Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud ar...Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud architecture,makes it difficult to quickly respond to the demands of IoT applications and local computation.To make up for these deficiencies in the cloud,fog computing has emerged as a critical role in the IoT applications.It decentralizes the computing power to various lower nodes close to data sources,so as to achieve the goal of low latency and distributed processing.With the data being frequently exchanged and shared between multiple nodes,it becomes a challenge to authorize data securely and efficiently while protecting user privacy.To address this challenge,proxy re-encryption(PRE)schemes provide a feasible way allowing an intermediary proxy node to re-encrypt ciphertext designated for different authorized data requesters without compromising any plaintext information.Since the proxy is viewed as a semi-trusted party,it should be taken to prevent malicious behaviors and reduce the risk of data leakage when implementing PRE schemes.This paper proposes a new fog-assisted identity-based PRE scheme supporting anonymous key generation,equality test,and user revocation to fulfill various IoT application requirements.Specifically,in a traditional identity-based public key architecture,the key escrow problem and the necessity of a secure channel are major security concerns.We utilize an anonymous key generation technique to solve these problems.The equality test functionality further enables a cloud server to inspect whether two candidate trapdoors contain an identical keyword.In particular,the proposed scheme realizes fine-grained user-level authorization while maintaining strong key confidentiality.To revoke an invalid user identity,we add a revocation list to the system flows to restrict access privileges without increasing additional computation cost.To ensure security,it is shown that our system meets the security notion of IND-PrID-CCA and OW-ID-CCA under the Decisional Bilinear Diffie-Hellman(DBDH)assumption.展开更多
Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized ma...Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized management and transmission latency of the cloud makes it difficult to support real-time processing and distributed access structures.As a result,fog computing and the Internet of Things(IoT)have emerged as crucial applications.Fog-assisted proxy re-encryption is a commonly adopted technique for sharing cloud ciphertexts.It allows a semitrusted proxy to transforma data owner’s ciphertext into another re-encrypted ciphertext intended for a data requester,without compromising any information about the original ciphertext.Yet,the user revocation and cloud ciphertext renewal problems still lack effective and secure mechanisms.Motivated by it,we propose a revocable conditional proxy re-encryption scheme offering ciphertext evolution(R-CPRE-CE).In particular,a periodically updated time key is used to revoke the user’s access privileges while an access condition prevents a malicious proxy from reencrypting unauthorized ciphertext.We also demonstrate that our scheme is provably secure under the notion of indistinguishability against adaptively chosen identity and chosen ciphertext attacks in the random oracle model.Performance analysis shows that our scheme reduces the computation time for a complete data access cycle from an initial query to the final decryption by approximately 47.05%compared to related schemes.展开更多
Military image encryption plays a vital role in ensuring the secure transmission of sensitive visual information from unauthorized access.This paper proposes a new Tri-independent keying method for encrypting military...Military image encryption plays a vital role in ensuring the secure transmission of sensitive visual information from unauthorized access.This paper proposes a new Tri-independent keying method for encrypting military images.The proposed encryption method is based on multilevel security stages of pixel-level scrambling,bitlevel manipulation,and block-level shuffling operations.For having a vast key space,the input password is hashed by the Secure Hash Algorithm 256-bit(SHA-256)for generating independently deterministic keys used in the multilevel stages.A piecewise pixel-level scrambling function is introduced to perform a dual flipping process controlled with an adaptive key for obscuring the spatial relationships between the adjacent pixels.Adynamicmasking scheme is presented for conducting a bit-level manipulation based on distinct keys that change over image regions,providing completely different encryption results on identical regions.To handle the global correlation between large-scale patterns,a chaotic index-map system is employed for shuffling image regions randomly across the image domain based on a logistic map seeded with a private key.Experimental results on a dataset of military images show the effectiveness of the proposed encryption method in producing excellent quantitative and qualitative results.The proposed method obtains uniform histogram distributions,high entropy values around the ideal(≈8 bits),Number of Pixel Change Rate(NPCR)values above 99.5%,and low Peak Signal-to-Noise Ratio(PSNR)over all encrypted images.This validates the robustness of the proposed method against cryptanalytic attacks,verifying its ability to serve as a practical basis for secure image transmission in defense systems.展开更多
Driven by advancements in mobile internet technology,images have become a crucial data medium.Ensuring the security of image information during transmission has thus emerged as an urgent challenge.This study proposes ...Driven by advancements in mobile internet technology,images have become a crucial data medium.Ensuring the security of image information during transmission has thus emerged as an urgent challenge.This study proposes a novel image encryption algorithm specifically designed for grayscale image security.This research introduces a new Cantor diagonal matrix permutation method.The proposed permutation method uses row and column index sequences to control the Cantor diagonal matrix,where the row and column index sequences are generated by a spatiotemporal chaotic system named coupled map lattice(CML).The high initial value sensitivity of the CML system makes the permutation method highly sensitive and secure.Additionally,leveraging fractal theory,this study introduces a chaotic fractal matrix and applies this matrix in the diffusion process.This chaotic fractal matrix exhibits selfsimilarity and irregularity.Using the Cantor diagonal matrix and chaotic fractal matrix,this paper introduces a fast image encryption algorithm involving two diffusion steps and one permutation step.Moreover,the algorithm achieves robust security with only a single encryption round,ensuring high operational efficiency.Experimental results show that the proposed algorithm features an expansive key space,robust security,high sensitivity,high efficiency,and superior statistical properties for the ciphered images.Thus,the proposed algorithm not only provides a practical solution for secure image transmission but also bridges fractal theory with image encryption techniques,thereby opening new research avenues in chaotic cryptography and advancing the development of information security technology.展开更多
With the rapid development of intelligent electronic and military equipment,multifunctional flexible materials that integrat electromagnetic interference(EMI)shielding,temperature sensing,and information encryption ar...With the rapid development of intelligent electronic and military equipment,multifunctional flexible materials that integrat electromagnetic interference(EMI)shielding,temperature sensing,and information encryption are urgently required.This study presents a bio-inspired hierarchical composite foam fabricated using supercritical nitrogen foaming technology.This material exhibits a honeycomb structure,with pore cell sizes controllable within a range of 30–92μm by regulating the filler.The carbon fiber felt(CFf)provides efficient reflection of electromagnetic waves,while the chloroprene rubber/carbon fiber/carbon black foam facilitates both wave absorption and temperature monitoring through its optimized conductive network.This synergistic mechanism results in an EMI shielding effectiveness(SE)of 60.06 d B with excellent temperature sensing performance(The temperature coefficient of resistance(TCR)is-2.642%/℃)in the 24–70℃ range.Notably,the material has a thermal conductivity of up to 0.159 W/(m·K),and the bio-inspired layered design enables information encryption,demonstrating the material's potential for secure communication applications.The foam also has tensile properties of up to 5.13 MPa and a tear strength of 33.02 N/mm.This biomimetic design overcomes the traditional limitations of flexible materials and provides a transformative solution for next-generation applications such as flexible electronics,aerospace systems and military equipment,which urgently need integrated electromagnetic protection,thermal management and information security.展开更多
The advent of 5G technology has significantly enhanced the transmission of images over networks,expanding data accessibility and exposure across various applications in digital technology and social media.Consequently...The advent of 5G technology has significantly enhanced the transmission of images over networks,expanding data accessibility and exposure across various applications in digital technology and social media.Consequently,the protection of sensitive data has become increasingly critical.Regardless of the complexity of the encryption algorithm used,a robust and highly secure encryption key is essential,with randomness and key space being crucial factors.This paper proposes a new Robust Deoxyribonucleic Acid(RDNA)nucleotide-based encryption method.The RDNA encryption method leverages the unique properties of DNA nucleotides,including their inherent randomness and extensive key space,to generate a highly secure encryption key.By employing transposition and substitution operations,the RDNA method ensures significant diffusion and confusion in the encrypted images.Additionally,it utilises a pseudorandom generation technique based on the random sequence of nucleotides in the DNA secret key.The performance of the RDNA encryption method is evaluated through various statistical and visual tests,and compared against established encryption methods such as 3DES,AES,and a DNA-based method.Experimental results demonstrate that the RDNA encryption method outperforms its rivals in the literature,and achieves superior performance in terms of information entropy,avalanche effect,encryption execution time,and correlation reduction,while maintaining competitive values for NMAE,PSNR,NPCR,and UACI.The high degree of randomness and sensitivity to key changes inherent in the RDNA method offers enhanced security,making it highly resistant to brute force and differential attacks.展开更多
Elliptic curve(EC)based cryptosystems gained more attention due to enhanced security than the existing public key cryptosystems.A substitution box(S-box)plays a vital role in securing modern symmetric key cryptosystem...Elliptic curve(EC)based cryptosystems gained more attention due to enhanced security than the existing public key cryptosystems.A substitution box(S-box)plays a vital role in securing modern symmetric key cryptosystems.However,the recently developed EC based algorithms usually trade off between computational efficiency and security,necessitating the design of a new algorithm with the desired cryptographic strength.To address these shortcomings,this paper proposes a new scheme based onMordell elliptic curve(MEC)over the complex field for generating distinct,dynamic,and highly uncorrelated S-boxes.Furthermore,we count the exact number of the obtained S-boxes,and demonstrate that the permuted version of the presented S-box is statistically optimal.The nonsingularity of the presented algorithm and the injectivity of the resultant output are explored.Rigorous theoretical analysis and experimental results demonstrate that the proposedmethod is highly effective in generating a large number of dynamic S-boxes with adequate cryptographic properties,surpassing current state-of-the-art S-box generation algorithms in terms of security.Apart fromthis,the generated S-box is benchmarked using side-channel attacks,and its performance is compared with highly nonlinear S-boxes,demonstrating comparable results.In addition,we present an application of our proposed S-box generator by incorporating it into an image encryption technique.The encrypted and decrypted images are tested by employing extensive standard security metrics,including the Number of Pixel Change Rate,the Unified Average Changing Intensity,information entropy,correlation coefficient,and histogram analysis.Moreover,the analysis is extended beyond conventional metrics to validate the new method using advanced tests,such as the NIST statistical test suite,robustness analysis,and noise and cropping attacks.Experimental outcomes show that the presented algorithm strengthens the existing encryption scheme against various well-known cryptographic attacks.展开更多
With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the...With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the existing data sharing schemes have been difficult to meet the growing demand for data sharing,this paper aims at exploring a secure,efficient and privacy-protecting data sharing scheme under web3.0 applications.Specifically,this paper adopts interplanetary file system(IPFS)technology to realize the storage of large data files to solve the problem of blockchain storage capacity limitation,and utilizes ciphertext policy attribute-based encryption(CP-ABE)and proxy re-encryption(PRE)technology to realize secure multi-party sharing and finegrained access control of data.This paper provides the detailed algorithm design and implementation of data sharing phases and processes,and analyzes the algorithms from the perspectives of security,privacy protection,and performance.展开更多
As data analysis often incurs significant communication and computational costs,these tasks are increasingly outsourced to cloud computing platforms.However,this introduces privacy concerns,as sensitive data must be t...As data analysis often incurs significant communication and computational costs,these tasks are increasingly outsourced to cloud computing platforms.However,this introduces privacy concerns,as sensitive data must be transmitted to and processed by untrusted parties.To address this,fully homomorphic encryption(FHE)has emerged as a promising solution for privacy-preserving Machine-Learning-as-a-Service(MLaaS),enabling computation on encrypted data without revealing the plaintext.Nevertheless,FHE remains computationally expensive.As a result,approximate homomorphic encryption(AHE)schemes,such as CKKS,have attracted attention due to their efficiency.In our previous work,we proposed RP-OKC,a CKKS-based clustering scheme implemented via TenSEAL.However,errors inherent to CKKS operations—termed CKKS-errors—can affect the accuracy of the result after decryption.Since these errors can be mitigated through post-decryption rounding,we propose a data pre-scaling technique to increase the number of significant digits and reduce CKKS-errors.Furthermore,we introduce an Operation-Error-Estimation(OEE)table that quantifies upper-bound error estimates for various CKKS operations.This table enables error-aware decryption correction,ensuring alignment between encrypted and plaintext results.We validate our method on K-means clustering using the Kaggle Customer Segmentation dataset.Experimental results confirm that the proposed scheme enhances the accuracy and reliability of privacy-preserving data analysis in cloud environments.展开更多
Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribu...Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribute-based conditional proxy re-encryption(AB-CPRE)schemes proposed so far do not take into account the importance of user attributes.A weighted attribute-based conditional proxy re-encryption(WAB-CPRE)scheme is thus designed to provide more precise decryption rights delegation.By introducing the concept of weight attributes,the quantity of system attributes managed by the server is reduced greatly.At the same time,a weighted tree structure is constructed to simplify the expression of access structure effectively.With conditional proxy re-encryption,large amounts of data and complex computations are outsourced to cloud servers,so the data owner(DO)can revoke the user’s decryption rights directly with minimal costs.The scheme proposed achieves security against chosen plaintext attacks(CPA).Experimental simulation results demonstrated that the decryption time is within 6–9 ms,and it has a significant reduction in communication and computation cost on the user side with better functionality compared to other related schemes,which enables users to access cloud data on devices with limited resources.展开更多
The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untru...The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untrusted servers of cloud storage, a novel multi-authority access control scheme without a trustworthy central authority has been proposed based on CP-ABE for cloud storage systems, called non-centered multi-authority proxy re-encryption based on the cipher-text policy attribute-based encryption(NC-MACPABE). NC-MACPABE optimizes the weighted access structure(WAS) allowing different levels of operation on the same file in cloud storage system. The concept of identity dyeing is introduced to improve the users' information privacy further. The re-encryption algorithm is improved in the scheme so that the data owner can revoke user's access right in a more flexible way. The scheme is proved to be secure. And the experimental results also show that removing the central authority can resolve the existing performance bottleneck in the multi-authority architecture with a central authority, which significantly improves user experience when a large number of users apply for accesses to the cloud storage system at the same time.展开更多
The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in ...The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).展开更多
In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencry...In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencryption (PRE) as the cloud data encryption technique. In a PRE system, a semi-trusted proxy can transform a ciphertext under one public key into a ciphertext of the same message under another public key, but the proxy cannot gain any information about the message. In this paper, we propose a certificateless PRE (CL-PRE) scheme without pairings. The security of the proposed scheme can be proved to be equivalent to the computational Dire- Hellman (CDH) problem in the random oracle model. Compared with other existing CL-PRE schemes, our scheme requires less computation cost and is significantly more efficient. The new scheme does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.展开更多
A medical image encryption is proposed based on the Fisher-Yates scrambling,filter diffusion and S-box substitution.First,chaotic sequence associated with the plaintext is generated by logistic-sine-cosine system,whic...A medical image encryption is proposed based on the Fisher-Yates scrambling,filter diffusion and S-box substitution.First,chaotic sequence associated with the plaintext is generated by logistic-sine-cosine system,which is used for the scrambling,substitution and diffusion processes.The three-dimensional Fisher-Yates scrambling,S-box substitution and diffusion are employed for the first round of encryption.The chaotic sequence is adopted for secondary encryption to scramble the ciphertext obtained in the first round.Then,three-dimensional filter is applied to diffusion for further useful information hiding.The key to the algorithm is generated by the combination of hash value of plaintext image and the input parameters.It improves resisting ability of plaintext attacks.The security analysis shows that the algorithm is effective and efficient.It can resist common attacks.In addition,the good diffusion effect shows that the scheme can solve the differential attacks encountered in the transmission of medical images and has positive implications for future research.展开更多
An identity-based proxy re-encryption scheme(IB-PRE)allows a semi-trusted proxy to convert an encryption under one identity to another without revealing the underlying message.Due to the fact that the proxy was semi-t...An identity-based proxy re-encryption scheme(IB-PRE)allows a semi-trusted proxy to convert an encryption under one identity to another without revealing the underlying message.Due to the fact that the proxy was semi-trusted,it should place as little trust as necessary to allow it to perform the translations.In some applications such as distributed file system,it demands the adversary cannot identify the sender and recipient’s identities.However,none of the exiting IB-PRE schemes satisfy this requirement.In this work,we first define the security model of key-private IB-PRE.Finally,we propose the first key-private IB-PRE scheme.Our scheme is chosen plaintext secure(CPA)and collusion resistant in the standard model.展开更多
To design an efficient protocol for sharing the encrypted lock keys in the renting house system,we introduce a new notion called time-and identitybased proxy reencryption(TIPRE)and the blockchain platform.Our CPA secu...To design an efficient protocol for sharing the encrypted lock keys in the renting house system,we introduce a new notion called time-and identitybased proxy reencryption(TIPRE)and the blockchain platform.Our CPA secure TIPRE scheme is constructed from Green et al.’s identity-based proxy reencryption scheme by adding the time property.In every time period,a time stamp authority generates a public key embedded with the current time stamp for each user.In our protocol for the renting house system,the TIPRE scheme is the primary building block,and the blockchain platform serves instead of a trusted third party,such as a real estate agency between landlords and tenants.The TIPRE scheme allows the landlord to change the lock key at each time period for safety.The blockchain platform allows the landlords and tenants to directly interact,and all of the interactions are recorded in the blockchain database to provide the desired security requirements,such as nonrepudiation and unforgeability.Finally,we provide the secure analysis of our protocol and test its performance by implementing it in the MacBook Pro and the Intel Edison development platforms.展开更多
In sensor networks,it is a challenge to ensure the security of data exchange between packet switching nodes holding different private keys.In order to solve this problem,the present study proposes a scheme called mult...In sensor networks,it is a challenge to ensure the security of data exchange between packet switching nodes holding different private keys.In order to solve this problem,the present study proposes a scheme called multi-conditional proxy broadcast re-encryption(MC-PBRE).The scheme consists of the following roles:the source node,proxy server,and the target node.If the condition is met,the proxy can convert the encrypted data of the source node into data that the target node can directly decrypt.It allows the proxy server to convert the ciphertext of the source node to a new ciphertext of the target node in a different group,while the proxy server does not need to store the key or reveal the plaintext.At the same time,the proxy server cannot obtain any valuable information in the ciphertext.This paper formalizes the concept of MC-PBRE and its security model,and proposes a MC-PBRE scheme of ciphertext security.Finally,the scheme security has been proved in the random oracle.展开更多
This study constructs a function-private inner-product predicate encryption(FP-IPPE)and achieves standard enhanced function privacy.The enhanced function privacy guarantees that a predicate secret key skf reveals noth...This study constructs a function-private inner-product predicate encryption(FP-IPPE)and achieves standard enhanced function privacy.The enhanced function privacy guarantees that a predicate secret key skf reveals nothing about the predicate f,as long as f is drawn from an evasive distribution with sufficient entropy.The proposed scheme extends the group-based public-key function-private predicate encryption(FP-PE)for“small superset predicates”proposed by Bartusek et al.(Asiacrypt 19),to the setting of inner-product predicates.This is the first construction of public-key FP-PE with enhanced function privacy security beyond the equality predicates,which is previously proposed by Boneh et al.(CRYPTO 13).The proposed construction relies on bilinear groups,and the security is proved in the generic bilinear group model.展开更多
With the diversification of electronic devices,cloud-based services have become the link between different devices.As a cryptosystem with secure conversion function,proxy re-encryption enables secure sharing of data i...With the diversification of electronic devices,cloud-based services have become the link between different devices.As a cryptosystem with secure conversion function,proxy re-encryption enables secure sharing of data in a cloud environment.Proxy re-encryption is a public key encryption system with ciphertext security conversion function.A semi-trusted agent plays the role of ciphertext conversion,which can convert the user ciphertext into the same plaintext encrypted by the principal’s public key.Proxy re-encryption has been a hotspot in the field of information security since it was proposed by Blaze et al.[Blaze,Bleumer and Strauss(1998)].After 20 years of development,proxy re-encryption has evolved into many forms been widely used.This paper elaborates on the definition,characteristics and development status of proxy re-encryption,and classifies proxy re-encryption from the perspectives of user identity,conversion condition,conversion hop count and conversion direction.The aspects of the existing program were compared and briefly reviewed from the aspects of features,performance,and security.Finally,this paper looks forward to the possible development direction of proxy re-encryption in the future.展开更多
In this paper, an efficient hybrid proxy re-encryption scheme that allows the transformation of the ciphertexts in a traditional public key cryptosystem into the ciphertexts in an identity-based system is proposed. Th...In this paper, an efficient hybrid proxy re-encryption scheme that allows the transformation of the ciphertexts in a traditional public key cryptosystem into the ciphertexts in an identity-based system is proposed. The scheme is non-interactive, unidirectional and collude "safe". Furthermore, it is compatible with current IBE (identity-based encryption) deployments. The scheme has chosen ciphertext security in the random oracle model assuming the hardness of the Decisional Bilinear Diffie-Hellman problem.展开更多
基金supported in part by the National Science and Technology Council of Taiwan under the contract numbers NSTC 114-2221-E-019-055-MY2 and NSTC 114-2221-E-019-069.
文摘Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud architecture,makes it difficult to quickly respond to the demands of IoT applications and local computation.To make up for these deficiencies in the cloud,fog computing has emerged as a critical role in the IoT applications.It decentralizes the computing power to various lower nodes close to data sources,so as to achieve the goal of low latency and distributed processing.With the data being frequently exchanged and shared between multiple nodes,it becomes a challenge to authorize data securely and efficiently while protecting user privacy.To address this challenge,proxy re-encryption(PRE)schemes provide a feasible way allowing an intermediary proxy node to re-encrypt ciphertext designated for different authorized data requesters without compromising any plaintext information.Since the proxy is viewed as a semi-trusted party,it should be taken to prevent malicious behaviors and reduce the risk of data leakage when implementing PRE schemes.This paper proposes a new fog-assisted identity-based PRE scheme supporting anonymous key generation,equality test,and user revocation to fulfill various IoT application requirements.Specifically,in a traditional identity-based public key architecture,the key escrow problem and the necessity of a secure channel are major security concerns.We utilize an anonymous key generation technique to solve these problems.The equality test functionality further enables a cloud server to inspect whether two candidate trapdoors contain an identical keyword.In particular,the proposed scheme realizes fine-grained user-level authorization while maintaining strong key confidentiality.To revoke an invalid user identity,we add a revocation list to the system flows to restrict access privileges without increasing additional computation cost.To ensure security,it is shown that our system meets the security notion of IND-PrID-CCA and OW-ID-CCA under the Decisional Bilinear Diffie-Hellman(DBDH)assumption.
基金supported in part by the National Science and Technology Council of Republic of China under the contract numbers NSTC 114-2221-E-019-055-MY2NSTC 114-2221-E-019-069.
文摘Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized management and transmission latency of the cloud makes it difficult to support real-time processing and distributed access structures.As a result,fog computing and the Internet of Things(IoT)have emerged as crucial applications.Fog-assisted proxy re-encryption is a commonly adopted technique for sharing cloud ciphertexts.It allows a semitrusted proxy to transforma data owner’s ciphertext into another re-encrypted ciphertext intended for a data requester,without compromising any information about the original ciphertext.Yet,the user revocation and cloud ciphertext renewal problems still lack effective and secure mechanisms.Motivated by it,we propose a revocable conditional proxy re-encryption scheme offering ciphertext evolution(R-CPRE-CE).In particular,a periodically updated time key is used to revoke the user’s access privileges while an access condition prevents a malicious proxy from reencrypting unauthorized ciphertext.We also demonstrate that our scheme is provably secure under the notion of indistinguishability against adaptively chosen identity and chosen ciphertext attacks in the random oracle model.Performance analysis shows that our scheme reduces the computation time for a complete data access cycle from an initial query to the final decryption by approximately 47.05%compared to related schemes.
文摘Military image encryption plays a vital role in ensuring the secure transmission of sensitive visual information from unauthorized access.This paper proposes a new Tri-independent keying method for encrypting military images.The proposed encryption method is based on multilevel security stages of pixel-level scrambling,bitlevel manipulation,and block-level shuffling operations.For having a vast key space,the input password is hashed by the Secure Hash Algorithm 256-bit(SHA-256)for generating independently deterministic keys used in the multilevel stages.A piecewise pixel-level scrambling function is introduced to perform a dual flipping process controlled with an adaptive key for obscuring the spatial relationships between the adjacent pixels.Adynamicmasking scheme is presented for conducting a bit-level manipulation based on distinct keys that change over image regions,providing completely different encryption results on identical regions.To handle the global correlation between large-scale patterns,a chaotic index-map system is employed for shuffling image regions randomly across the image domain based on a logistic map seeded with a private key.Experimental results on a dataset of military images show the effectiveness of the proposed encryption method in producing excellent quantitative and qualitative results.The proposed method obtains uniform histogram distributions,high entropy values around the ideal(≈8 bits),Number of Pixel Change Rate(NPCR)values above 99.5%,and low Peak Signal-to-Noise Ratio(PSNR)over all encrypted images.This validates the robustness of the proposed method against cryptanalytic attacks,verifying its ability to serve as a practical basis for secure image transmission in defense systems.
基金supported by the National Natural Science Foundation of China(62376106)The Science and Technology Development Plan of Jilin Province(20250102212JC).
文摘Driven by advancements in mobile internet technology,images have become a crucial data medium.Ensuring the security of image information during transmission has thus emerged as an urgent challenge.This study proposes a novel image encryption algorithm specifically designed for grayscale image security.This research introduces a new Cantor diagonal matrix permutation method.The proposed permutation method uses row and column index sequences to control the Cantor diagonal matrix,where the row and column index sequences are generated by a spatiotemporal chaotic system named coupled map lattice(CML).The high initial value sensitivity of the CML system makes the permutation method highly sensitive and secure.Additionally,leveraging fractal theory,this study introduces a chaotic fractal matrix and applies this matrix in the diffusion process.This chaotic fractal matrix exhibits selfsimilarity and irregularity.Using the Cantor diagonal matrix and chaotic fractal matrix,this paper introduces a fast image encryption algorithm involving two diffusion steps and one permutation step.Moreover,the algorithm achieves robust security with only a single encryption round,ensuring high operational efficiency.Experimental results show that the proposed algorithm features an expansive key space,robust security,high sensitivity,high efficiency,and superior statistical properties for the ciphered images.Thus,the proposed algorithm not only provides a practical solution for secure image transmission but also bridges fractal theory with image encryption techniques,thereby opening new research avenues in chaotic cryptography and advancing the development of information security technology.
基金financially supported by the Natural Science Foundation of Shandong Province(No.ZR2024QE446)。
文摘With the rapid development of intelligent electronic and military equipment,multifunctional flexible materials that integrat electromagnetic interference(EMI)shielding,temperature sensing,and information encryption are urgently required.This study presents a bio-inspired hierarchical composite foam fabricated using supercritical nitrogen foaming technology.This material exhibits a honeycomb structure,with pore cell sizes controllable within a range of 30–92μm by regulating the filler.The carbon fiber felt(CFf)provides efficient reflection of electromagnetic waves,while the chloroprene rubber/carbon fiber/carbon black foam facilitates both wave absorption and temperature monitoring through its optimized conductive network.This synergistic mechanism results in an EMI shielding effectiveness(SE)of 60.06 d B with excellent temperature sensing performance(The temperature coefficient of resistance(TCR)is-2.642%/℃)in the 24–70℃ range.Notably,the material has a thermal conductivity of up to 0.159 W/(m·K),and the bio-inspired layered design enables information encryption,demonstrating the material's potential for secure communication applications.The foam also has tensile properties of up to 5.13 MPa and a tear strength of 33.02 N/mm.This biomimetic design overcomes the traditional limitations of flexible materials and provides a transformative solution for next-generation applications such as flexible electronics,aerospace systems and military equipment,which urgently need integrated electromagnetic protection,thermal management and information security.
文摘The advent of 5G technology has significantly enhanced the transmission of images over networks,expanding data accessibility and exposure across various applications in digital technology and social media.Consequently,the protection of sensitive data has become increasingly critical.Regardless of the complexity of the encryption algorithm used,a robust and highly secure encryption key is essential,with randomness and key space being crucial factors.This paper proposes a new Robust Deoxyribonucleic Acid(RDNA)nucleotide-based encryption method.The RDNA encryption method leverages the unique properties of DNA nucleotides,including their inherent randomness and extensive key space,to generate a highly secure encryption key.By employing transposition and substitution operations,the RDNA method ensures significant diffusion and confusion in the encrypted images.Additionally,it utilises a pseudorandom generation technique based on the random sequence of nucleotides in the DNA secret key.The performance of the RDNA encryption method is evaluated through various statistical and visual tests,and compared against established encryption methods such as 3DES,AES,and a DNA-based method.Experimental results demonstrate that the RDNA encryption method outperforms its rivals in the literature,and achieves superior performance in terms of information entropy,avalanche effect,encryption execution time,and correlation reduction,while maintaining competitive values for NMAE,PSNR,NPCR,and UACI.The high degree of randomness and sensitivity to key changes inherent in the RDNA method offers enhanced security,making it highly resistant to brute force and differential attacks.
文摘Elliptic curve(EC)based cryptosystems gained more attention due to enhanced security than the existing public key cryptosystems.A substitution box(S-box)plays a vital role in securing modern symmetric key cryptosystems.However,the recently developed EC based algorithms usually trade off between computational efficiency and security,necessitating the design of a new algorithm with the desired cryptographic strength.To address these shortcomings,this paper proposes a new scheme based onMordell elliptic curve(MEC)over the complex field for generating distinct,dynamic,and highly uncorrelated S-boxes.Furthermore,we count the exact number of the obtained S-boxes,and demonstrate that the permuted version of the presented S-box is statistically optimal.The nonsingularity of the presented algorithm and the injectivity of the resultant output are explored.Rigorous theoretical analysis and experimental results demonstrate that the proposedmethod is highly effective in generating a large number of dynamic S-boxes with adequate cryptographic properties,surpassing current state-of-the-art S-box generation algorithms in terms of security.Apart fromthis,the generated S-box is benchmarked using side-channel attacks,and its performance is compared with highly nonlinear S-boxes,demonstrating comparable results.In addition,we present an application of our proposed S-box generator by incorporating it into an image encryption technique.The encrypted and decrypted images are tested by employing extensive standard security metrics,including the Number of Pixel Change Rate,the Unified Average Changing Intensity,information entropy,correlation coefficient,and histogram analysis.Moreover,the analysis is extended beyond conventional metrics to validate the new method using advanced tests,such as the NIST statistical test suite,robustness analysis,and noise and cropping attacks.Experimental outcomes show that the presented algorithm strengthens the existing encryption scheme against various well-known cryptographic attacks.
基金supported by the National Natural Science Foundation of China(Grant No.U24B20146)the National Key Research and Development Plan in China(Grant No.2020YFB1005500)Beijing Natural Science Foundation Project(No.M21034).
文摘With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the existing data sharing schemes have been difficult to meet the growing demand for data sharing,this paper aims at exploring a secure,efficient and privacy-protecting data sharing scheme under web3.0 applications.Specifically,this paper adopts interplanetary file system(IPFS)technology to realize the storage of large data files to solve the problem of blockchain storage capacity limitation,and utilizes ciphertext policy attribute-based encryption(CP-ABE)and proxy re-encryption(PRE)technology to realize secure multi-party sharing and finegrained access control of data.This paper provides the detailed algorithm design and implementation of data sharing phases and processes,and analyzes the algorithms from the perspectives of security,privacy protection,and performance.
基金funded by National Science and Technology Council,Taiwan,grant numbers are 110-2401-H-002-094-MY2 and 112-2221-E-130-001.
文摘As data analysis often incurs significant communication and computational costs,these tasks are increasingly outsourced to cloud computing platforms.However,this introduces privacy concerns,as sensitive data must be transmitted to and processed by untrusted parties.To address this,fully homomorphic encryption(FHE)has emerged as a promising solution for privacy-preserving Machine-Learning-as-a-Service(MLaaS),enabling computation on encrypted data without revealing the plaintext.Nevertheless,FHE remains computationally expensive.As a result,approximate homomorphic encryption(AHE)schemes,such as CKKS,have attracted attention due to their efficiency.In our previous work,we proposed RP-OKC,a CKKS-based clustering scheme implemented via TenSEAL.However,errors inherent to CKKS operations—termed CKKS-errors—can affect the accuracy of the result after decryption.Since these errors can be mitigated through post-decryption rounding,we propose a data pre-scaling technique to increase the number of significant digits and reduce CKKS-errors.Furthermore,we introduce an Operation-Error-Estimation(OEE)table that quantifies upper-bound error estimates for various CKKS operations.This table enables error-aware decryption correction,ensuring alignment between encrypted and plaintext results.We validate our method on K-means clustering using the Kaggle Customer Segmentation dataset.Experimental results confirm that the proposed scheme enhances the accuracy and reliability of privacy-preserving data analysis in cloud environments.
基金Programs for Science and Technology Development of Henan Province,grant number 242102210152The Fundamental Research Funds for the Universities of Henan Province,grant number NSFRF240620+1 种基金Key Scientific Research Project of Henan Higher Education Institutions,grant number 24A520015Henan Key Laboratory of Network Cryptography Technology,grant number LNCT2022-A11.
文摘Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribute-based conditional proxy re-encryption(AB-CPRE)schemes proposed so far do not take into account the importance of user attributes.A weighted attribute-based conditional proxy re-encryption(WAB-CPRE)scheme is thus designed to provide more precise decryption rights delegation.By introducing the concept of weight attributes,the quantity of system attributes managed by the server is reduced greatly.At the same time,a weighted tree structure is constructed to simplify the expression of access structure effectively.With conditional proxy re-encryption,large amounts of data and complex computations are outsourced to cloud servers,so the data owner(DO)can revoke the user’s decryption rights directly with minimal costs.The scheme proposed achieves security against chosen plaintext attacks(CPA).Experimental simulation results demonstrated that the decryption time is within 6–9 ms,and it has a significant reduction in communication and computation cost on the user side with better functionality compared to other related schemes,which enables users to access cloud data on devices with limited resources.
基金Projects(61472192,61202004)supported by the National Natural Science Foundation of ChinaProject(14KJB520014)supported by the Natural Science Fund of Higher Education of Jiangsu Province,China
文摘The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untrusted servers of cloud storage, a novel multi-authority access control scheme without a trustworthy central authority has been proposed based on CP-ABE for cloud storage systems, called non-centered multi-authority proxy re-encryption based on the cipher-text policy attribute-based encryption(NC-MACPABE). NC-MACPABE optimizes the weighted access structure(WAS) allowing different levels of operation on the same file in cloud storage system. The concept of identity dyeing is introduced to improve the users' information privacy further. The re-encryption algorithm is improved in the scheme so that the data owner can revoke user's access right in a more flexible way. The scheme is proved to be secure. And the experimental results also show that removing the central authority can resolve the existing performance bottleneck in the multi-authority architecture with a central authority, which significantly improves user experience when a large number of users apply for accesses to the cloud storage system at the same time.
基金supported by the National Natural Science Foundation of China(6120200461472192)+1 种基金the Special Fund for Fast Sharing of Science Paper in Net Era by CSTD(2013116)the Natural Science Fund of Higher Education of Jiangsu Province(14KJB520014)
文摘The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).
基金the National Natural Science Foundation of China(No.61133014)
文摘In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencryption (PRE) as the cloud data encryption technique. In a PRE system, a semi-trusted proxy can transform a ciphertext under one public key into a ciphertext of the same message under another public key, but the proxy cannot gain any information about the message. In this paper, we propose a certificateless PRE (CL-PRE) scheme without pairings. The security of the proposed scheme can be proved to be equivalent to the computational Dire- Hellman (CDH) problem in the random oracle model. Compared with other existing CL-PRE schemes, our scheme requires less computation cost and is significantly more efficient. The new scheme does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.
文摘A medical image encryption is proposed based on the Fisher-Yates scrambling,filter diffusion and S-box substitution.First,chaotic sequence associated with the plaintext is generated by logistic-sine-cosine system,which is used for the scrambling,substitution and diffusion processes.The three-dimensional Fisher-Yates scrambling,S-box substitution and diffusion are employed for the first round of encryption.The chaotic sequence is adopted for secondary encryption to scramble the ciphertext obtained in the first round.Then,three-dimensional filter is applied to diffusion for further useful information hiding.The key to the algorithm is generated by the combination of hash value of plaintext image and the input parameters.It improves resisting ability of plaintext attacks.The security analysis shows that the algorithm is effective and efficient.It can resist common attacks.In addition,the good diffusion effect shows that the scheme can solve the differential attacks encountered in the transmission of medical images and has positive implications for future research.
基金This work is supported by the National Natural Science Foundation of China(Nos.61702236,61672270,61602216,61872181)Changzhou Sci&Tech Program(Grant No.CJ20179027).
文摘An identity-based proxy re-encryption scheme(IB-PRE)allows a semi-trusted proxy to convert an encryption under one identity to another without revealing the underlying message.Due to the fact that the proxy was semi-trusted,it should place as little trust as necessary to allow it to perform the translations.In some applications such as distributed file system,it demands the adversary cannot identify the sender and recipient’s identities.However,none of the exiting IB-PRE schemes satisfy this requirement.In this work,we first define the security model of key-private IB-PRE.Finally,we propose the first key-private IB-PRE scheme.Our scheme is chosen plaintext secure(CPA)and collusion resistant in the standard model.
基金This research is partially supported by the National Natural Science Foundation of China under Grant Nos.61672016the Jiangsu Qing Lan Project,the Six Talent Peaks Project in Jiangsu Province under Grant RJFW-010the Guangxi Key Laboratory of Cryptography and Information Security under Grant GCIS201815.
文摘To design an efficient protocol for sharing the encrypted lock keys in the renting house system,we introduce a new notion called time-and identitybased proxy reencryption(TIPRE)and the blockchain platform.Our CPA secure TIPRE scheme is constructed from Green et al.’s identity-based proxy reencryption scheme by adding the time property.In every time period,a time stamp authority generates a public key embedded with the current time stamp for each user.In our protocol for the renting house system,the TIPRE scheme is the primary building block,and the blockchain platform serves instead of a trusted third party,such as a real estate agency between landlords and tenants.The TIPRE scheme allows the landlord to change the lock key at each time period for safety.The blockchain platform allows the landlords and tenants to directly interact,and all of the interactions are recorded in the blockchain database to provide the desired security requirements,such as nonrepudiation and unforgeability.Finally,we provide the secure analysis of our protocol and test its performance by implementing it in the MacBook Pro and the Intel Edison development platforms.
基金supported,in part,by the National Nature Science Foundation of China under grant numbers 61502240,61502096,61304205,61773219in part,by the Natural Science Foundation of Jiangsu Province under Grant Numbers BK20191401。
文摘In sensor networks,it is a challenge to ensure the security of data exchange between packet switching nodes holding different private keys.In order to solve this problem,the present study proposes a scheme called multi-conditional proxy broadcast re-encryption(MC-PBRE).The scheme consists of the following roles:the source node,proxy server,and the target node.If the condition is met,the proxy can convert the encrypted data of the source node into data that the target node can directly decrypt.It allows the proxy server to convert the ciphertext of the source node to a new ciphertext of the target node in a different group,while the proxy server does not need to store the key or reveal the plaintext.At the same time,the proxy server cannot obtain any valuable information in the ciphertext.This paper formalizes the concept of MC-PBRE and its security model,and proposes a MC-PBRE scheme of ciphertext security.Finally,the scheme security has been proved in the random oracle.
基金National Key Research and Development Program of China(2021YFB3101402)National Natural Science Foundation of China(62202294)。
文摘This study constructs a function-private inner-product predicate encryption(FP-IPPE)and achieves standard enhanced function privacy.The enhanced function privacy guarantees that a predicate secret key skf reveals nothing about the predicate f,as long as f is drawn from an evasive distribution with sufficient entropy.The proposed scheme extends the group-based public-key function-private predicate encryption(FP-PE)for“small superset predicates”proposed by Bartusek et al.(Asiacrypt 19),to the setting of inner-product predicates.This is the first construction of public-key FP-PE with enhanced function privacy security beyond the equality predicates,which is previously proposed by Boneh et al.(CRYPTO 13).The proposed construction relies on bilinear groups,and the security is proved in the generic bilinear group model.
基金This work is supported by the NSFC(Nos.61772280,61702236)the Changzhou Sci&Tech Program(No.CJ20179027),and the PAPD fund from NUIST.Prof.
文摘With the diversification of electronic devices,cloud-based services have become the link between different devices.As a cryptosystem with secure conversion function,proxy re-encryption enables secure sharing of data in a cloud environment.Proxy re-encryption is a public key encryption system with ciphertext security conversion function.A semi-trusted agent plays the role of ciphertext conversion,which can convert the user ciphertext into the same plaintext encrypted by the principal’s public key.Proxy re-encryption has been a hotspot in the field of information security since it was proposed by Blaze et al.[Blaze,Bleumer and Strauss(1998)].After 20 years of development,proxy re-encryption has evolved into many forms been widely used.This paper elaborates on the definition,characteristics and development status of proxy re-encryption,and classifies proxy re-encryption from the perspectives of user identity,conversion condition,conversion hop count and conversion direction.The aspects of the existing program were compared and briefly reviewed from the aspects of features,performance,and security.Finally,this paper looks forward to the possible development direction of proxy re-encryption in the future.
基金Supported by the National Natural Science Foundation of China (60673070)the Natural Science Foundation of Jiangsu Province, China (BK2006217)
文摘In this paper, an efficient hybrid proxy re-encryption scheme that allows the transformation of the ciphertexts in a traditional public key cryptosystem into the ciphertexts in an identity-based system is proposed. The scheme is non-interactive, unidirectional and collude "safe". Furthermore, it is compatible with current IBE (identity-based encryption) deployments. The scheme has chosen ciphertext security in the random oracle model assuming the hardness of the Decisional Bilinear Diffie-Hellman problem.
