Tag key encapsulation mechanism (Tag-KEM)/data encapsulation mechanism (DEM) is a hybrid framework proposed in 2005. Tag-t(EM is one of its parts by using public-key encryption (PKE) technique to encapsulate a ...Tag key encapsulation mechanism (Tag-KEM)/data encapsulation mechanism (DEM) is a hybrid framework proposed in 2005. Tag-t(EM is one of its parts by using public-key encryption (PKE) technique to encapsulate a symmetric key. In hybrid encryptions, the long-raessage PKE is not desired due to its slow operation. A general method is presented for constructing Tag-KEM schemes with short-message PKEs. The chosen ciphertext security is proved in the random oracle model. In the method, the treatment of the tag part brings no additional ciphertext redundancy. Among all the methods for constructing Tag-KEM, the method is the first one without any validity checking on the tag part, thus showing that the Tag-KEM/DEM framework is superior to KEM+DEM one.展开更多
Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is ...Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is equivalent to partial LUC discrete logarithm problem in ZN, and for the proposed probabilistic encryption scheme, its semantic security is equivalent to decisional LUC Diffie-Hellman problem in ZN. At last, the efficiency of the proposed schemes is briefly analyzed.展开更多
As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage...As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.展开更多
The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved...The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.展开更多
We propose an unbounded fully homomorphic encryption scheme, i.e. a scheme that allows one to compute on encrypted data for any desired functions without needing to decrypt the data or knowing the decryption keys. Thi...We propose an unbounded fully homomorphic encryption scheme, i.e. a scheme that allows one to compute on encrypted data for any desired functions without needing to decrypt the data or knowing the decryption keys. This is a rational solution to an old problem proposed by Rivest, Adleman, and Dertouzos [1] in 1978, and to some new problems that appeared in Peikert [2] as open questions 10 and open questions 11 a few years ago. Our scheme is completely different from the breakthrough work [3] of Gentry in 2009. Gentry’s bootstrapping technique constructs a fully homomorphic encryption (FHE) scheme from a somewhat homomorphic one that is powerful enough to evaluate its own decryption function. To date, it remains the only known way of obtaining unbounded FHE. Our construction of an unbounded FHE scheme is straightforward and can handle unbounded homomorphic computation on any refreshed ciphertexts without bootstrapping transformation technique.展开更多
Identity-based hash proof system is a basic and important primitive. Ittographic schemes and protocols that are secure against key-leakage attacks. In thisupdatable identity-based hash proof system, in which the relat...Identity-based hash proof system is a basic and important primitive. Ittographic schemes and protocols that are secure against key-leakage attacks. In thisupdatable identity-based hash proof system, in which the related master secret keyis widely utilized to construct cryp-paper, we introduce the concept ofand the identity secret key can beupdated securely. Then, we instantiate this primitive based on lattices in the standard model. Moreover, we introduce anapplication of this new primitive by giving a generic construction of leakage-resilient public-key encryption schemes withanonymity. This construction can be considered as the integration of the bounded-retrieval model and the continual leakagemodel. Compared with the existing leakage-resilient schemes, our construction not only is more efficient but also can resistmuch more key leakage.展开更多
In recent years,much attention has been focused on designing provably secure cryptographic primitives in the presence of key leakage.Many constructions of leakage-resilient cryptographic primitives have been proposed....In recent years,much attention has been focused on designing provably secure cryptographic primitives in the presence of key leakage.Many constructions of leakage-resilient cryptographic primitives have been proposed.However,for any polynomial time adversary,most existing leakage-resilient cryptographic primitives cannot ensure that their outputs are random,and any polynomial time adversary can obtain a certain amount of leakage on the secret key from the corresponding output of a cryptographic primitive.In this study,to achieve better performance,a new construction of a chosen ciphertext attack 2(CCA2)secure,leakage-resilient,and certificateless public-key encryption scheme is proposed,whose security is proved based on the hardness of the classic decisional Diffie-Hellman assumption.According to our analysis,our method can tolerate leakage attacks on the private key.This method also achieves better performance because polynomial time adversaries cannot achieve leakage on the private key from the corresponding ciphertext,and a key leakage ratio of 1/2 can be achieved.Because of these good features,our method may be significant in practical applications.展开更多
An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-intera...An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.展开更多
The EIGamal algorithm, which can be used for both signature and encryption, is of importance in public-key cryptosystems. However, there has arisen an issue that different criteria of selecting a random number are use...The EIGamal algorithm, which can be used for both signature and encryption, is of importance in public-key cryptosystems. However, there has arisen an issue that different criteria of selecting a random number are used for the same algorithm. In the aspects of the sufficiency, necessity, security and computational overhead of parameter selection, this paper analyzes these criteria in a comparative manner and points out the insecurities in some textbook cryptographic schemes. Meanwhile, in order to enhance security a novel generalization of the EIGamal signature scheme is made by expanding the range of selecting random numbers at an acceptable cost of additional computation, and its feasibility is demonstrated.展开更多
基金Supported by the National Natural Science Foundation of China(60603010,60970120)~~
文摘Tag key encapsulation mechanism (Tag-KEM)/data encapsulation mechanism (DEM) is a hybrid framework proposed in 2005. Tag-t(EM is one of its parts by using public-key encryption (PKE) technique to encapsulate a symmetric key. In hybrid encryptions, the long-raessage PKE is not desired due to its slow operation. A general method is presented for constructing Tag-KEM schemes with short-message PKEs. The chosen ciphertext security is proved in the random oracle model. In the method, the treatment of the tag part brings no additional ciphertext redundancy. Among all the methods for constructing Tag-KEM, the method is the first one without any validity checking on the tag part, thus showing that the Tag-KEM/DEM framework is superior to KEM+DEM one.
基金Supported by the 973 State Key Project of China (No.G1999035803)the National Natural Science Foundation of China (No.69931010).
文摘Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is equivalent to partial LUC discrete logarithm problem in ZN, and for the proposed probabilistic encryption scheme, its semantic security is equivalent to decisional LUC Diffie-Hellman problem in ZN. At last, the efficiency of the proposed schemes is briefly analyzed.
文摘As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.
文摘The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.
文摘We propose an unbounded fully homomorphic encryption scheme, i.e. a scheme that allows one to compute on encrypted data for any desired functions without needing to decrypt the data or knowing the decryption keys. This is a rational solution to an old problem proposed by Rivest, Adleman, and Dertouzos [1] in 1978, and to some new problems that appeared in Peikert [2] as open questions 10 and open questions 11 a few years ago. Our scheme is completely different from the breakthrough work [3] of Gentry in 2009. Gentry’s bootstrapping technique constructs a fully homomorphic encryption (FHE) scheme from a somewhat homomorphic one that is powerful enough to evaluate its own decryption function. To date, it remains the only known way of obtaining unbounded FHE. Our construction of an unbounded FHE scheme is straightforward and can handle unbounded homomorphic computation on any refreshed ciphertexts without bootstrapping transformation technique.
基金This work was supported by the National Key Research and Development Program of China under Grant No. 2017YFt30802000, the National Natural Science Foundation of China under Grant Nos. 61802241, 61772326, 61572303, 61872229, 61802242, and 61602290, the National Natural Science Foundation of China for International Young Scientists under Grant No. 61750110528, the National Cryp-tographv Development Fund during the 13th Five-Year Plan Period of China under Grant Nos. MMJJ20170216 and MMJJ20180217, the Foundation of State Key Laboratory of Information Security of China under Grant No. 2017-MS-03, and the Fundamental Re- search Funds for the Central Universities of China under Grant Nos. GK201603084, GK201702004, GK201603092, GK201603093, and GK201703062.
文摘Identity-based hash proof system is a basic and important primitive. Ittographic schemes and protocols that are secure against key-leakage attacks. In thisupdatable identity-based hash proof system, in which the related master secret keyis widely utilized to construct cryp-paper, we introduce the concept ofand the identity secret key can beupdated securely. Then, we instantiate this primitive based on lattices in the standard model. Moreover, we introduce anapplication of this new primitive by giving a generic construction of leakage-resilient public-key encryption schemes withanonymity. This construction can be considered as the integration of the bounded-retrieval model and the continual leakagemodel. Compared with the existing leakage-resilient schemes, our construction not only is more efficient but also can resistmuch more key leakage.
基金Project supported by the National Key R&D Program of China(No.2017YFB0802000)the National Natural Science Foundation of China(Nos.61572303 and 61772326)+2 种基金the National Cryptography Development Fund During the 13thFive-Year Plan Period,China(No.MMJJ20170216)the Foundation of State Key Laboratory of Information Security,China(No.2017-MS-03)the Fundamental Research Funds for the Central Universities,China(No.GK201803064)
文摘In recent years,much attention has been focused on designing provably secure cryptographic primitives in the presence of key leakage.Many constructions of leakage-resilient cryptographic primitives have been proposed.However,for any polynomial time adversary,most existing leakage-resilient cryptographic primitives cannot ensure that their outputs are random,and any polynomial time adversary can obtain a certain amount of leakage on the secret key from the corresponding output of a cryptographic primitive.In this study,to achieve better performance,a new construction of a chosen ciphertext attack 2(CCA2)secure,leakage-resilient,and certificateless public-key encryption scheme is proposed,whose security is proved based on the hardness of the classic decisional Diffie-Hellman assumption.According to our analysis,our method can tolerate leakage attacks on the private key.This method also achieves better performance because polynomial time adversaries cannot achieve leakage on the private key from the corresponding ciphertext,and a key leakage ratio of 1/2 can be achieved.Because of these good features,our method may be significant in practical applications.
文摘An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.
基金Supported by National Natural Science Foundation of China (No. 60272011) and the Special Fund for Cultivating Excellent Scholars of Beijing Municipality (No.20042D0500103)
文摘The EIGamal algorithm, which can be used for both signature and encryption, is of importance in public-key cryptosystems. However, there has arisen an issue that different criteria of selecting a random number are used for the same algorithm. In the aspects of the sufficiency, necessity, security and computational overhead of parameter selection, this paper analyzes these criteria in a comparative manner and points out the insecurities in some textbook cryptographic schemes. Meanwhile, in order to enhance security a novel generalization of the EIGamal signature scheme is made by expanding the range of selecting random numbers at an acceptable cost of additional computation, and its feasibility is demonstrated.
