Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi...Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.展开更多
Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud ar...Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud architecture,makes it difficult to quickly respond to the demands of IoT applications and local computation.To make up for these deficiencies in the cloud,fog computing has emerged as a critical role in the IoT applications.It decentralizes the computing power to various lower nodes close to data sources,so as to achieve the goal of low latency and distributed processing.With the data being frequently exchanged and shared between multiple nodes,it becomes a challenge to authorize data securely and efficiently while protecting user privacy.To address this challenge,proxy re-encryption(PRE)schemes provide a feasible way allowing an intermediary proxy node to re-encrypt ciphertext designated for different authorized data requesters without compromising any plaintext information.Since the proxy is viewed as a semi-trusted party,it should be taken to prevent malicious behaviors and reduce the risk of data leakage when implementing PRE schemes.This paper proposes a new fog-assisted identity-based PRE scheme supporting anonymous key generation,equality test,and user revocation to fulfill various IoT application requirements.Specifically,in a traditional identity-based public key architecture,the key escrow problem and the necessity of a secure channel are major security concerns.We utilize an anonymous key generation technique to solve these problems.The equality test functionality further enables a cloud server to inspect whether two candidate trapdoors contain an identical keyword.In particular,the proposed scheme realizes fine-grained user-level authorization while maintaining strong key confidentiality.To revoke an invalid user identity,we add a revocation list to the system flows to restrict access privileges without increasing additional computation cost.To ensure security,it is shown that our system meets the security notion of IND-PrID-CCA and OW-ID-CCA under the Decisional Bilinear Diffie-Hellman(DBDH)assumption.展开更多
Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been pro...Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter's privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.展开更多
Federated learning combines with fog computing to transform data sharing into model sharing,which solves the issues of data isolation and privacy disclosure in fog computing.However,existing studies focus on centraliz...Federated learning combines with fog computing to transform data sharing into model sharing,which solves the issues of data isolation and privacy disclosure in fog computing.However,existing studies focus on centralized single-layer aggregation federated learning architecture,which lack the consideration of cross-domain and asynchronous robustness of federated learning,and rarely integrate verification mechanisms from the perspective of incentives.To address the above challenges,we propose a Blockchain and Signcryption enabled Asynchronous Federated Learning(BSAFL)framework based on dual aggregation for cross-domain scenarios.In particular,we first design two types of signcryption schemes to secure the interaction and access control of collaborative learning between domains.Second,we construct a differential privacy approach that adaptively adjusts privacy budgets to ensure data privacy and local models'availability of intra-domain user.Furthermore,we propose an asynchronous aggregation solution that incorporates consensus verification and elastic participation using blockchain.Finally,security analysis demonstrates the security and privacy effectiveness of BSAFL,and the evaluation on real datasets further validates the high model accuracy and performance of BSAFL.展开更多
In the existing Electronic Health Records(EHRs),the medical information of patients is completely controlled by various medical institutions.As such,patients have no dominant power over their own EHRs.These personal d...In the existing Electronic Health Records(EHRs),the medical information of patients is completely controlled by various medical institutions.As such,patients have no dominant power over their own EHRs.These personal data are not only inconvenient to access and share,but are also prone to cause privacy disclosure.The blockchain technology provides a new development direction in the medical field.Blockchain-based EHRs are characterized by decentralization,openness and non-tampering of records,which enable patients to better manage their own EHRs.In order to better protect the privacy of patients,only designated receivers can access EHRs,and receivers can authenticate the sharer to ensure that the EHRs are real and effective.In this study,we propose an identity-based signcryption scheme with multiple authorities for multiple receivers,which can resist N-1 collusion attacks among N authorities.In addition,the identity information of receivers is anonymous,so the relationship between them and the sharer is not disclosed.Under the random oracle model,it was proved that our scheme was secure and met the unforgeability and confidentiality requirements of signcryption.Moreover,we evaluated the performance of the scheme and found that it had the moderate signcryption efficiency and excellent signcryption attributes.展开更多
To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggre...To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.展开更多
We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the...We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the Zhang-Yang-Zhu-Zhang scheme.The improved scheme has shorter ciphertext size than the Zhang-Yang-Zhu-Zhang scheme.We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability.展开更多
Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inhere...Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inherent key escrow problem.In this paper a new certificateless ring signcryption scheme from pairings is presented.It is escrow free in that no KGC is able to decrypt ciphertexts itself.We then formally prove the security of the new scheme in the random oracle model IND-CCA2 and EUF-CMA.展开更多
Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we...Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we propose an efficient multi-recipient signcryption scheme based on the bilinear pairings, which broadcasts a message to multiple users in a secure and authenticated manner. We prove its semantic security and unforgeability under the Gap Diffie-Hellman problem assumption in the random oracle model. The proposed scheme is more efficient than re-signcrypting a message n times using a signcryption scheme in terms of computational costs and communication overheads.展开更多
An identity-based multisignature scheme and an identity-based aggregate signature scheme are proposed in this paper. They are both from m-torsion groups on super-singular elliptic curves or hyper-elliptic curves and b...An identity-based multisignature scheme and an identity-based aggregate signature scheme are proposed in this paper. They are both from m-torsion groups on super-singular elliptic curves or hyper-elliptic curves and based on the recently proposed identity-based signature scheme of Cha and Cheon. Due to the sound properties of m-torsion groups and the base scheme, it turns out that our schemes are very simple and efficient. Both schemes are proven to be secure against adaptive chosen message attack in the random oracle model under the normal security notions with the assumption that the Computational Diffie-Hellman problem is hard in the m-torsion groups.展开更多
In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over ell...In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.展开更多
In a blind signcryption, besides the functions of digital signature and encryption algorithm for authentication and confidentiality, a user can delegates another user's capability with the anonymity of the participan...In a blind signcryption, besides the functions of digital signature and encryption algorithm for authentication and confidentiality, a user can delegates another user's capability with the anonymity of the participants guaranteed. Some blind signcryptions were proposed but without a blind signcryption with public public verifiability. In this paper, verifiability that is proved to be efficient and secure is proposed. Through the security analysis, we proved that the scheme can offer confidentiality, integrity, unforgeability, non-repudiation and public verifiability. The coming research direction is also summarized.展开更多
With the development of quantum computer, multivariate public key cryptography withstanding quantum attack has became one of the research focus. The existed signcryption schemes from discrete logarithm and bilinear pa...With the development of quantum computer, multivariate public key cryptography withstanding quantum attack has became one of the research focus. The existed signcryption schemes from discrete logarithm and bilinear paring are facing the serious threats. Based on multivariate public key cryptography, a new certificateless multi-receiver hybrid signcryption scheme has been proposed. The proposal reduced the cipher text and could handle arbitrary length messages by employing randomness reusing and hybrid encryption, as well as keeping security. In the random oracle model, the scheme's confidentiality could withstand the IND-CCA2 adversary and its unforgeability could withstand the UF-CMA adversary under the hardness of multivariat quadratic (MQ) problem and isomorphism of polynomials (IP) assumption. It has less computation overhead and higher transmission efficiency than others. It reduced 33% cipher data compared with the existed similar scheme.展开更多
The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data ...The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.展开更多
In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc...In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc networks is proposed.In this scheme, a sender can simultaneously signcrypt n messeges for n receivers, and a receiver can unsigncrypt the ciphertext to get his message with his own private key.An analysis of this scheme indicates that it achieves authenticity and confidentiality in the random oracle model while being of lower computation and communication overhead.Finally, for the application of our scheme in ad hoc, a threshold key updating protocol for ad hoc networks is given.展开更多
An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is propo...An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.展开更多
In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose...In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose confidentiality to gain non-repudiation. We also propose two improvement versions that not only overcome the security leak inherent in the schemes but also provide public verifiability or forward security. Our improvement versions require smaller computing cost than that required by signature-then-encryption methods.展开更多
In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature sche...In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.展开更多
In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In ...In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.展开更多
This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphe...This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphertexts. Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network. Finally, the proposed schemes are provable security under the decision generalized bilinear Diffi-Hellman (GBDH) assumption in the random oracles model.展开更多
基金supported by the National Natural Science Foundation of China under Grants No.61272499,No.10990011
文摘Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.
基金supported in part by the National Science and Technology Council of Taiwan under the contract numbers NSTC 114-2221-E-019-055-MY2 and NSTC 114-2221-E-019-069.
文摘Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud architecture,makes it difficult to quickly respond to the demands of IoT applications and local computation.To make up for these deficiencies in the cloud,fog computing has emerged as a critical role in the IoT applications.It decentralizes the computing power to various lower nodes close to data sources,so as to achieve the goal of low latency and distributed processing.With the data being frequently exchanged and shared between multiple nodes,it becomes a challenge to authorize data securely and efficiently while protecting user privacy.To address this challenge,proxy re-encryption(PRE)schemes provide a feasible way allowing an intermediary proxy node to re-encrypt ciphertext designated for different authorized data requesters without compromising any plaintext information.Since the proxy is viewed as a semi-trusted party,it should be taken to prevent malicious behaviors and reduce the risk of data leakage when implementing PRE schemes.This paper proposes a new fog-assisted identity-based PRE scheme supporting anonymous key generation,equality test,and user revocation to fulfill various IoT application requirements.Specifically,in a traditional identity-based public key architecture,the key escrow problem and the necessity of a secure channel are major security concerns.We utilize an anonymous key generation technique to solve these problems.The equality test functionality further enables a cloud server to inspect whether two candidate trapdoors contain an identical keyword.In particular,the proposed scheme realizes fine-grained user-level authorization while maintaining strong key confidentiality.To revoke an invalid user identity,we add a revocation list to the system flows to restrict access privileges without increasing additional computation cost.To ensure security,it is shown that our system meets the security notion of IND-PrID-CCA and OW-ID-CCA under the Decisional Bilinear Diffie-Hellman(DBDH)assumption.
基金Supported by the National Natural Science Foundation of China (60573043)the Foundation of National Laboratory for Modern Communications (9140C1107010604)Youth Science and Technology Foundation of University of Electronic Science and Technology of China
文摘Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter's privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.
基金supported in part by the National Key Research and Development Program of China under Grant No.2021YFB3101100in part by the National Natural Science Foundation of China under Grant 62272123,62272102,62272124+2 种基金in part by the Project of High-level Innovative Talents of Guizhou Province under Grant[2020]6008in part by the Science and Technology Program of Guizhou Province under Grant No.[2020]5017,No.[2022]065in part by the Guangxi Key Laboratory of Cryptography and Information Security under Grant GCIS202105。
文摘Federated learning combines with fog computing to transform data sharing into model sharing,which solves the issues of data isolation and privacy disclosure in fog computing.However,existing studies focus on centralized single-layer aggregation federated learning architecture,which lack the consideration of cross-domain and asynchronous robustness of federated learning,and rarely integrate verification mechanisms from the perspective of incentives.To address the above challenges,we propose a Blockchain and Signcryption enabled Asynchronous Federated Learning(BSAFL)framework based on dual aggregation for cross-domain scenarios.In particular,we first design two types of signcryption schemes to secure the interaction and access control of collaborative learning between domains.Second,we construct a differential privacy approach that adaptively adjusts privacy budgets to ensure data privacy and local models'availability of intra-domain user.Furthermore,we propose an asynchronous aggregation solution that incorporates consensus verification and elastic participation using blockchain.Finally,security analysis demonstrates the security and privacy effectiveness of BSAFL,and the evaluation on real datasets further validates the high model accuracy and performance of BSAFL.
基金This work was supported by the National Key Research and Development Project of China(Grant No.2017YFB0802302)the Science and Technology Support Project of Sichuan Province(Grant Nos.2016FZ0112,2017GZ0314,and 2018GZ0204)+2 种基金the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(Grant No.2016120080102643)the Application Foundation Project of Sichuan Province(Grant No.2017JY0168)the Science and Technology Project of Chengdu(Grant Nos.2017-RK00-00103-ZF,and 2016-HM01-00217-SF).
文摘In the existing Electronic Health Records(EHRs),the medical information of patients is completely controlled by various medical institutions.As such,patients have no dominant power over their own EHRs.These personal data are not only inconvenient to access and share,but are also prone to cause privacy disclosure.The blockchain technology provides a new development direction in the medical field.Blockchain-based EHRs are characterized by decentralization,openness and non-tampering of records,which enable patients to better manage their own EHRs.In order to better protect the privacy of patients,only designated receivers can access EHRs,and receivers can authenticate the sharer to ensure that the EHRs are real and effective.In this study,we propose an identity-based signcryption scheme with multiple authorities for multiple receivers,which can resist N-1 collusion attacks among N authorities.In addition,the identity information of receivers is anonymous,so the relationship between them and the sharer is not disclosed.Under the random oracle model,it was proved that our scheme was secure and met the unforgeability and confidentiality requirements of signcryption.Moreover,we evaluated the performance of the scheme and found that it had the moderate signcryption efficiency and excellent signcryption attributes.
基金supported by the National Grand Fundamental Research 973 Program of China under Grant No.2011CB302903 the National Natural Science Foundation of China under Grants No.61073188,No.61073115+1 种基金 the Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002 the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.yx002001
文摘To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.
基金the National Natural Science Foundation of China (No. 60673075)the National High Technology Research and Development Program (863) of China (No. 2006AA01Z428)the State Key Laboratoryof Information Security,and the Youth Science and Technology Foundation of UESTC
文摘We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the Zhang-Yang-Zhu-Zhang scheme.The improved scheme has shorter ciphertext size than the Zhang-Yang-Zhu-Zhang scheme.We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability.
基金supported by National Key Basic Research Program of China(973 program) under Grant No. 2011CB302903National Natural Science Foundation of China under Grant No.60873231,No.61073188+1 种基金China Postdoctoral Science Foundation under Grant No.20100471355Natural Science Foundation of Jiangsu Province under Grant No. BK2009426
文摘Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inherent key escrow problem.In this paper a new certificateless ring signcryption scheme from pairings is presented.It is escrow free in that no KGC is able to decrypt ciphertexts itself.We then formally prove the security of the new scheme in the random oracle model IND-CCA2 and EUF-CMA.
基金Supported by the National Natural Science Foundation of China (60473029)
文摘Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we propose an efficient multi-recipient signcryption scheme based on the bilinear pairings, which broadcasts a message to multiple users in a secure and authenticated manner. We prove its semantic security and unforgeability under the Gap Diffie-Hellman problem assumption in the random oracle model. The proposed scheme is more efficient than re-signcrypting a message n times using a signcryption scheme in terms of computational costs and communication overheads.
基金Supported by the National 973 Project of China (No.G1999035803), the National Natural Science Foundation of China (No.60373104) and the National 863 Project of China (No.2002AA143021).
文摘An identity-based multisignature scheme and an identity-based aggregate signature scheme are proposed in this paper. They are both from m-torsion groups on super-singular elliptic curves or hyper-elliptic curves and based on the recently proposed identity-based signature scheme of Cha and Cheon. Due to the sound properties of m-torsion groups and the base scheme, it turns out that our schemes are very simple and efficient. Both schemes are proven to be secure against adaptive chosen message attack in the random oracle model under the normal security notions with the assumption that the Computational Diffie-Hellman problem is hard in the m-torsion groups.
文摘In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.
基金Supported by the Ministry of Railways Foundation of Science and Technology Development (2007X001-E)
文摘In a blind signcryption, besides the functions of digital signature and encryption algorithm for authentication and confidentiality, a user can delegates another user's capability with the anonymity of the participants guaranteed. Some blind signcryptions were proposed but without a blind signcryption with public public verifiability. In this paper, verifiability that is proved to be efficient and secure is proposed. Through the security analysis, we proved that the scheme can offer confidentiality, integrity, unforgeability, non-repudiation and public verifiability. The coming research direction is also summarized.
基金Supported by the National Natural Science Foundation of China(61103231,61103230,61272492,61202492)the Project Funded by China Postdoctoral Science Foundation and Natural Science Basic Research Plan in Shaanxi Province of China(2014JQ8358,2014JQ8307,2014JM8300)
文摘With the development of quantum computer, multivariate public key cryptography withstanding quantum attack has became one of the research focus. The existed signcryption schemes from discrete logarithm and bilinear paring are facing the serious threats. Based on multivariate public key cryptography, a new certificateless multi-receiver hybrid signcryption scheme has been proposed. The proposal reduced the cipher text and could handle arbitrary length messages by employing randomness reusing and hybrid encryption, as well as keeping security. In the random oracle model, the scheme's confidentiality could withstand the IND-CCA2 adversary and its unforgeability could withstand the UF-CMA adversary under the hardness of multivariat quadratic (MQ) problem and isomorphism of polynomials (IP) assumption. It has less computation overhead and higher transmission efficiency than others. It reduced 33% cipher data compared with the existed similar scheme.
基金supported by National Key Research and Development Program of China (2020YFB1005404)National Natural Science Foundation of China (62172010)Henan Province Higher Education Key Research Project (22A520048)。
文摘The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.
文摘In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc networks is proposed.In this scheme, a sender can simultaneously signcrypt n messeges for n receivers, and a receiver can unsigncrypt the ciphertext to get his message with his own private key.An analysis of this scheme indicates that it achieves authenticity and confidentiality in the random oracle model while being of lower computation and communication overhead.Finally, for the application of our scheme in ad hoc, a threshold key updating protocol for ad hoc networks is given.
基金supported by a grant from the National Natural Science Foundation of China (10961013)
文摘An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.
文摘In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose confidentiality to gain non-repudiation. We also propose two improvement versions that not only overcome the security leak inherent in the schemes but also provide public verifiability or forward security. Our improvement versions require smaller computing cost than that required by signature-then-encryption methods.
基金Supported by the National Natural Science Foundation of China (No. 60573032, 60773092, 90604036, 60873229, 60903178, 60672072, 60832003)Zhejiang Provincial Natural Science Foundation of China (No. Y106505)
文摘In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.
基金Supported by the National Natural Science Foun-dation of Chinafor Distinguished Young Scholars(60225007) the Na-tional Research Fundfor the Doctoral Programof Higher Education ofChina(20020248024) the Science and Technology Research Pro-ject of Shanghai (04DZ07067)
文摘In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.
基金the National Natural Science Foundation of China (Nos. 60673072, 60803149)the National Basic Research Program (973) of China(No. 2007CB311201)
文摘This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphertexts. Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network. Finally, the proposed schemes are provable security under the decision generalized bilinear Diffi-Hellman (GBDH) assumption in the random oracles model.
