针对传统可证明数据持有(Provable Data Possession,PDP)方案中要求客户端是诚实的这一问题,基于区块链技术提出了公平的可证明数据持有方案.在传统PDP方案中,总是假定服务器是半诚实而客户端是可信的,这对服务器而言是不公平的.在基于...针对传统可证明数据持有(Provable Data Possession,PDP)方案中要求客户端是诚实的这一问题,基于区块链技术提出了公平的可证明数据持有方案.在传统PDP方案中,总是假定服务器是半诚实而客户端是可信的,这对服务器而言是不公平的.在基于区块链的公平PDP方案中,用于检验的元数据不再由客户端生成,而是由区块链节点生成并对其达成共识.因此,借助区块链的分布式信任性质可以实现PDP方案的互信机制,保证客户端和云服务器之间的公平性.同时,利用哈希函数、Pedersen承诺实现高效的公平PDP方案.分析所提方案的安全性、计算开销、通信开销以及冗余率.分析结果表明,在保障安全性的基础上,所提方案比同类方案具有更优的计算开销、通信开销及冗余率.展开更多
The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant qua...The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant quantum cryptography very urgent. This motivate us to design a new key exchange protocol and eneryption scheme in this paper. Firstly, some acknowledged mathematical problems was introduced, such as ergodic matrix problem and tensor decomposition problem, the two problems have been proved to NPC hard. From the computational complexity prospective, NPC problems have been considered that there is no polynomial-time quantum algorithm to solve them. From the algebraic structures prospective, non-commutative cryptography has been considered to resist quantum. The matrix and tensor operator we adopted also satisfied with this non-commutative algebraic structures, so they can be used as candidate problems for resisting quantum from perspective of computational complexity theory and algebraic structures. Secondly, a new problem was constructed based on the introduced problems in this paper, then a key exchange protocol and a public key encryption scheme were proposed based on it. Finally the security analysis, efficiency, recommended parameters, performance evaluation and etc. were also been given. The two schemes has the following characteristics, provable security,security bits can be scalable, to achieve high efficiency, quantum resistance, and etc.展开更多
To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggre...To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.展开更多
In this paper, we first review the existing proofs of the Boneh-Franklin identity-based encryption scheme (BF-IBE for short), and show how to admit a new proof by slightly modifying the specifications of the hash func...In this paper, we first review the existing proofs of the Boneh-Franklin identity-based encryption scheme (BF-IBE for short), and show how to admit a new proof by slightly modifying the specifications of the hash functions of the original BF-IBE. Compared with prior proofs, our new proof provides a tighter security reduction and minimizes the use of random oracles, thus indicates BF-IBE has better provable security with our new choices of hash functions. The techniques developed in our proof can also be applied to improving security analysis of some other IBE schemes. As an independent technical contribution, we also give a rigorous proof of the Fujisaki-Okamoto (FO) transformation in the case of CPA-to-CCA, which demonstrates the efficiency of the FO-transformation (CPA-to-CCA), in terms of the tightness of security reduction, has long been underestimated. This result can remarkably benefit the security proofs of encryption schemes using the FO-transformation for CPA-to-CCA enhancement.展开更多
∑-protocol has been proved to be a very powerful cryptographic tool and widely used in nnmerous important cryptographic applications. In this paper, the authors make use of ∑-protocol as a main tool to resolve the f...∑-protocol has been proved to be a very powerful cryptographic tool and widely used in nnmerous important cryptographic applications. In this paper, the authors make use of ∑-protocol as a main tool to resolve the following difficult problems 1-3 and to construct three ettlcient cryptographic protocols 4 6:1) How to construct a protocol for proving a secret integer to be a Blum integer with form PQ, where P, Q are two different primes and both -- 3(mod 4);2) How to construct a protocol for proving a secret polynomial with exact degree t - 1 iil a (t, n)- threshold secret sharing scheme:3) How to construct witness indistinguishable and witness hiding protocol not from zero-knowledge proof;4) A publicly verifiable secret sharing scheme with information-theoretic security;5) A delegateable signature scheme under the existence of one-way permutations;6) Non-interactive universal designated verifier signature schemes.展开更多
文摘针对传统可证明数据持有(Provable Data Possession,PDP)方案中要求客户端是诚实的这一问题,基于区块链技术提出了公平的可证明数据持有方案.在传统PDP方案中,总是假定服务器是半诚实而客户端是可信的,这对服务器而言是不公平的.在基于区块链的公平PDP方案中,用于检验的元数据不再由客户端生成,而是由区块链节点生成并对其达成共识.因此,借助区块链的分布式信任性质可以实现PDP方案的互信机制,保证客户端和云服务器之间的公平性.同时,利用哈希函数、Pedersen承诺实现高效的公平PDP方案.分析所提方案的安全性、计算开销、通信开销以及冗余率.分析结果表明,在保障安全性的基础上,所提方案比同类方案具有更优的计算开销、通信开销及冗余率.
基金the National Natural Science Foundation of China,the State Key Program of National Natural Science of China,the Major Research Plan of the National Natural Science Foundation of China,Major State Basic Research Development Program of China (973 Program),the Hubei Natural Science Foundation of China
文摘The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant quantum cryptography very urgent. This motivate us to design a new key exchange protocol and eneryption scheme in this paper. Firstly, some acknowledged mathematical problems was introduced, such as ergodic matrix problem and tensor decomposition problem, the two problems have been proved to NPC hard. From the computational complexity prospective, NPC problems have been considered that there is no polynomial-time quantum algorithm to solve them. From the algebraic structures prospective, non-commutative cryptography has been considered to resist quantum. The matrix and tensor operator we adopted also satisfied with this non-commutative algebraic structures, so they can be used as candidate problems for resisting quantum from perspective of computational complexity theory and algebraic structures. Secondly, a new problem was constructed based on the introduced problems in this paper, then a key exchange protocol and a public key encryption scheme were proposed based on it. Finally the security analysis, efficiency, recommended parameters, performance evaluation and etc. were also been given. The two schemes has the following characteristics, provable security,security bits can be scalable, to achieve high efficiency, quantum resistance, and etc.
基金supported by the National Grand Fundamental Research 973 Program of China under Grant No.2011CB302903 the National Natural Science Foundation of China under Grants No.61073188,No.61073115+1 种基金 the Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002 the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.yx002001
文摘To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.
基金supported by National Natural Science Foundation of China(Grant No.60970152)IIE's Research Project on Cryptography(Grant No.Y3Z0011102)+1 种基金the Strategic Priority Research Program of Chinese Academy of Sciences(Grant No.XDA06010701)National Key Basic Research Program of China(973 Program)(Grant No.2011CB302400)
文摘In this paper, we first review the existing proofs of the Boneh-Franklin identity-based encryption scheme (BF-IBE for short), and show how to admit a new proof by slightly modifying the specifications of the hash functions of the original BF-IBE. Compared with prior proofs, our new proof provides a tighter security reduction and minimizes the use of random oracles, thus indicates BF-IBE has better provable security with our new choices of hash functions. The techniques developed in our proof can also be applied to improving security analysis of some other IBE schemes. As an independent technical contribution, we also give a rigorous proof of the Fujisaki-Okamoto (FO) transformation in the case of CPA-to-CCA, which demonstrates the efficiency of the FO-transformation (CPA-to-CCA), in terms of the tightness of security reduction, has long been underestimated. This result can remarkably benefit the security proofs of encryption schemes using the FO-transformation for CPA-to-CCA enhancement.
基金supported by the Foundation of tihe National Natural Science of China under Grant Nos 90604034 (Key Project), 10726012, 10871222, 10531040,and 10471156
文摘∑-protocol has been proved to be a very powerful cryptographic tool and widely used in nnmerous important cryptographic applications. In this paper, the authors make use of ∑-protocol as a main tool to resolve the following difficult problems 1-3 and to construct three ettlcient cryptographic protocols 4 6:1) How to construct a protocol for proving a secret integer to be a Blum integer with form PQ, where P, Q are two different primes and both -- 3(mod 4);2) How to construct a protocol for proving a secret polynomial with exact degree t - 1 iil a (t, n)- threshold secret sharing scheme:3) How to construct witness indistinguishable and witness hiding protocol not from zero-knowledge proof;4) A publicly verifiable secret sharing scheme with information-theoretic security;5) A delegateable signature scheme under the existence of one-way permutations;6) Non-interactive universal designated verifier signature schemes.
