NEW SECRET SHARING SCHEME BASED ON LINEAR CODE

A secret sharing system can be damaged when the dealer cheating occurs.In this paper,two kinds of secret sharing schemes based on linear code are proposed.One is a verifiable scheme which each participant can verify his own share from dealer's distribution and ensure each participant to receive valid share.Another does not have a trusted center,here,each participant plays a dual-role as the dealer and shadow(or share) provider in the whole scheme.

A New Method to Construct Secret Sharing Schemes Based on Linear Codes

Secret sharing is an important topic in cryptography and has applications in information security. The coding theory has been an important role in the constructing of secret sharing schemes. It is known that every linear code can be used to construct secret sharing schemes. So, we use the parity-check matrix of a linear code to construct secret sharing schemes based on linear codes. We also describe some techniques to recover the secret and determine the access structure of the new scheme. In this paper, we use the Massey＇s secret sharing scheme.

Quantum-Resistant Multi-Feature Attribute-Based Proxy Re-Encryption Scheme for Cloud Services

Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight.Although the attribute-based proxy re-encryption(ABPRE)schemes based on number theory can solve this problem,it is still difficult to resist quantum attacks and have limited expression capabilities.To address these issues,we present a novel linear secret sharing schemes(LSSS)matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research.Additionally,to detect the activities of illegal proxies,homomorphic signature(HS)technology is introduced to realize the verifiability of re-encryption.Moreover,the non-interactivity,unidirectionality,proxy transparency,multi-use,and anti-quantum attack characteristics of our system are all advantageous.Besides,it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud.Furthermore,under the standard model,the proposed learning with errors(LWE)-based scheme was proven to be IND-sCPA secure.

Secret Sharing Schemes Based on the Dual Code of the Code of a Symmetric （v, k, λ）-Design and Minimal Access Sets

Secret sharing has been a subject of study for over 30 years. The coding theory has been an important role in the constructing of the secret sharing schemes. It is known that every linear code can be used to construct the secret sharing schemes. Since the code of a symmetric （V, k, λ）-design is a linear code, this study is about the secret sharing schemes based on C of Fp-code C of asymmetric （v, k, λ）-design.

基于LSSS共享矩阵无授权策略的属性密码解密效率提高方案

在基于LSSS(Linear Secret-Sharing Schemes)共享矩阵的属性密码方案中,为了获得相对较高的解密效率,需要剔除授权集合中冗余参与方在解密时的计算.为达到这一目的,现有方案都需要使用授权策略进行最小参与方搜寻,而在一些应用场合下,授权策略的出现是不安全的.如果不使用授权策略,现有的解密优化方案便无法运行.本文提出一种LSSS共享矩阵下,无授权策略的属性密码解密效率提高方案.理论分析和实验表明,它可以在无授权策略情况下,找到最小参与方集合,从而提高了解密效率.

联盟链下的高效车联网数据安全共享研究

[目的/意义]旨在解决现有的车联网数据共享方案中计算开销大、共享效率低、安全性不足等问题。[方法/过程]设计了一个车联网高效数据安全共享方案,采用基于线性秘密共享(LSSS)的密文策略属性加密(CP-ABE)算法和基于联盟区块链群组技术,实现了车联网高效数据共享,减少数据冗余,并通过共识机制的优化,进一步提高时间效率,同时确保车辆实体的数据安全性和隐私性。[结果/结论]该方案能够适应车联网快速移动、动态变化的复杂特性,可实现灵活访问控制和高自由度的数据共享,满足车联网场景需求。

基于LSSS的隐藏策略属性基加密方案

传统的密文策略属性基加密方案(CP-ABE)在解密阶段会将密文连同访问策略一起发送给用户,但有时访问策略本身就是敏感信息,同样会泄露用户的隐私信息。因此,针对CP-ABE方案的访问策略隐藏这一问题,在现有CP-ABE方案的基础上,提出了一种新的隐藏策略属性基加密方案。该方案采用线性秘密分享矩阵(LSSS)作为访问结构,策略表达能力强,可以表达任意的访问策略,使用3素数合数阶双线性群来构造方案以及实现策略的隐藏,并且借助双系统加密技术证明方案在选择明文攻击下的安全性。与同类的基于LSSS隐藏策略的方案相比,该方案不仅降低了合数阶双线性群的阶数,减少了系统开销,而且减少了加密阶段的运算次数,提高了加密效率,增加了方案在实际应用中的可行性。

车联网中支持直接撤销的外包属性签名方案

数字签名在应对车联网中数据窜改威胁时扮演着重要作用,然而现有的签名方案在灵活性、效率、隐私保护、用户密钥管理等方面存在诸多问题,难以在车联网中释放其潜力。针对这些问题,提出了一个面向车联网的直接可撤销外包属性签名方案。该方案使用了基于线性秘密分享的签名策略机制,赋予车联网用户在签名生成和验证方面的灵活性和隐私保护。此外,设计了一种高效的用户密钥直接撤销机制,以提供对用户的实时撤权。所提方案还构造了一种外包验证方法,从而显著降低了验证者的计算和存储开销。安全性分析结果表明,所提方案在选择消息攻击下具有不可伪造性,并且能够抵抗合谋攻击。实验结果表明了该方案相较于其他方案的优势及其在车联网中的实用性。

医疗云平台中个人健康档案转诊时的安全共享方案

为解决医疗云平台共享个人健康档案(personal health record,PHR)存在的隐私泄露和加解密效率不理想的问题,以医疗云平台中帕金森病患者的转诊场景为例,提出了一种基于线性秘密共享的改进密文属性代理重加密方案(improved linear secret sharing based ciphertext attribute proxy re-encryption scheme,LCPS)。该方案利用线性秘密共享技术来隐藏访问策略中的隐私属性,降低因访问策略暴露引发的隐私泄露风险;该方案还对代理重加密算法进行改进,通过减少复杂的双线性运算,提高了加解密效率。结果表明,LCPS在加解密方面的表现要优于其他方案。在判定性q-BDHE(q-decisional bilinear Diffie-Hellman exponent)困难假设下具有选择明文攻击时的不可区分性(indistinguishability under chosen-plaintext attack,IND-CPA)。该方案具有可移植性,同样适用于医疗云中其他病症转诊时的个人健康档案安全共享。

Linear Secret Sharing Schemes and Rearrangements of Access Structures

In this paper we study linear secret sharing schemes by monotone span programs, according to the relation between realizing access structures by linear secret sharing schemes and computing monotone Boolean functions by monotone span programs. We construct some linear secret sharing schemes. Furthermore, we study the rearrangements of access structures that is very important in practice.

Linear multi-secret sharing schemes

In this paper the linear multi-secret sharing schemes are studied by using monotone span programs. A relation between computing monotone Boolean functions by using monotone span programs and realizing multi-access structures by using linear multi-secret sharing schemes is shown. Furthermore, the concept of optimal linear multi-secret sharing scheme is presented and the several schemes are proved to be optimal.

The Complexity and Randomness of Linear Multi-secret Sharing Schemes with Non-threshold Structures

In a linear multi-secret sharing scheme with non-threshold structures, several secret values are shared among n participants, and every secret value has a specified access structure. The efficiency of a multi- secret sharing scheme is measured by means of the complexity a and the randomness . Informally, the com- plexity a is the ratio between the maximum of information received by each participant and the minimum of information corresponding to every key. The randomness is the ratio between the amount of information distributed to the set of users U = {1, …, n} and the minimum of information corresponding to every key. In this paper, we discuss a and of any linear multi-secret sharing schemes realized by linear codes with non-threshold structures, and provide two algorithms to make a and to be the minimum, respectively. That is, they are optimal.

A Novel Secret Sharing Scheme Based on Minimal Linear Codes

In this paper, we propose a novel space efficient secret sharing scheme on the basis of minimal linear codes, which satisfies the definition of a computationally efficient secret sharing scheme. In the scheme, we partition the underlying minimal linear code into disjoint classes, establishing a one-to-one correspondence between the minimal authorized subsets of participants and the representative codewords of all different classes. Each participant, with only one short share transmitted through a public channel, can share a large secret. Therefore, the proposed scheme can distribute a large secret in practical applications such as secure information dispersal in sensor networks and secure multiparty computation.

基于边缘计算的多授权属性加密方案

传统云存储下属性加密通常在云端与用户直接交流,并且由单一授权机构处理密钥与数据信息,为此提出一种应用在边缘环境下的多授权属性加密方案。方案中的访问矩阵由线性秘密共享构建,将边缘平台作为中间节点,用椭圆曲线密码体制下的简单标量乘法替代属性加密中的双线性计算,通过多授权中心分摊属性管理,直接减少单个授权机构的密钥托管与局部失控问题。理论功能分析与实验结果表明,该方案在可行性与安全性上均优于传统同类算法,有效降低了用户在访问控制中的计算开销。

一种具有策略隐藏的策略控制签名方案

策略控制签名可以通过访问策略对签名验证权限进行管理,然而由于公开的访问策略极可能包含隐私信息,导致用户隐私泄露.为此,提出了一种具有策略隐藏的策略控制签名方案,该方案使用线性秘密共享方案作为访问结构,通过以基于3素数合数阶双线性群为基础,将可能暴露隐私的属性值进行隐藏,并公开属性名策略.基于CDH假设和安全模型,证明了该方案的不可伪造性.最后对方案进行实验分析对比,结果表明:在签名验证阶段提出的方案效率高.

基于属性加密的块级云数据去重方案

针对已有的云数据去重方案主要集中在文件级去重。提出了一种基于属性加密的支持数据块级去重的方案,对文件级和数据块级做双粒度去重,并由属性加密实现数据共享。在混合云架构上设计算法,私有云根据文件标签和数据块标签进行重复性检测和一致性检测,并由块级标签建立默克尔树,支持对用户进行所有权证明。用户上传密文,私有云应用线性秘密共享技术,向密文添加访问结构和辅助信息,并为新的拥有权限的用户更新整体的密文信息。由私有云做代理重加密和代理解密,在无法获得明文的情况下承担大部分计算,减轻用户的计算时间开销。处理好的密文和标签存入公有云中,由私有云进行存取。安全性分析表明,所提方案在私有云可达到PRV-CDA(privacy chosen-distribution attacks)安全。分别对固定分块大小改变属性个数和固定属性个数改变分块大小两种情况进行仿真实验,应用4种椭圆曲线加密测试密钥生成、加密和解密计算时间,结果符合线性秘密共享的特性。仿真实验和开销分析表明所提方案可提升去重效率,并降低计算时间开销。

一种面向社交网络的细粒度密文访问控制方案

针对社交网络的隐私保护问题,采用属性基加密算法,提出一种安全、高效、细粒度的社交网络访问控制方案,并建立社交网络体系结构。通过引入线性秘密共享方案构造访问控制策略,实现灵活的访问控制结构,利用重加密技术,将部分重加密工作转移给社交网络平台执行,在保证用户数据安全的前提下,降低用户的计算代价,通过分析非授权成员与授权成员之间的关系,判定非授权成员的访问权限,进而实现访问权限的传递,并分析方案的安全性和有效性。分析结果表明,与现有基于加密技术的隐私保护方案相比,该方案能提高访问结构的表达能力和解密效率。

基于极小线性码上的秘密共享方案

从理论上说,每个线性码都可用于构造秘密共享方案,但是在一般情况下,所构造的秘密共享方案的存取结构是难以确定的.本文提出了极小线性码的概念,指出基于这种码的对偶码所构造的秘密共享方案的存取结构是容易确定的.本文首先证明了极小线性码的缩短码一定是极小线性码.然后对几类不可约循环码给出它们为极小线性码的判定条件,并在理论上研究了基于几类不可约循环码的对偶码上的秘密共享方案的存取结构.最后用编程具体求出了一些实例中方案的存取结构.

可撤销和可追踪的密钥策略属性基加密方案

针对基于密钥策略属性基加密(KP-ABE, key-policy attribute-based encryption)方案不能兼顾属性撤销和用户身份追踪的问题,提出一种支持可撤销和可追踪的KP-ABE方案。首先,该方案能够在不更新系统公钥和用户私钥的情况下实现对用户属性的撤销,更新代价比较小,同时可以根据解密密钥追踪到用户身份,从而有效地防止匿名用户的密钥泄露问题。其次,该方案基于线性访问结构(LSSS, linear secret sharing scheme),与树形访问结构相比,执行效率更高。最后,该方案基于判定性q-BDHE假设,给出了在标准模式下的安全性证明。通过与已有的KP-ABE方案进行对比分析得出,该方案的公钥长度更短、加解密的计算开销更低,且在实现属性可撤销的基础上实现了用户身份的可追踪功能,具有较为明显的优势。

基于RLWE的密文策略属性代理重加密

针对现有基于LWE的代理重加密方案存在无法实现细粒度访问及效率低的问题,结合线性秘密共享方案、RLWE和属性加密,提出一种密文策略属性代理重加密方案。该方案可以缩短密钥尺寸、减小密文空间、提高加解密效率,同时利用线性秘密共享矩阵作为访问矩阵,满足授权人细粒度委托控制的需求,抵抗代理服务器和被授权人之间的合谋。安全分析表明,在基于RLWE假设的标准模型下,所提方案是安全的。