In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive se...In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive security) under three static(i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.展开更多
This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphe...This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphertexts. Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network. Finally, the proposed schemes are provable security under the decision generalized bilinear Diffi-Hellman (GBDH) assumption in the random oracles model.展开更多
To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chos...To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chosen ciphertext security model,by using identity(ID) sequence and adding additional information in ciphertext,the self-adaptive chosen identity security(the full security) and the chosen ciphertext security are gained simultaneously.The reduction of scheme's security is the decisional bilinear Diffie-Hellman(BDH) intractable assumption,and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption.So the security level is improved,and it is suitable for higher security environment.展开更多
Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of us...Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.展开更多
The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However...The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.展开更多
Broadcast encryption (BE) allows a sender to broadcast its message to a set of receivers in a single ciphertext. However, in broadcast encryption scheme, ciphertext length is always related to the size of the receiver...Broadcast encryption (BE) allows a sender to broadcast its message to a set of receivers in a single ciphertext. However, in broadcast encryption scheme, ciphertext length is always related to the size of the receiver set. Thus, how to improve the communication of broadcast encryption is a big issue. In this paper, we proposed an identity-based homomorphic broadcast encryption scheme which supports an external entity to directly calculate ciphertexts and get a new ciphertext which is the corresponding result of the operation on plaintexts without decrypting them. The correctness and security proofs of our scheme were formally proved. Finally, we implemented our scheme in a simulation environment and the experiment results showed that our scheme is efficient for practical applications.展开更多
An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-intera...An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.展开更多
This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key s...This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).展开更多
In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the ...In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.展开更多
Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the...Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.展开更多
A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances priv...A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.展开更多
Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present...Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user's ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.展开更多
In this paper,we introduce a novel way to solve thetradeoff problem about communication,storage,computation overhead of broadcast encryptionscheme.We construct a new scheme based on SubsetDifference(SD)scheme,use the ...In this paper,we introduce a novel way to solve thetradeoff problem about communication,storage,computation overhead of broadcast encryptionscheme.We construct a new scheme based on SubsetDifference(SD)scheme,use the concept of RSAaccumulator and the idea of separating the user-sidedevice into different function parts,take advantageof the public device’s functionality,minimize thestorage and computation overhead of the privatedevice,and make the broadcast encryption schememore implementation-oriented.展开更多
A novel broadcast encryption scheme for group communication scenarios in distributed networks is presented. In the scheme, anyone is allowed to encrypt a message and distribute it to a designated group. Each member in...A novel broadcast encryption scheme for group communication scenarios in distributed networks is presented. In the scheme, anyone is allowed to encrypt a message and distribute it to a designated group. Each member in the designated group has the ability to independently decrypt a ciphertext. In contrast to traditional broadcast encryption, all the valid receivers in the proposed scheme compose the designated group. To take advantage of this property, a tab for the group is set and the matching private key for each member is generated. In addition, before decrypting a ciphertext, anyone in the scheme can verify the ciphertext, to ensure that the ciphertext is correct. This property is very important for large-scale group communication, as the gateway can filter incorrect ciphertext and alleviate the receiver's workload. Finally, a proof in the random oracle model is given, to show that the proposed scheme is secure against the adaptively chosen ciphertext attack.展开更多
In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA a...In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA and develop this idea from two-party to multi-party, and combine this multi-party public key idea with the multiplication in ring R of NTRU. What we get from this design is extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and revocation property, etc. Moreover, this novel work contains other desirable features, such as traitor tracing. With its complexity only O(log2n), the tracing algorithm of this system is more efficient than that of the previous ones.展开更多
This paper introduced a novel method for implementing broadcast encryption. Our scheme takes advantages of bilinear map and group characteristic, and shifts most of the storage overhead to the public device instead of...This paper introduced a novel method for implementing broadcast encryption. Our scheme takes advantages of bilinear map and group characteristic, and shifts most of the storage overhead to the public device instead of storing in the tamper-proof device which is a major problem on current implementation. Furthermore, the broadcast keys in our scheme could be reused periodically resulting in more operational efficiency.展开更多
VANET security is an evolving topic in mobile networks, as providing a secure layer of communications in such a dynamic and fast network is a challenge. The work presented in this article was conducted in order to ver...VANET security is an evolving topic in mobile networks, as providing a secure layer of communications in such a dynamic and fast network is a challenge. The work presented in this article was conducted in order to verify and evaluate the feasibility of applying group broadcast cryptography to the VANET environment, as an attempt to gain performance by decreasing the number of messages in the wireless network. Group broadcast is a symmetric/asymmetric hybrid cryptography method, aiming to merge the best of the two approaches without their major drawbacks. Simulations were set-up and run using the ONE simulator, comparing the usage of the three different cryptography approaches for VANETs. Results consider the number of connections, the number messages and the number of revocation messages per day. The resulting data promises that group broadcast encryption can be used to simplify the encrypting phase, reduce required storage and significantly decrease the number of messages in the network.展开更多
Identity-based encryption with equality test(IBEET)is proposed to check whether the underlying messages of ciphertexts,even those encrypted with different public keys,are the same or not without decryption.Since peopl...Identity-based encryption with equality test(IBEET)is proposed to check whether the underlying messages of ciphertexts,even those encrypted with different public keys,are the same or not without decryption.Since people prefer to encrypt before outsourcing their data for privacy protection nowadays,the research of IBEET on cloud computing applications naturally attracts attention.However,we claim that the existing IBEET schemes suffer from the illegal trapdoor sharing problem caused by the inherited key escrow problem of the Identity-Based Encryption(IBE)mechanism.In traditional IBEET,the private key generator(PKG)with the master secret key generates trapdoors for all authorized cloud servers.Considering the reality in practice,the PKG is usually not fully trusted.In this case,the Private-Key Generator(PKG)may generate,share,or even sell any trapdoor without any risk of being caught,or not being held accountable,which may lead to serious consequences such as the illegal sharing of a gene bank's trapdoors.In this paper,to relieve the illegal trapdoor sharing problem in IBEET,we present a new notion,called IBEET Supporting Accountable Authorization(IBEET-AA).In IBEET-AA,if there is a disputed trapdoor,the generator will be distinguished among the PKG and suspected testers by an additional tracing algorithm.For the additional tracing function,except for the traditional indistinguishability(IND)and one-way(OW)security models in IBEET,we define three more security models to protect the tracing security against dishonest authorizers,PKG,and testers,respectively.Based on Gentry's IBE scheme,we instantiate IBEET-AA and give a specific construction along with a formalized security proof with random oracles.展开更多
According to the relation of an attribute set and its subset,the author presents a hierarchical attribute-based encryption scheme in which a secret key is associated with an attribute set.A user can delegate the priva...According to the relation of an attribute set and its subset,the author presents a hierarchical attribute-based encryption scheme in which a secret key is associated with an attribute set.A user can delegate the private key corresponding to any subset of an attribute set while he has the private key corresponding to the attribute set.Moreover,the size of the ciphertext is constant,but the size of private key is linear with the order of the attribute set in the hierarchical attribute-based encryption scheme.Lastly,we can also prove that this encryption scheme meets the security of IND-sSETCPA in the standard model.展开更多
The decryption participant's private key share for decryption is delegated by key generation center in the threshold IBE scheme.However,a key generation center which is absolutely trustworthy does not exist.So the au...The decryption participant's private key share for decryption is delegated by key generation center in the threshold IBE scheme.However,a key generation center which is absolutely trustworthy does not exist.So the author presents a certificateless threshold public key encryption scheme.Collaborating with an administrator,the decryption participant generates his whole private key share for decryption in the scheme.The administrator does not know the decryption participant's private key share for decryption.Making use of q-SDH assumption,the author constructs a certificateless threshold public key encryption scheme.The security of the scheme is eventually reduced to the solving of Decisional Bilinear Diffie-Hellman problem.Moreover,the scheme is secure under the chosen ciphertext attack in the standard model.展开更多
基金supported by the Nature Science Foundation of China under grant 60970119, 60803149the National Basic Research Program of China(973) under grant 2007CB311201
文摘In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive security) under three static(i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.
基金the National Natural Science Foundation of China (Nos. 60673072, 60803149)the National Basic Research Program (973) of China(No. 2007CB311201)
文摘This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphertexts. Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network. Finally, the proposed schemes are provable security under the decision generalized bilinear Diffi-Hellman (GBDH) assumption in the random oracles model.
基金the National Natural Science Foundation of China (No.60970119)the National Basic Research Program (973) of China (No.2007CB311201)
文摘To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chosen ciphertext security model,by using identity(ID) sequence and adding additional information in ciphertext,the self-adaptive chosen identity security(the full security) and the chosen ciphertext security are gained simultaneously.The reduction of scheme's security is the decisional bilinear Diffie-Hellman(BDH) intractable assumption,and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption.So the security level is improved,and it is suitable for higher security environment.
基金supported by the National Key Research and Development Program of China (No. 2017YFB0802502)the National Natural Science Foundation of China (Nos. 61672083, 61370190, 61532021, 61472429, 61402029, 61702028, and 61571024)+3 种基金the National Cryptography Development Fund (No. MMJJ20170106)the Planning Fund Project of Ministry of Education (No. 12YJAZH136)the Beijing Natural Science Foundation (No. 4132056)the Fund of the State Key Laboratory of Information Security, the Institute of Information Engineering, and the Chinese Academy of Sciences (No. 2017-MS-02)
文摘Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.
基金Rising-Star Program of Shanghai 2023 Science and Technology Innovation Action Plan(Yangfan Special Project),China(No.23YF1401000)Fundamental Research Funds for the Central Universities,China(No.2232022D-25)。
文摘The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.
文摘Broadcast encryption (BE) allows a sender to broadcast its message to a set of receivers in a single ciphertext. However, in broadcast encryption scheme, ciphertext length is always related to the size of the receiver set. Thus, how to improve the communication of broadcast encryption is a big issue. In this paper, we proposed an identity-based homomorphic broadcast encryption scheme which supports an external entity to directly calculate ciphertexts and get a new ciphertext which is the corresponding result of the operation on plaintexts without decrypting them. The correctness and security proofs of our scheme were formally proved. Finally, we implemented our scheme in a simulation environment and the experiment results showed that our scheme is efficient for practical applications.
文摘An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.
基金the National Natural Science Foundation of China(Nos.60673077,60873229)
文摘This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).
文摘In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.
文摘Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.
文摘A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.
基金Supported by the National Natural Science Foundation of China(6090317560703048)+1 种基金the Natural Science Foundation of Hubei Province(2009CBD3072008CDB352)
文摘Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user's ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.
基金support from Asia Media Research Center Foundation (AM0551)Foundation of the State Administration of Radio Film and Television (SARFT) (NO.2005-02-1 and NO.2005-02-2).
文摘In this paper,we introduce a novel way to solve thetradeoff problem about communication,storage,computation overhead of broadcast encryptionscheme.We construct a new scheme based on SubsetDifference(SD)scheme,use the concept of RSAaccumulator and the idea of separating the user-sidedevice into different function parts,take advantageof the public device’s functionality,minimize thestorage and computation overhead of the privatedevice,and make the broadcast encryption schememore implementation-oriented.
文摘A novel broadcast encryption scheme for group communication scenarios in distributed networks is presented. In the scheme, anyone is allowed to encrypt a message and distribute it to a designated group. Each member in the designated group has the ability to independently decrypt a ciphertext. In contrast to traditional broadcast encryption, all the valid receivers in the proposed scheme compose the designated group. To take advantage of this property, a tab for the group is set and the matching private key for each member is generated. In addition, before decrypting a ciphertext, anyone in the scheme can verify the ciphertext, to ensure that the ciphertext is correct. This property is very important for large-scale group communication, as the gateway can filter incorrect ciphertext and alleviate the receiver's workload. Finally, a proof in the random oracle model is given, to show that the proposed scheme is secure against the adaptively chosen ciphertext attack.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2007AA01Z435)National Natural Science Foundation of China (60772136)the National Science and Technology Pillar Program (2008BAH22B03, 2007BAH08B01)
文摘In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA and develop this idea from two-party to multi-party, and combine this multi-party public key idea with the multiplication in ring R of NTRU. What we get from this design is extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and revocation property, etc. Moreover, this novel work contains other desirable features, such as traitor tracing. With its complexity only O(log2n), the tracing algorithm of this system is more efficient than that of the previous ones.
基金Supported by the National Natural Science Foun-dation of China (60432030) Asian Media Research Center Foun-dation (AM0551)
文摘This paper introduced a novel method for implementing broadcast encryption. Our scheme takes advantages of bilinear map and group characteristic, and shifts most of the storage overhead to the public device instead of storing in the tamper-proof device which is a major problem on current implementation. Furthermore, the broadcast keys in our scheme could be reused periodically resulting in more operational efficiency.
文摘VANET security is an evolving topic in mobile networks, as providing a secure layer of communications in such a dynamic and fast network is a challenge. The work presented in this article was conducted in order to verify and evaluate the feasibility of applying group broadcast cryptography to the VANET environment, as an attempt to gain performance by decreasing the number of messages in the wireless network. Group broadcast is a symmetric/asymmetric hybrid cryptography method, aiming to merge the best of the two approaches without their major drawbacks. Simulations were set-up and run using the ONE simulator, comparing the usage of the three different cryptography approaches for VANETs. Results consider the number of connections, the number messages and the number of revocation messages per day. The resulting data promises that group broadcast encryption can be used to simplify the encrypting phase, reduce required storage and significantly decrease the number of messages in the network.
基金supported by the National Natural Science Foundation of China under Grant Nos.62102299,62272362,62002288the Henan Key Laboratory of Network Cryptography Technology under Grant No.LNCT2022-A05,and the Youth Innovation Team of Shaanxi Universities.
文摘Identity-based encryption with equality test(IBEET)is proposed to check whether the underlying messages of ciphertexts,even those encrypted with different public keys,are the same or not without decryption.Since people prefer to encrypt before outsourcing their data for privacy protection nowadays,the research of IBEET on cloud computing applications naturally attracts attention.However,we claim that the existing IBEET schemes suffer from the illegal trapdoor sharing problem caused by the inherited key escrow problem of the Identity-Based Encryption(IBE)mechanism.In traditional IBEET,the private key generator(PKG)with the master secret key generates trapdoors for all authorized cloud servers.Considering the reality in practice,the PKG is usually not fully trusted.In this case,the Private-Key Generator(PKG)may generate,share,or even sell any trapdoor without any risk of being caught,or not being held accountable,which may lead to serious consequences such as the illegal sharing of a gene bank's trapdoors.In this paper,to relieve the illegal trapdoor sharing problem in IBEET,we present a new notion,called IBEET Supporting Accountable Authorization(IBEET-AA).In IBEET-AA,if there is a disputed trapdoor,the generator will be distinguished among the PKG and suspected testers by an additional tracing algorithm.For the additional tracing function,except for the traditional indistinguishability(IND)and one-way(OW)security models in IBEET,we define three more security models to protect the tracing security against dishonest authorizers,PKG,and testers,respectively.Based on Gentry's IBE scheme,we instantiate IBEET-AA and give a specific construction along with a formalized security proof with random oracles.
基金Supported by the National Natural Science Foundation of China(60903175,60703048)the Natural Science Foundation of Hubei Province(2009CBD307,2008CDB352)
文摘According to the relation of an attribute set and its subset,the author presents a hierarchical attribute-based encryption scheme in which a secret key is associated with an attribute set.A user can delegate the private key corresponding to any subset of an attribute set while he has the private key corresponding to the attribute set.Moreover,the size of the ciphertext is constant,but the size of private key is linear with the order of the attribute set in the hierarchical attribute-based encryption scheme.Lastly,we can also prove that this encryption scheme meets the security of IND-sSETCPA in the standard model.
基金Supported by the National Natural Science Foundation of China(60903175,60703048)the Natural Science Foundation of Hubei Province (2009CBD307,2008CDB352)
文摘The decryption participant's private key share for decryption is delegated by key generation center in the threshold IBE scheme.However,a key generation center which is absolutely trustworthy does not exist.So the author presents a certificateless threshold public key encryption scheme.Collaborating with an administrator,the decryption participant generates his whole private key share for decryption in the scheme.The administrator does not know the decryption participant's private key share for decryption.Making use of q-SDH assumption,the author constructs a certificateless threshold public key encryption scheme.The security of the scheme is eventually reduced to the solving of Decisional Bilinear Diffie-Hellman problem.Moreover,the scheme is secure under the chosen ciphertext attack in the standard model.
