency and throughput.The results indicate the efficiency and practicability of the proposed mechanism.
基金partially supported by National Natural Science Foundation of China(Nos.61772520,61802392,61972094,61472416,61632020)Key Research and Development Project of Zhejiang Province(Nos.2017C01062,2020C01078)Beijing Municipal Science&Technology Commission(Project Number.Z191100007119007,Z191100007119002).
文摘As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE currently lacks revocation mechanism,which is vital for a real system.Worse still,we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE.Given the widespread use of SM9-IBE,an efficient and robust user revocation mechanism becomes an urgent issue.In this work,we propose a dedicated server-aided revocation mechanism,which for the first time achieves the secure,immediate and robust user revocation for SM9-IBE.Provided with a compact system model,the proposed method leverages an existing server to perform all heavy workloads during user revocation,thus leaving no communication and computation costs for the key generation center and users.Moreover,the mechanism supports key-exposure resistance,meaning the user revocation mechanism is robust even if the revocation key leaks.We then formally define and prove the security.At last,we present theoretical comparisons and an implementation in terms of computational latency and throughput.The results indicate the efficiency and practicability of the proposed mechanism.
