A new efficient forward secure signature scheme based on bilinear pairings is presented m this paper. Each complexity of key generation, key update, signing and verifying algorithms in this scheme is O(1) in terms o...A new efficient forward secure signature scheme based on bilinear pairings is presented m this paper. Each complexity of key generation, key update, signing and verifying algorithms in this scheme is O(1) in terms of the total number of time periods T. Because a new structure in node secret key storage and a unique strategy in key update are employed, the signing and verifying costs don't grow when T increases. At the same time, the key generation and key update algorithms are efficiently constructed thanks to using the pre-order traversal technique of binary trees. Compared with other schemes based on bilinear pairings, the signature size in this scheme is very short, which doesn't change with T increasing. The scheme is forward secure in random oracle model assuming CDH problem is hard.展开更多
Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method,...Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method, they also give out a concrete instance. A TE-FSig scheme is constructed by the standard signature scheme, forward secures signature scheme and the aggregate signature scheme. It has an additional property of tamper evidence besides the property of forward secure, which can detect the time period when the key is exposed. In the standard model, the scheme constructed in the paper is proved to satisfy the prop- erties of forward secure, strong forward tamper-evidence secure, and strongly unforgeable under the chosen-message attack.展开更多
Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's schem...Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.展开更多
Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. I...Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. In this paper, server-assisted for-ward-secure threshold signature is proposed. The system is composed of n1 servers and n2 users. Each user and each server holds a partial secret, respectively. To produce a valid signature, users and servers need to cooperate to complete the work. The partial secrets of the users and servers are updated by a one-way function at regular intervals, while the public key is always fixed. Even if all the current partial secrets are exposed, the signatures pertaining to previous periods are still valid.展开更多
In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over ell...In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.展开更多
Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to sce...Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to scenarios with limited communication,such as space communication.Although CL-ORKE protocols have been researched for years,lots of them only consider what secrets can be compromised but ignore the time when the secrets have been corrupted.In CL-ORKE protocols,the reveal of the long-term key attacks can be divided into two different attacks according to the time of the long-term key revealed:the attack to weak Forward Security(wFS)and the attack to strong Forward Security(sFS).Many CLKE protocols did not take into account the sFS property or considered sFS as wFS.In this paper,we first propose a new security model for CL-ORKE protocols which considers the sFS property as well as the Ephemeral Key Reveal attack.Then,we give a CL-ORKE protocol which is called CLORKE-SFS.CLORKE-SFS is provably secure under the proposed model provided the Elliptic Curve Computational Diffie-Hellman(ECCDH)and the Bilinear Computational Diffie-Hellman problem(BCDH)assumption hold.The security model and the protocol may give inspiration for constructing oneround key exchange protocols with perfect forward security in certificateless scenarios.展开更多
When one enterprise acquires another,the electronic data of the acquired enterprise will be transferred to the acquiring enterprise.In particular,if the data system of acquired enterprise contains a searchable encrypt...When one enterprise acquires another,the electronic data of the acquired enterprise will be transferred to the acquiring enterprise.In particular,if the data system of acquired enterprise contains a searchable encryption mechanism,the corresponding searchability will also be transferred.In this paper,we introduce the concept of Searchable Encryption with Ownership Transfer(SEOT),and propose a secure SEOT scheme.Based on the new structure of polling pool,our proposed searchable encryption scheme not only achieves efficient transfer of outsourced data,but also implements secure transfer of data searchability.Moreover,we optimize the storage cost for user to a desirable value.We prove our scheme can achieve the secure characteristics,then carry out the performance evaluation and experiments.The results demonstrate that our scheme is superior in efficiency and practicability.展开更多
The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key managemen...The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.展开更多
Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (C...Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.展开更多
In 2010,Hwang,et al.proposed a 'DoS-resistant ID-based password authentication scheme using smart cards' as an improvement of Kim-Lee-Yoo's 'ID-based password authentication scheme'.In this paper,w...In 2010,Hwang,et al.proposed a 'DoS-resistant ID-based password authentication scheme using smart cards' as an improvement of Kim-Lee-Yoo's 'ID-based password authentication scheme'.In this paper,we cryptanalyze Hwang,et al.'s scheme and point out that the revealed session key could threat the security of the scheme.We demonstrate that extracting information from smart cards is equal to knowing the session key.Thus known session key attacks are also effective under the as-sumption that the adversary could obtain the information stored in the smart cards.We proposed an improved scheme with security analysis to remedy the weaknesses of Hwang,et al.'s scheme.The new scheme does not only keep all the merits of the original,but also provides several additional phases to improve the flexibility.Finally,the improved scheme is more secure,efficient,practical,and convenient,because elliptic curve cryptosystem is introduced,the expensive smart cards and synchronized clock system are replaced by mobile devices and nonces.展开更多
Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased Nevertheless, some of these systems present privacy problems that may discourage potential users. Hence, high c...Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased Nevertheless, some of these systems present privacy problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies in the literature proposed schemes that are proven to be secure, but they have scalability problems. A feasible and scalable protocol to guarantee privacy is presented in this paper. The proposed protocol uses elliptic curve cryptography combined with a zero knowledge-based authentication scheme. An analysis to prove the system secure, and even forward secure is also provided.展开更多
Order-preserving encryption(OPE)and order-revealing encryption(ORE)are among the core ingredients for encrypted databases(EDBs).In this work,we study the leakage of OPE and ORE and their forward security.We propose ge...Order-preserving encryption(OPE)and order-revealing encryption(ORE)are among the core ingredients for encrypted databases(EDBs).In this work,we study the leakage of OPE and ORE and their forward security.We propose generic yet powerful file-inject ion attacks(FI As)on OPE/ORE,aimed at the situations of possessing order by and range queries.Our FI As only exploit the ideal leakage of OPE/ORE(in particular,no need of data denseness or frequency).We also improve their efficiency with the frequency statistics using a hierarchical idea such that the high-frequency values will be recovered more quickly.We conduct some experiments on real datasets to test the performance,and the results show that our FI As can cause an extreme hazard on most of the existing OPEs and OREs with high efficiency and 100%recovery rate.We then formulate forward security of ORE,and propose a practical compilation framework for achieving forward secure ORE to resist the perniciousness of FIA.The compilation framework can transform most of the existing OPEs/OREs into forward secure OREs,with the goal of minimizing the extra burden incurred on computation and storage.We also present its security proof,and execute some experiments to analyze its performance.The proposed compilation is highly efficient and forward secure.展开更多
It’s been 20 years since the first transaction on the Shanghai Stock Exchange on December 19,1990.During the past two decades,China’s securities market has
McCullagh-Barreto key agreement protocol and its variant achieve perfect forward security and key generation center (KGC) forward security, but provide no resistance to key compromise impersonation attack (KCI att...McCullagh-Barreto key agreement protocol and its variant achieve perfect forward security and key generation center (KGC) forward security, but provide no resistance to key compromise impersonation attack (KCI attack). In this paper, we give a formal treatment of key compromise impersonation (KCI) attack and define the security notion against it. Then an variant of McCullagh-Barreto protocol is presented with only one more Hash operation. The improved protocol preserves perfect forward security and KGC forward security, and furthermore is proved to be secure against KCI attack under k-Gap-BCAA1 assumption.展开更多
There are many constraints in the use of digital signatures. This paper proposes a new way of using digital signatures with some restrictions, i.e. set signatures. It works in such a way that when the signing algorith...There are many constraints in the use of digital signatures. This paper proposes a new way of using digital signatures with some restrictions, i.e. set signatures. It works in such a way that when the signing algorithm is given, one can use it to create a valid signature on a message if and only if the message belongs to a pre-defined set, and given the information about the signing algorithm, it is computationally infeasible to create valid signatures on any other arbitrary messages outside of the set. This special property enables the signing algorithm to be made public, which seems to contradict with the traditional signature where a private key is needed, which must be kept secret. What makes the problem challenging is that the signing algorithm does not reveal the secret signing key, and hence forging normal signatures for arbitrary messages is computationally infeasible. In many cases, the signing algorithm does not reveal the elements in the authorized set. As an application of the new concept, set signatures for intelligent mobile agents committing "smaller than" condition is studied, which shows the applicability of set signatures on small sets.展开更多
文摘A new efficient forward secure signature scheme based on bilinear pairings is presented m this paper. Each complexity of key generation, key update, signing and verifying algorithms in this scheme is O(1) in terms of the total number of time periods T. Because a new structure in node secret key storage and a unique strategy in key update are employed, the signing and verifying costs don't grow when T increases. At the same time, the key generation and key update algorithms are efficiently constructed thanks to using the pre-order traversal technique of binary trees. Compared with other schemes based on bilinear pairings, the signature size in this scheme is very short, which doesn't change with T increasing. The scheme is forward secure in random oracle model assuming CDH problem is hard.
基金the Natural Science Foundation of Shandong Province (Y2007G37)
文摘Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method, they also give out a concrete instance. A TE-FSig scheme is constructed by the standard signature scheme, forward secures signature scheme and the aggregate signature scheme. It has an additional property of tamper evidence besides the property of forward secure, which can detect the time period when the key is exposed. In the standard model, the scheme constructed in the paper is proved to satisfy the prop- erties of forward secure, strong forward tamper-evidence secure, and strongly unforgeable under the chosen-message attack.
基金Supported by the National Natural Science Foun-dation of China (60473072)
文摘Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.
基金the National Natural Science Foundation of China (60703089)the National High-Technology Research and Development Program of China (863 Program) (2006AA012110)
文摘Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. In this paper, server-assisted for-ward-secure threshold signature is proposed. The system is composed of n1 servers and n2 users. Each user and each server holds a partial secret, respectively. To produce a valid signature, users and servers need to cooperate to complete the work. The partial secrets of the users and servers are updated by a one-way function at regular intervals, while the public key is always fixed. Even if all the current partial secrets are exposed, the signatures pertaining to previous periods are still valid.
文摘In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.
基金This work was supported by the National Natural Science Foundation of China(NSFC)under Grant(61902049,31960119)Joint Special Fund for Basic Research of Local Undergraduate Universities(Parts)in Yunnan Province under Grant(2018FH001-063,2018FH001-106)Dali University Innovation Team Project(ZKLX2020308).
文摘Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to scenarios with limited communication,such as space communication.Although CL-ORKE protocols have been researched for years,lots of them only consider what secrets can be compromised but ignore the time when the secrets have been corrupted.In CL-ORKE protocols,the reveal of the long-term key attacks can be divided into two different attacks according to the time of the long-term key revealed:the attack to weak Forward Security(wFS)and the attack to strong Forward Security(sFS).Many CLKE protocols did not take into account the sFS property or considered sFS as wFS.In this paper,we first propose a new security model for CL-ORKE protocols which considers the sFS property as well as the Ephemeral Key Reveal attack.Then,we give a CL-ORKE protocol which is called CLORKE-SFS.CLORKE-SFS is provably secure under the proposed model provided the Elliptic Curve Computational Diffie-Hellman(ECCDH)and the Bilinear Computational Diffie-Hellman problem(BCDH)assumption hold.The security model and the protocol may give inspiration for constructing oneround key exchange protocols with perfect forward security in certificateless scenarios.
基金supported by the National Natural Science Foundation of China(Grant No.61932010)Science and Technology Project of Guangzhou City(No.201707010320).
文摘When one enterprise acquires another,the electronic data of the acquired enterprise will be transferred to the acquiring enterprise.In particular,if the data system of acquired enterprise contains a searchable encryption mechanism,the corresponding searchability will also be transferred.In this paper,we introduce the concept of Searchable Encryption with Ownership Transfer(SEOT),and propose a secure SEOT scheme.Based on the new structure of polling pool,our proposed searchable encryption scheme not only achieves efficient transfer of outsourced data,but also implements secure transfer of data searchability.Moreover,we optimize the storage cost for user to a desirable value.We prove our scheme can achieve the secure characteristics,then carry out the performance evaluation and experiments.The results demonstrate that our scheme is superior in efficiency and practicability.
基金Project(61100201) supported by National Natural Science Foundation of ChinaProject(12ZZ019) supported by Technology Innovation Research Program,Shang Municipal Education Commission,China+1 种基金Project(LYM11053) supported by the Foundation for Distinguished Young Talents in Higher Education of Guangdong Province,ChinaProject(NCET-12-0358) supported by New Century Excellent Talentsin University,Ministry of Education,China
文摘The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.
基金Supported by the National Natural Science Founda-tion of China (60225007, 60572155) and the Science and Technology Research Project of Shanghai (04DZ07067)
文摘Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement (CB-AK) protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart's protocol.
基金Supported by the Natural Science Foundation of Shandong Province (No. Y2008A29)the Science and Technique Foundation of Shandong Province (No. 2008GG30009008)
文摘In 2010,Hwang,et al.proposed a 'DoS-resistant ID-based password authentication scheme using smart cards' as an improvement of Kim-Lee-Yoo's 'ID-based password authentication scheme'.In this paper,we cryptanalyze Hwang,et al.'s scheme and point out that the revealed session key could threat the security of the scheme.We demonstrate that extracting information from smart cards is equal to knowing the session key.Thus known session key attacks are also effective under the as-sumption that the adversary could obtain the information stored in the smart cards.We proposed an improved scheme with security analysis to remedy the weaknesses of Hwang,et al.'s scheme.The new scheme does not only keep all the merits of the original,but also provides several additional phases to improve the flexibility.Finally,the improved scheme is more secure,efficient,practical,and convenient,because elliptic curve cryptosystem is introduced,the expensive smart cards and synchronized clock system are replaced by mobile devices and nonces.
基金supported by the Generalitat de Catalunya under Grant No. FIC 2007FIC 00880the projects of the Spanish MCyT MTM2007-66842-C02-02 and TIN2006-15662-C02-02
文摘Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased Nevertheless, some of these systems present privacy problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies in the literature proposed schemes that are proven to be secure, but they have scalability problems. A feasible and scalable protocol to guarantee privacy is presented in this paper. The proposed protocol uses elliptic curve cryptography combined with a zero knowledge-based authentication scheme. An analysis to prove the system secure, and even forward secure is also provided.
基金the National Key Research and Development Program of China under Grant No.2017YFB-0802000the National Natural Science Foundation of China under Grant Nos.61472084 and U1536205+2 种基金Shanghai Innovation Action Project under Grant No.16DZ1100200Shanghai Science and Technology Development Funds under Grant No.16JC1400801Shandong Provincial Key Research and Development Program of China under Grant Nos.2017CXG0701 and 2018CXGC0701.
文摘Order-preserving encryption(OPE)and order-revealing encryption(ORE)are among the core ingredients for encrypted databases(EDBs).In this work,we study the leakage of OPE and ORE and their forward security.We propose generic yet powerful file-inject ion attacks(FI As)on OPE/ORE,aimed at the situations of possessing order by and range queries.Our FI As only exploit the ideal leakage of OPE/ORE(in particular,no need of data denseness or frequency).We also improve their efficiency with the frequency statistics using a hierarchical idea such that the high-frequency values will be recovered more quickly.We conduct some experiments on real datasets to test the performance,and the results show that our FI As can cause an extreme hazard on most of the existing OPEs and OREs with high efficiency and 100%recovery rate.We then formulate forward security of ORE,and propose a practical compilation framework for achieving forward secure ORE to resist the perniciousness of FIA.The compilation framework can transform most of the existing OPEs/OREs into forward secure OREs,with the goal of minimizing the extra burden incurred on computation and storage.We also present its security proof,and execute some experiments to analyze its performance.The proposed compilation is highly efficient and forward secure.
文摘It’s been 20 years since the first transaction on the Shanghai Stock Exchange on December 19,1990.During the past two decades,China’s securities market has
基金supported by the National Natural Science Foundation of China(60773003,60603010)the Natural Science Foundation of Shaanxi Province(2006F19)
文摘McCullagh-Barreto key agreement protocol and its variant achieve perfect forward security and key generation center (KGC) forward security, but provide no resistance to key compromise impersonation attack (KCI attack). In this paper, we give a formal treatment of key compromise impersonation (KCI) attack and define the security notion against it. Then an variant of McCullagh-Barreto protocol is presented with only one more Hash operation. The improved protocol preserves perfect forward security and KGC forward security, and furthermore is proved to be secure against KCI attack under k-Gap-BCAA1 assumption.
基金Supported in part by the National Basic Research Program of China (Grant No. 2007CB807902)the National High-Tech Research &Development Program of China (Grant No. 2006AA01Z423)
文摘There are many constraints in the use of digital signatures. This paper proposes a new way of using digital signatures with some restrictions, i.e. set signatures. It works in such a way that when the signing algorithm is given, one can use it to create a valid signature on a message if and only if the message belongs to a pre-defined set, and given the information about the signing algorithm, it is computationally infeasible to create valid signatures on any other arbitrary messages outside of the set. This special property enables the signing algorithm to be made public, which seems to contradict with the traditional signature where a private key is needed, which must be kept secret. What makes the problem challenging is that the signing algorithm does not reveal the secret signing key, and hence forging normal signatures for arbitrary messages is computationally infeasible. In many cases, the signing algorithm does not reveal the elements in the authorized set. As an application of the new concept, set signatures for intelligent mobile agents committing "smaller than" condition is studied, which shows the applicability of set signatures on small sets.
