Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography. In particular, the security of widely used public-key cryptosystems merits d...Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography. In particular, the security of widely used public-key cryptosystems merits deep research to protect against new types of attacks. It is therefore highly meaningful to research cryptanalysis in the quantum computing environment. Shor proposed a wellknown factoring algorithm by finding the prime factors of a number n =pq, which is exponentially faster than the best known classical algorithm. The idea behind Shor's quantum factoring algorithm is a straightforward programming consequence of the following proposition: to factor n, it suffices to find the order r; once such an r is found, one can compute gcd( a^(r/2) ±1, n)=p or q. For odd values of r it is assumed that the factors of n cannot be found(since a^(r/2) is not generally an integer). That is, the order r must be even. This restriction can be removed, however, by working from another angle. Based on the quantum inverse Fourier transform and phase estimation, this paper presents a new polynomial-time quantum algorithm for breaking RSA, without explicitly factoring the modulus n. The probability of success of the new algorithm is greater than 4φ( r)/π~2 r, exceeding that of the existing quantum algorithm forattacking RSA based on factorization. In constrast to the existing quantum algorithm for attacking RSA, the order r of the fixed point C for RSA does not need to be even. It changed the practices that cryptanalysts try to recover the private-key, directly from recovering the plaintext M to start, a ciphertext-only attack attacking RSA is proposed.展开更多
Quantum cryptography and quantum search algorithm are considered as two important research topics in quantum information science.An asymmetrical quantum encryption protocol based on the properties of quantum one-way f...Quantum cryptography and quantum search algorithm are considered as two important research topics in quantum information science.An asymmetrical quantum encryption protocol based on the properties of quantum one-way function and quantum search algorithm is proposed.Depending on the no-cloning theorem and trapdoor one-way functions of the publickey,the eavesdropper cannot extract any private-information from the public-keys and the ciphertext.Introducing key-generation randomized logarithm to improve security of our proposed protocol,i.e.,one privatekey corresponds to an exponential number of public-keys.Using unitary operations and the single photon measurement,secret messages can be directly sent from the sender to the receiver.The security of the proposed protocol is proved that it is informationtheoretically secure.Furthermore,compared the symmetrical Quantum key distribution,the proposed protocol is not only efficient to reduce additional communication,but also easier to carry out in practice,because no entangled photons and complex operations are required.展开更多
A Verifiably Encrypted Signature (VES) plays an essential role in the construction of a fair data exchange. The paper proposes an Identity-based Proxy Verifiably Encrypted Signature (IPVES) to combine the advantages o...A Verifiably Encrypted Signature (VES) plays an essential role in the construction of a fair data exchange. The paper proposes an Identity-based Proxy Verifiably Encrypted Signature (IPVES) to combine the advantages of a proxy signature and a VES in order to delegate the signing capability of the VES of an entity called the original signer to another entity, called the proxy signer. In this IPVES scheme, the original signer delegates his/her signing capability to the proxy signer. The proxy signer issues a signature by using a proxy signing key, encrypts the signature under a designated public key, and subsequently convinces a verifier that the resulting ciphertext contains such a signature. We prove that the proposed IPVES scheme is secure in a random oracle model under the computational Diffie-Hellman assumption.展开更多
The requirement of the flexible and effective implementation of the Elliptic Curve Cryptography (ECC) has become more and more exigent since its dominant position in the public-key cryptography application.Based on an...The requirement of the flexible and effective implementation of the Elliptic Curve Cryptography (ECC) has become more and more exigent since its dominant position in the public-key cryptography application.Based on analyzing the basic structure features of Elliptic Curve Cryptography (ECC) algorithms,the parallel schedule algorithm of point addition and doubling is presented.And based on parallel schedule algorithm,the Application Specific Instruction-Set Co-Processor of ECC that adopting VLIW architecture is also proposed in this paper.The coprocessor for ECC is implemented and validated using Altera’s FPGA.The experimental result shows that our proposed coprocessor has advantage in high performance and flexibility.展开更多
We present an (n, n) threshold quantum secret sharing scheme of secure direct communication using Greenberger-Horne-Zeilinger state and teleportation. After ensuring the security of the quantum channel, the sender e...We present an (n, n) threshold quantum secret sharing scheme of secure direct communication using Greenberger-Horne-Zeilinger state and teleportation. After ensuring the security of the quantum channel, the sender encodes the secret message directly on a sequence of particle states and transmits it to the receivers by teleportation. The receivers can recover the secret message by combining their measurement results with the sender's result. Ira perfect quantum channel is used, our scheme is completely secure because the transmitting particle sequence does not carry the secret message. We also show our scheme is secure for noise quantum channel.展开更多
We propose a protocol for information sharing between two legitimate parties (Bob and Alice) via public-key cryptography. In particular, we specialize the protocol by employing discrete algorithm under mod that maps...We propose a protocol for information sharing between two legitimate parties (Bob and Alice) via public-key cryptography. In particular, we specialize the protocol by employing discrete algorithm under mod that maps integers to quantum states via photon rotations. Based on this algorithm, we find that the protocol is secure under various classes of attacks. Specially, owe to the algorithm, the security of the classical privacy contained in the quantum public-key and the corresponding ciphertext is guaranteed. And the protocol is robust against the impersonation attack and the active wiretapping attack by designing particular checking processing, thus the protocol is valid.展开更多
A proactive threshold signature scheme is very important to tolerate mobile attack in mobile ad hoc networks. In this paper, we propose an efficient proactive threshold RSA signature scheme for ad hoc networks. The sc...A proactive threshold signature scheme is very important to tolerate mobile attack in mobile ad hoc networks. In this paper, we propose an efficient proactive threshold RSA signature scheme for ad hoc networks. The scheme consists of three protocols: the initial secret share distribution protocol, the signature generation protocol and the secret share refreshing protocol. Our scheme has three advantages. First, the signature generation protocol is efficient. Second, the signature generation protocol is resilient. Third, the share refreshing protocol is efficient.展开更多
Key agreement and identification protocols are much applicable among current protocols in cryptography. These protocols are used for a secure communication through an insecure channel in a network like Internet. Chall...Key agreement and identification protocols are much applicable among current protocols in cryptography. These protocols are used for a secure communication through an insecure channel in a network like Internet. Challenge-response identification protocol is an important identification method. In this paper, by making some slight changes in the public-key-based challenge-response identification protocol, we have introduced a new scheme in which the users in addition to authenticating each other can also agree on multiple keys. Then, this protocol's security from both aspects regarding the identification and key agreement will be analyzed. At the end, we will prove our scheme has a high security and efficiency in comparison with some famous and similar protocols.展开更多
In the paper we propose a general, abstract framework for Automatic Secret Generation and Sharing (ASGS) that should be independent of underlying Secret Sharing Scheme (SSS). ASGS allows to prevent the Dealer from kno...In the paper we propose a general, abstract framework for Automatic Secret Generation and Sharing (ASGS) that should be independent of underlying Secret Sharing Scheme (SSS). ASGS allows to prevent the Dealer from knowing the secret. The Basic Property Conjecture (BPC) forms the base of the framework. Due to the level of abstraction, results are portable into the realm of quantum computing. Two situations are discussed. First concerns simultaneous generation and sharing of the random, prior nonexistent secret. Such a secret remains unknown until it is reconstructed. Next, we propose the framework for automatic sharing of a known secret. In this case the Dealer does not know the secret and the secret Owner does not know the shares. We present opportunities for joining ASGS with other extended capabilities, with special emphasis on PVSS and pre-positioned secret sharing. Finally, we illustrate framework with practical implementation.展开更多
Protection of private key is the most critical part in public key infrastructure(PKI) system since it depends on the confidentiality of private key. Thread of password detection has been known as the vulnerability in ...Protection of private key is the most critical part in public key infrastructure(PKI) system since it depends on the confidentiality of private key. Thread of password detection has been known as the vulnerability in this PKI system. Recently, studies have been conducted on Bio PKI system that uses the biometric information of users in order to replace the password type of private key protection in PKI system. However, Bio PKI system also has vulnerability in that biometric information used for protection of private key cannot be reused once it is stolen or lost. So, we propose the method to protect the private key using FIDSEQi which binds sequence to biometric information. The proposed method enhances reusability of biometric information and presents higher attack complexity than the method of authentication by cross matching single biometric information.展开更多
Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server i...Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.展开更多
Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first.In the existing schemes,quantum secure direct communication is possible only w...Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first.In the existing schemes,quantum secure direct communication is possible only when both parties are quantum.In this paper,we construct a three-step semiquantum secure direct communication(SQSDC)protocol based on single photon sources in which the sender Alice is classical.In a semiquantum protocol,a person is termed classical if he(she)can measure,prepare and send quantum states only with the fixed orthogonal quantum basis{|0,|1}.The security of the proposed SQSDC protocol is guaranteed by the complete robustness of semiquantum key distribution protocols and the unconditional security of classical one-time pad encryption.Therefore,the proposed SQSDC protocol is also completely robust.Complete robustness indicates that nonzero information acquired by an eavesdropper Eve on the secret message implies the nonzero probability that the legitimate participants can find errors on the bits tested by this protocol.In the proposed protocol,we suggest a method to check Eves disturbing in the doves returning phase such that Alice does not need to announce publicly any position or their coded bits value after the photons transmission is completed.Moreover,the proposed SQSDC protocol can be implemented with the existing techniques.Compared with many quantum secure direct communication protocols,the proposed SQSDC protocol has two merits:firstly the sender only needs classical capabilities;secondly to check Eves disturbing after the transmission of quantum states,no additional classical information is needed.展开更多
Using lattice basis delegation in a fixed dimension, we propose an efficient lattice-based hierarchical identity based encryption(HIBE) scheme in the standard model whose public key size is only(dm^2+ mn) log q b...Using lattice basis delegation in a fixed dimension, we propose an efficient lattice-based hierarchical identity based encryption(HIBE) scheme in the standard model whose public key size is only(dm^2+ mn) log q bits and whose message-ciphertext expansion factor is only log q, where d is the maximum hierarchical depth and(n, m, q)are public parameters. In our construction, a novel public key assignment rule is used to averagely assign one random and public matrix to two identity bits, which implies that d random public matrices are enough to build the proposed HIBE scheme in the standard model, compared with the case in which 2d such public matrices are needed in the scheme proposed at Crypto 2010 whose public key size is(2dm^2+ mn + m) log q. To reduce the message-ciphertext expansion factor of the proposed scheme to log q, the encryption algorithm of this scheme is built based on Gentry's encryption scheme, by which m^2 bits of plaintext are encrypted into m^2 log q bits of ciphertext by a one time encryption operation. Hence, the presented scheme has some advantages with respect to not only the public key size but also the message-ciphertext expansion factor. Based on the hardness of the learning with errors problem, we demonstrate that the scheme is secure under selective identity and chosen plaintext attacks.展开更多
Recently, an experimentally feasible three-party quantum sealed-bid auction protocol based on EPR pairs [Z.Y. Wang, Commun. Theor. Phys. 54 (2010) 997] was proposed. However, this study points out Wang's protocol c...Recently, an experimentally feasible three-party quantum sealed-bid auction protocol based on EPR pairs [Z.Y. Wang, Commun. Theor. Phys. 54 (2010) 997] was proposed. However, this study points out Wang's protocol cannot resist some internal bidders' attacks, such as the Twiee-CNOT attack, the collusion attack. A malicious bidder can launch the Twice-CNOT attack to obtain the other's bid, or the dishonest auctioneer may collude with one bidder and help him/her win the action by changing his/her bid. For preventing against these attacks, a simple solution by using the QKD-based message encryption and a post-confirmation mechanism by adopting the hash function are proposed.展开更多
基金partially supported by he State Key Program of National Natural Science of China No. 61332019Major State Basic Research Development Program of China (973 Program) No. 2014CB340601+1 种基金the National Science Foundation of China No. 61202386, 61402339the National Cryptography Development Fund No. MMJJ201701304
文摘Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography. In particular, the security of widely used public-key cryptosystems merits deep research to protect against new types of attacks. It is therefore highly meaningful to research cryptanalysis in the quantum computing environment. Shor proposed a wellknown factoring algorithm by finding the prime factors of a number n =pq, which is exponentially faster than the best known classical algorithm. The idea behind Shor's quantum factoring algorithm is a straightforward programming consequence of the following proposition: to factor n, it suffices to find the order r; once such an r is found, one can compute gcd( a^(r/2) ±1, n)=p or q. For odd values of r it is assumed that the factors of n cannot be found(since a^(r/2) is not generally an integer). That is, the order r must be even. This restriction can be removed, however, by working from another angle. Based on the quantum inverse Fourier transform and phase estimation, this paper presents a new polynomial-time quantum algorithm for breaking RSA, without explicitly factoring the modulus n. The probability of success of the new algorithm is greater than 4φ( r)/π~2 r, exceeding that of the existing quantum algorithm forattacking RSA based on factorization. In constrast to the existing quantum algorithm for attacking RSA, the order r of the fixed point C for RSA does not need to be even. It changed the practices that cryptanalysts try to recover the private-key, directly from recovering the plaintext M to start, a ciphertext-only attack attacking RSA is proposed.
基金This work was supported in part by the program for Innovation Team Building at Institutions of Higher Education in Chongqing under Grant No.KJTD201310,the Scientific and Technological Research Program of Chongqing Municipal Education Commission of China under Grant KJ120513,Natural Science Foundation Project of CQ CSTC of P.R.China under Grant No.cstc2011jjA40031
文摘Quantum cryptography and quantum search algorithm are considered as two important research topics in quantum information science.An asymmetrical quantum encryption protocol based on the properties of quantum one-way function and quantum search algorithm is proposed.Depending on the no-cloning theorem and trapdoor one-way functions of the publickey,the eavesdropper cannot extract any private-information from the public-keys and the ciphertext.Introducing key-generation randomized logarithm to improve security of our proposed protocol,i.e.,one privatekey corresponds to an exponential number of public-keys.Using unitary operations and the single photon measurement,secret messages can be directly sent from the sender to the receiver.The security of the proposed protocol is proved that it is informationtheoretically secure.Furthermore,compared the symmetrical Quantum key distribution,the proposed protocol is not only efficient to reduce additional communication,but also easier to carry out in practice,because no entangled photons and complex operations are required.
基金supported partially by the Projects of National Natural Science Foundation of China under Grants No.61272501 the National Key Basic Research Program (NK-BRP)(973 program)under Grant No.2012CB315900 the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20091102110004
文摘A Verifiably Encrypted Signature (VES) plays an essential role in the construction of a fair data exchange. The paper proposes an Identity-based Proxy Verifiably Encrypted Signature (IPVES) to combine the advantages of a proxy signature and a VES in order to delegate the signing capability of the VES of an entity called the original signer to another entity, called the proxy signer. In this IPVES scheme, the original signer delegates his/her signing capability to the proxy signer. The proxy signer issues a signature by using a proxy signing key, encrypts the signature under a designated public key, and subsequently convinces a verifier that the resulting ciphertext contains such a signature. We prove that the proposed IPVES scheme is secure in a random oracle model under the computational Diffie-Hellman assumption.
基金supported by the national high technology research and development 863 program of China.(2008AA01Z103)
文摘The requirement of the flexible and effective implementation of the Elliptic Curve Cryptography (ECC) has become more and more exigent since its dominant position in the public-key cryptography application.Based on analyzing the basic structure features of Elliptic Curve Cryptography (ECC) algorithms,the parallel schedule algorithm of point addition and doubling is presented.And based on parallel schedule algorithm,the Application Specific Instruction-Set Co-Processor of ECC that adopting VLIW architecture is also proposed in this paper.The coprocessor for ECC is implemented and validated using Altera’s FPGA.The experimental result shows that our proposed coprocessor has advantage in high performance and flexibility.
基金The project supported by National Natural Science Foundation of China under Grant No. 60472032 We would like to express our thanks to the anonymous referee for his/her constructive remarks and suggestions for improving this paper.
文摘We present an (n, n) threshold quantum secret sharing scheme of secure direct communication using Greenberger-Horne-Zeilinger state and teleportation. After ensuring the security of the quantum channel, the sender encodes the secret message directly on a sequence of particle states and transmits it to the receivers by teleportation. The receivers can recover the secret message by combining their measurement results with the sender's result. Ira perfect quantum channel is used, our scheme is completely secure because the transmitting particle sequence does not carry the secret message. We also show our scheme is secure for noise quantum channel.
基金Supported by National Natural Science Foundation of China under Grant No.10374025the Education Ministry of Hunan Province under Grant No.06A038the Natural Science Foundation of Hunan Province under Grant No.07JJ3013
文摘We propose a protocol for information sharing between two legitimate parties (Bob and Alice) via public-key cryptography. In particular, we specialize the protocol by employing discrete algorithm under mod that maps integers to quantum states via photon rotations. Based on this algorithm, we find that the protocol is secure under various classes of attacks. Specially, owe to the algorithm, the security of the classical privacy contained in the quantum public-key and the corresponding ciphertext is guaranteed. And the protocol is robust against the impersonation attack and the active wiretapping attack by designing particular checking processing, thus the protocol is valid.
文摘A proactive threshold signature scheme is very important to tolerate mobile attack in mobile ad hoc networks. In this paper, we propose an efficient proactive threshold RSA signature scheme for ad hoc networks. The scheme consists of three protocols: the initial secret share distribution protocol, the signature generation protocol and the secret share refreshing protocol. Our scheme has three advantages. First, the signature generation protocol is efficient. Second, the signature generation protocol is resilient. Third, the share refreshing protocol is efficient.
文摘Key agreement and identification protocols are much applicable among current protocols in cryptography. These protocols are used for a secure communication through an insecure channel in a network like Internet. Challenge-response identification protocol is an important identification method. In this paper, by making some slight changes in the public-key-based challenge-response identification protocol, we have introduced a new scheme in which the users in addition to authenticating each other can also agree on multiple keys. Then, this protocol's security from both aspects regarding the identification and key agreement will be analyzed. At the end, we will prove our scheme has a high security and efficiency in comparison with some famous and similar protocols.
文摘In the paper we propose a general, abstract framework for Automatic Secret Generation and Sharing (ASGS) that should be independent of underlying Secret Sharing Scheme (SSS). ASGS allows to prevent the Dealer from knowing the secret. The Basic Property Conjecture (BPC) forms the base of the framework. Due to the level of abstraction, results are portable into the realm of quantum computing. Two situations are discussed. First concerns simultaneous generation and sharing of the random, prior nonexistent secret. Such a secret remains unknown until it is reconstructed. Next, we propose the framework for automatic sharing of a known secret. In this case the Dealer does not know the secret and the secret Owner does not know the shares. We present opportunities for joining ASGS with other extended capabilities, with special emphasis on PVSS and pre-positioned secret sharing. Finally, we illustrate framework with practical implementation.
基金supported by the Sharing and Diffusion of National R&D Outcome funded by the Korea Institute of Science and Technology Information
文摘Protection of private key is the most critical part in public key infrastructure(PKI) system since it depends on the confidentiality of private key. Thread of password detection has been known as the vulnerability in this PKI system. Recently, studies have been conducted on Bio PKI system that uses the biometric information of users in order to replace the password type of private key protection in PKI system. However, Bio PKI system also has vulnerability in that biometric information used for protection of private key cannot be reused once it is stolen or lost. So, we propose the method to protect the private key using FIDSEQi which binds sequence to biometric information. The proposed method enhances reusability of biometric information and presents higher attack complexity than the method of authentication by cross matching single biometric information.
基金partially supported by National Natural Science Foundation of China No.61202034,61232002,61303026,6157237861402339CCF Opening Project of Chinese Information Processing No.CCF2014-01-02+2 种基金the Program for Innovative Research Team of Wuhan No.2014070504020237Fundamental Application Research Plan of Suzhou City No.SYG201312Natural Science Foundation of Wuhan University No.2042016gf0020
文摘Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.
基金supported by the National Natural Science Foundation of China(Grant Nos.61272058 and 61073054)the Natural Science Foundation of Guangdong Province of China(Grant Nos.10251027501000004 and S2012040007324)+1 种基金the Specialized Research Fund for the Doctoral Programof Higher Education of China(Grant No.20100171110042)the Science and Technology Project of Jiangmen City of China(Grant No.[2011]131)
文摘Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first.In the existing schemes,quantum secure direct communication is possible only when both parties are quantum.In this paper,we construct a three-step semiquantum secure direct communication(SQSDC)protocol based on single photon sources in which the sender Alice is classical.In a semiquantum protocol,a person is termed classical if he(she)can measure,prepare and send quantum states only with the fixed orthogonal quantum basis{|0,|1}.The security of the proposed SQSDC protocol is guaranteed by the complete robustness of semiquantum key distribution protocols and the unconditional security of classical one-time pad encryption.Therefore,the proposed SQSDC protocol is also completely robust.Complete robustness indicates that nonzero information acquired by an eavesdropper Eve on the secret message implies the nonzero probability that the legitimate participants can find errors on the bits tested by this protocol.In the proposed protocol,we suggest a method to check Eves disturbing in the doves returning phase such that Alice does not need to announce publicly any position or their coded bits value after the photons transmission is completed.Moreover,the proposed SQSDC protocol can be implemented with the existing techniques.Compared with many quantum secure direct communication protocols,the proposed SQSDC protocol has two merits:firstly the sender only needs classical capabilities;secondly to check Eves disturbing after the transmission of quantum states,no additional classical information is needed.
基金Project supported by the National Natural Science Foundation of China(Nos.61303198,61471409,61472470,and 61402112) the Natural Science Foundation of Shandong Province,China(No.ZR2013FQ031)
文摘Using lattice basis delegation in a fixed dimension, we propose an efficient lattice-based hierarchical identity based encryption(HIBE) scheme in the standard model whose public key size is only(dm^2+ mn) log q bits and whose message-ciphertext expansion factor is only log q, where d is the maximum hierarchical depth and(n, m, q)are public parameters. In our construction, a novel public key assignment rule is used to averagely assign one random and public matrix to two identity bits, which implies that d random public matrices are enough to build the proposed HIBE scheme in the standard model, compared with the case in which 2d such public matrices are needed in the scheme proposed at Crypto 2010 whose public key size is(2dm^2+ mn + m) log q. To reduce the message-ciphertext expansion factor of the proposed scheme to log q, the encryption algorithm of this scheme is built based on Gentry's encryption scheme, by which m^2 bits of plaintext are encrypted into m^2 log q bits of ciphertext by a one time encryption operation. Hence, the presented scheme has some advantages with respect to not only the public key size but also the message-ciphertext expansion factor. Based on the hardness of the learning with errors problem, we demonstrate that the scheme is secure under selective identity and chosen plaintext attacks.
基金Supported by the National Natural Science Foundation of China under Grant Nos.61103235,61170321,and 61373131the Priority Academic Program Development of Jiangsu Higher Education Institutions(PAPD)+1 种基金the Natural Science Foundation of Jiangsu Province,China(BK2010570)State Key Laboratory of Software Engineering,Wuhan University(SKLSE2012-09-41)
文摘Recently, an experimentally feasible three-party quantum sealed-bid auction protocol based on EPR pairs [Z.Y. Wang, Commun. Theor. Phys. 54 (2010) 997] was proposed. However, this study points out Wang's protocol cannot resist some internal bidders' attacks, such as the Twiee-CNOT attack, the collusion attack. A malicious bidder can launch the Twice-CNOT attack to obtain the other's bid, or the dishonest auctioneer may collude with one bidder and help him/her win the action by changing his/her bid. For preventing against these attacks, a simple solution by using the QKD-based message encryption and a post-confirmation mechanism by adopting the hash function are proposed.
