The expansibility of PKI is expected to have the features that when the amount of user exceeds the system capacity, the users’ requirement can still be met by simply expanding the number of PKI entities and managemen...The expansibility of PKI is expected to have the features that when the amount of user exceeds the system capacity, the users’ requirement can still be met by simply expanding the number of PKI entities and management levels, and this expansion should be achieved smoothly from the original system. The upward, downward, and horizontal expansions of PKI are discussed in this paper. A path discovery method is suggested to reduce the effect of PKI expansion to the end entities, so as to enhance the availbility of PKI services.展开更多
Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes ...Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem.展开更多
Protection of private key is the most critical part in public key infrastructure(PKI) system since it depends on the confidentiality of private key. Thread of password detection has been known as the vulnerability in ...Protection of private key is the most critical part in public key infrastructure(PKI) system since it depends on the confidentiality of private key. Thread of password detection has been known as the vulnerability in this PKI system. Recently, studies have been conducted on Bio PKI system that uses the biometric information of users in order to replace the password type of private key protection in PKI system. However, Bio PKI system also has vulnerability in that biometric information used for protection of private key cannot be reused once it is stolen or lost. So, we propose the method to protect the private key using FIDSEQi which binds sequence to biometric information. The proposed method enhances reusability of biometric information and presents higher attack complexity than the method of authentication by cross matching single biometric information.展开更多
Using lattice basis delegation in a fixed dimension, we propose an efficient lattice-based hierarchical identity based encryption(HIBE) scheme in the standard model whose public key size is only(dm^2+ mn) log q b...Using lattice basis delegation in a fixed dimension, we propose an efficient lattice-based hierarchical identity based encryption(HIBE) scheme in the standard model whose public key size is only(dm^2+ mn) log q bits and whose message-ciphertext expansion factor is only log q, where d is the maximum hierarchical depth and(n, m, q)are public parameters. In our construction, a novel public key assignment rule is used to averagely assign one random and public matrix to two identity bits, which implies that d random public matrices are enough to build the proposed HIBE scheme in the standard model, compared with the case in which 2d such public matrices are needed in the scheme proposed at Crypto 2010 whose public key size is(2dm^2+ mn + m) log q. To reduce the message-ciphertext expansion factor of the proposed scheme to log q, the encryption algorithm of this scheme is built based on Gentry's encryption scheme, by which m^2 bits of plaintext are encrypted into m^2 log q bits of ciphertext by a one time encryption operation. Hence, the presented scheme has some advantages with respect to not only the public key size but also the message-ciphertext expansion factor. Based on the hardness of the learning with errors problem, we demonstrate that the scheme is secure under selective identity and chosen plaintext attacks.展开更多
文摘The expansibility of PKI is expected to have the features that when the amount of user exceeds the system capacity, the users’ requirement can still be met by simply expanding the number of PKI entities and management levels, and this expansion should be achieved smoothly from the original system. The upward, downward, and horizontal expansions of PKI are discussed in this paper. A path discovery method is suggested to reduce the effect of PKI expansion to the end entities, so as to enhance the availbility of PKI services.
基金This research was supported by the National Science Foundation of China for Funding Projects (61173089,61472298) and National Statistical Science Program of China(2013LZ46).
文摘Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem.
基金supported by the Sharing and Diffusion of National R&D Outcome funded by the Korea Institute of Science and Technology Information
文摘Protection of private key is the most critical part in public key infrastructure(PKI) system since it depends on the confidentiality of private key. Thread of password detection has been known as the vulnerability in this PKI system. Recently, studies have been conducted on Bio PKI system that uses the biometric information of users in order to replace the password type of private key protection in PKI system. However, Bio PKI system also has vulnerability in that biometric information used for protection of private key cannot be reused once it is stolen or lost. So, we propose the method to protect the private key using FIDSEQi which binds sequence to biometric information. The proposed method enhances reusability of biometric information and presents higher attack complexity than the method of authentication by cross matching single biometric information.
基金Project supported by the National Natural Science Foundation of China(Nos.61303198,61471409,61472470,and 61402112) the Natural Science Foundation of Shandong Province,China(No.ZR2013FQ031)
文摘Using lattice basis delegation in a fixed dimension, we propose an efficient lattice-based hierarchical identity based encryption(HIBE) scheme in the standard model whose public key size is only(dm^2+ mn) log q bits and whose message-ciphertext expansion factor is only log q, where d is the maximum hierarchical depth and(n, m, q)are public parameters. In our construction, a novel public key assignment rule is used to averagely assign one random and public matrix to two identity bits, which implies that d random public matrices are enough to build the proposed HIBE scheme in the standard model, compared with the case in which 2d such public matrices are needed in the scheme proposed at Crypto 2010 whose public key size is(2dm^2+ mn + m) log q. To reduce the message-ciphertext expansion factor of the proposed scheme to log q, the encryption algorithm of this scheme is built based on Gentry's encryption scheme, by which m^2 bits of plaintext are encrypted into m^2 log q bits of ciphertext by a one time encryption operation. Hence, the presented scheme has some advantages with respect to not only the public key size but also the message-ciphertext expansion factor. Based on the hardness of the learning with errors problem, we demonstrate that the scheme is secure under selective identity and chosen plaintext attacks.
