In the driven of big data, social computing and information security is undergoing rapid development and beginning to cross. This paper describes a key-policy attribute-based signcryption scheme which has less computa...In the driven of big data, social computing and information security is undergoing rapid development and beginning to cross. This paper describes a key-policy attribute-based signcryption scheme which has less computation costs than existing similar schemes by utilizing secure outsourcing of scientific computation in cloud computing and eliminates overhead for users, the ciphertext is short, compact, the correctness of transformation algorithm is verifiable. The decrease of ciphertext is 17 %. Additionally, new scheme remits the key escrow problem and is proven selective security in the standard model, it could be verified publicly, applied in mobile devices.展开更多
Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been ...Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight.Although the attribute-based proxy re-encryption(ABPRE)schemes based on number theory can solve this problem,it is still difficult to resist quantum attacks and have limited expression capabilities.To address these issues,we present a novel linear secret sharing schemes(LSSS)matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research.Additionally,to detect the activities of illegal proxies,homomorphic signature(HS)technology is introduced to realize the verifiability of re-encryption.Moreover,the non-interactivity,unidirectionality,proxy transparency,multi-use,and anti-quantum attack characteristics of our system are all advantageous.Besides,it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud.Furthermore,under the standard model,the proposed learning with errors(LWE)-based scheme was proven to be IND-sCPA secure.展开更多
An attribute-based generalized signcryption scheme based on bilinear pairing has been proposed. By changing attributes, encryption-only mode, signature-only mode, and signcryption mode can be switch adaptively. It sho...An attribute-based generalized signcryption scheme based on bilinear pairing has been proposed. By changing attributes, encryption-only mode, signature-only mode, and signcryption mode can be switch adaptively. It shows that the scheme achieves the semantic security under the decisional bilinear Diffie- Hellman assumption and achieves the unforgeability under the computational Diffie-Hellman assumption. It is more efficient than traditional way and can be used to secure the big data in networks.展开更多
Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cl...Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.展开更多
The vehicular sensor network (VSN) is an important part of intelligent transportation, which is used for real-timedetection and operation control of vehicles and real-time transmission of data and information. In the ...The vehicular sensor network (VSN) is an important part of intelligent transportation, which is used for real-timedetection and operation control of vehicles and real-time transmission of data and information. In the environmentofVSN, massive private data generated by vehicles are transmitted in open channels and used by other vehicle users,so it is crucial to maintain high transmission efficiency and high confidentiality of data. To deal with this problem, inthis paper, we propose a heterogeneous fault-tolerant aggregate signcryption scheme with an equality test (HFTASET).The scheme combines fault-tolerant and aggregate signcryption,whichnot onlymakes up for the deficiency oflow security of aggregate signature, but alsomakes up for the deficiency that aggregate signcryption cannot tolerateinvalid signature. The scheme supports one verification pass when all signcryptions are valid, and it supportsunbounded aggregation when the total number of signcryptions grows dynamically. In addition, this schemesupports heterogeneous equality test, and realizes the access control of private data in different cryptographicenvironments, so as to achieve flexibility in the application of our scheme and realize the function of quick searchof plaintext or ciphertext. Then, the security of HFTAS-ET is demonstrated by strict theoretical analysis. Finally, weconduct strict and standardized experimental operation and performance evaluation, which shows that the schemehas better performance.展开更多
Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It i...Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.展开更多
Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we...Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we propose an efficient multi-recipient signcryption scheme based on the bilinear pairings, which broadcasts a message to multiple users in a secure and authenticated manner. We prove its semantic security and unforgeability under the Gap Diffie-Hellman problem assumption in the random oracle model. The proposed scheme is more efficient than re-signcrypting a message n times using a signcryption scheme in terms of computational costs and communication overheads.展开更多
In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over ell...In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.展开更多
To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggre...To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.展开更多
In this paper, we propose a new attribute-based proxy re-encryption scheme, where a semi-trusted proxy, with some additional information, can transform a ciphertext under a set of attributes into a new ciphertext unde...In this paper, we propose a new attribute-based proxy re-encryption scheme, where a semi-trusted proxy, with some additional information, can transform a ciphertext under a set of attributes into a new ciphertext under another set of attributes on the same message, but not vice versa, furthermore, its security was proved in the standard model based on decisional bilinear Diffie-Hellman assumption. This scheme can be used to realize fine-grained selectively sharing of encrypted data, but the general proxy rencryption scheme severely can not do it, so the proposed schemecan be thought as an improvement of general traditional proxy re-encryption scheme.展开更多
Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effec...Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effectively support hierarchical access control,integrity verification,and deformation protection for co-design scenarios in cloud manufacturing.An assembly hierarchy access tree(AHAT)is designed as the hierarchical access structure.Attribute-related ciphertext elements,which are contained in an assembly ciphertext(ACT)file,are adapted for content keys decryption instead of CAD component files.We modify the original Merkle tree(MT)and reconstruct an assembly MT.The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models.The proposed encryption scheme is demonstrated to be secure under the standard assumption.Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.展开更多
With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data lea...With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.展开更多
The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data ...The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.展开更多
To address privacy concerns, data in the blockchain should be encrypted in advance to avoid data access fromall users in the blockchain. However, encrypted data cannot be directly retrieved, which hinders data sharing...To address privacy concerns, data in the blockchain should be encrypted in advance to avoid data access fromall users in the blockchain. However, encrypted data cannot be directly retrieved, which hinders data sharing inthe blockchain. Several works have been proposed to deal with this problem. However, the data retrieval in theseschemes requires the participation of data owners and lacks finer-grained access control. In this paper, we proposean attribute-based keyword search scheme over the encrypted blockchain, which allows users to search encryptedfiles over the blockchain based on their attributes. In addition, we build a file chain structure to improve theefficiency of searching files with the same keyword. Security analysis proves the security of the proposed scheme.Theoretical analysis and experimental results in performance evaluation show that our scheme is feasible andefficient.展开更多
In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose...In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose confidentiality to gain non-repudiation. We also propose two improvement versions that not only overcome the security leak inherent in the schemes but also provide public verifiability or forward security. Our improvement versions require smaller computing cost than that required by signature-then-encryption methods.展开更多
In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc...In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc networks is proposed.In this scheme, a sender can simultaneously signcrypt n messeges for n receivers, and a receiver can unsigncrypt the ciphertext to get his message with his own private key.An analysis of this scheme indicates that it achieves authenticity and confidentiality in the random oracle model while being of lower computation and communication overhead.Finally, for the application of our scheme in ad hoc, a threshold key updating protocol for ad hoc networks is given.展开更多
In 1996, Mambo et al introduced the concept of proxy signature. However, proxy signature can only provide the delegated authenticity and cannot provide confidentiality. Recently, Gamage et al and Chan and Wei proposed...In 1996, Mambo et al introduced the concept of proxy signature. However, proxy signature can only provide the delegated authenticity and cannot provide confidentiality. Recently, Gamage et al and Chan and Wei proposed different proxy signcryption schemes respectively, which extended the concept of proxy signature.However, only the specified receiver can decrypt and verify the validity of proxy signcryption in their schemes.To protect the receiver' s benefit in case of a later dispute, Wu and Hsu proposed a convertible authenticated encryption scheme, which carn enable the receiver to convert signature into an ordinary one that can be verified by anyone. Based on Wu and Hsu' s scheme and improved Kim' s scheme, we propose a convertible proxy signcryption scheme. The security of the proposed scheme is based on the intractability of reversing the one-way hash function and solving the discrete logarithm problem. The proposed scheme can satisfy all properties of strong proxy signature and withstand the public key substitution attack and does not use secure channel. In addition, the proposed scheme can be extended to convertible threshold proxy signcryption scheme.展开更多
Through cryptanalysis of the improved scheme of a generalized group-oriented threshold signcryption schemes,it is found that the improved scheme can effectively resist conspiracy attack and forgery attack,but does not...Through cryptanalysis of the improved scheme of a generalized group-oriented threshold signcryption schemes,it is found that the improved scheme can effectively resist conspiracy attack and forgery attack,but does not have semantic security and public verification function,and sends threshold signcryption by the secret secure channel,which increases the communication costs and potential safety hazards of the system.A new group-oriented publicly verifiable threshold signcryption scheme is proposed on the basis of the improved scheme,the new scheme overcomes the drawbacks of the improved scheme,which not only provides with semantic security and public verification function,but also can send threshold signcryption by the public channel.展开更多
Signcryption has been a rapidly emerging efficient approach to achieve authenticity and confidentiality within a logic single step. However, it is still a difficult problem to realize public verifiability of signcrypt...Signcryption has been a rapidly emerging efficient approach to achieve authenticity and confidentiality within a logic single step. However, it is still a difficult problem to realize public verifiability of signcryption in an efficient and secure way. Here, we present a generic solution to realize public verifiability based on quadratic residue.展开更多
Mobile commerce uses wireless device and wireless link to result in the transfer of values in exchange of information, services or goods. Wireless mobile ad hoc networks (MANETs) will bring a revolution to the busin...Mobile commerce uses wireless device and wireless link to result in the transfer of values in exchange of information, services or goods. Wireless mobile ad hoc networks (MANETs) will bring a revolution to the business model of mobile commerce if such networks are used as the underlying network technology for mobile commerce. Mobile commerce will remain in a niche market until the security issue is properly addressed. Hence, security is also very important for MANET applications in mobile commerce. Robust key management is one of the most crucial technologies for security of MANETs. In this paper, a new solution for key management is proposed using identity-based (ID-based) signcryption and threshold secret sharing. It enables flexible and efficient key management while respecting the constraints of MANETs. In our solution, each mobile host uses its globally unique identity as its public key. It greatly decreases the computation and storage costs of mobile hosts, as well as communication cost for system key management.展开更多
基金This work is supported by National Natural Science Foundation of China (61572521, 61272492), Natural Science Basic Research Plan in Shaanxi Province of China (2015JM6353) and Foundation Funding Research Project of Engineering University of Chinese Armed Police Force (WJY201523).
文摘In the driven of big data, social computing and information security is undergoing rapid development and beginning to cross. This paper describes a key-policy attribute-based signcryption scheme which has less computation costs than existing similar schemes by utilizing secure outsourcing of scientific computation in cloud computing and eliminates overhead for users, the ciphertext is short, compact, the correctness of transformation algorithm is verifiable. The decrease of ciphertext is 17 %. Additionally, new scheme remits the key escrow problem and is proven selective security in the standard model, it could be verified publicly, applied in mobile devices.
基金The project is provided funding by the Natural Science Foundation of China(Nos.62272124,2022YFB2701400)the Science and Technology Program of Guizhou Province(No.[2020]5017)+3 种基金the Research Project of Guizhou University for Talent Introduction(No.[2020]61)the Cultivation Project of Guizhou University(No.[2019]56)the Open Fund of Key Laboratory of Advanced Manufacturing Technology,Ministry of Education,GZUAMT2021KF[01]the Postgraduate Innovation Program in Guizhou Province(No.YJSKYJJ[2021]028).
文摘Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight.Although the attribute-based proxy re-encryption(ABPRE)schemes based on number theory can solve this problem,it is still difficult to resist quantum attacks and have limited expression capabilities.To address these issues,we present a novel linear secret sharing schemes(LSSS)matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research.Additionally,to detect the activities of illegal proxies,homomorphic signature(HS)technology is introduced to realize the verifiability of re-encryption.Moreover,the non-interactivity,unidirectionality,proxy transparency,multi-use,and anti-quantum attack characteristics of our system are all advantageous.Besides,it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud.Furthermore,under the standard model,the proposed learning with errors(LWE)-based scheme was proven to be IND-sCPA secure.
基金This work is partially supported by Natural Science Foundation of China (61103231,61272492, 61462408, 61103230), the Project funded by China Postdoctoral Science Foundation (2014M562445).
文摘An attribute-based generalized signcryption scheme based on bilinear pairing has been proposed. By changing attributes, encryption-only mode, signature-only mode, and signcryption mode can be switch adaptively. It shows that the scheme achieves the semantic security under the decisional bilinear Diffie- Hellman assumption and achieves the unforgeability under the computational Diffie-Hellman assumption. It is more efficient than traditional way and can be used to secure the big data in networks.
基金supported by the National Natural Science Foundation of China(Nos.62162018,61972412)the Natural Science Foundation of Guangxi(No.2019GXNSFGA245004)+1 种基金the Guilin Science and Technology Project(20210226-1)the Innovation Project of Guangxi Graduate Education(No.YCSW2022296).
文摘Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.
基金supported in part by the Open Fund of Advanced Cryptography and System Security Key Laboratory of Sichuan Province under Grant SKLACSS-202102in part by the Intelligent Terminal Key Laboratory of Sichuan Province under Grant SCITLAB-1019.
文摘The vehicular sensor network (VSN) is an important part of intelligent transportation, which is used for real-timedetection and operation control of vehicles and real-time transmission of data and information. In the environmentofVSN, massive private data generated by vehicles are transmitted in open channels and used by other vehicle users,so it is crucial to maintain high transmission efficiency and high confidentiality of data. To deal with this problem, inthis paper, we propose a heterogeneous fault-tolerant aggregate signcryption scheme with an equality test (HFTASET).The scheme combines fault-tolerant and aggregate signcryption,whichnot onlymakes up for the deficiency oflow security of aggregate signature, but alsomakes up for the deficiency that aggregate signcryption cannot tolerateinvalid signature. The scheme supports one verification pass when all signcryptions are valid, and it supportsunbounded aggregation when the total number of signcryptions grows dynamically. In addition, this schemesupports heterogeneous equality test, and realizes the access control of private data in different cryptographicenvironments, so as to achieve flexibility in the application of our scheme and realize the function of quick searchof plaintext or ciphertext. Then, the security of HFTAS-ET is demonstrated by strict theoretical analysis. Finally, weconduct strict and standardized experimental operation and performance evaluation, which shows that the schemehas better performance.
基金supported in part by the National Natural Science Foundation of China under Grant No.61772009the Natural Science Foundation of Jiangsu Province under Grant No.BK20181304.
文摘Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.
基金Supported by the National Natural Science Foundation of China (60473029)
文摘Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we propose an efficient multi-recipient signcryption scheme based on the bilinear pairings, which broadcasts a message to multiple users in a secure and authenticated manner. We prove its semantic security and unforgeability under the Gap Diffie-Hellman problem assumption in the random oracle model. The proposed scheme is more efficient than re-signcrypting a message n times using a signcryption scheme in terms of computational costs and communication overheads.
文摘In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.
基金supported by the National Grand Fundamental Research 973 Program of China under Grant No.2011CB302903 the National Natural Science Foundation of China under Grants No.61073188,No.61073115+1 种基金 the Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002 the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.yx002001
文摘To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.
基金the Natural Science Foundation of Shandong Province (Y2007G37)the Science and Technology Development Program of Shandong Province (2007GG10001012)
文摘In this paper, we propose a new attribute-based proxy re-encryption scheme, where a semi-trusted proxy, with some additional information, can transform a ciphertext under a set of attributes into a new ciphertext under another set of attributes on the same message, but not vice versa, furthermore, its security was proved in the standard model based on decisional bilinear Diffie-Hellman assumption. This scheme can be used to realize fine-grained selectively sharing of encrypted data, but the general proxy rencryption scheme severely can not do it, so the proposed schemecan be thought as an improvement of general traditional proxy re-encryption scheme.
基金supported by the National Natural Science Foundation of China(62072348)the Science and Technology Major Project of Hubei Province(Next-Generation AI Technologies,2019AEA170).
文摘Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effectively support hierarchical access control,integrity verification,and deformation protection for co-design scenarios in cloud manufacturing.An assembly hierarchy access tree(AHAT)is designed as the hierarchical access structure.Attribute-related ciphertext elements,which are contained in an assembly ciphertext(ACT)file,are adapted for content keys decryption instead of CAD component files.We modify the original Merkle tree(MT)and reconstruct an assembly MT.The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models.The proposed encryption scheme is demonstrated to be secure under the standard assumption.Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.
基金This work is supported by the National Natural Science Foundation of China(No.62071280,No.61602287)the Major Scientific and Technological Innovation Project of Shandong Province(No.2020CXGC010115)the Guangxi Key Laboratory of Cryptography and Information Security(GCIS201901).
文摘With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.
基金supported by National Key Research and Development Program of China (2020YFB1005404)National Natural Science Foundation of China (62172010)Henan Province Higher Education Key Research Project (22A520048)。
文摘The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.
基金This work was supported by the National Natural Science Foundation of China(61671030)Industrial Internet Innovation Development Project,China Postdoctoral Science Foundation(2019M660377)+1 种基金National Key Research and Development Program of China(2020YFB2009501)It was also supported by Engineering Research Center of Intelligent Perception and Autonomous Control,Ministry of Education.
文摘To address privacy concerns, data in the blockchain should be encrypted in advance to avoid data access fromall users in the blockchain. However, encrypted data cannot be directly retrieved, which hinders data sharing inthe blockchain. Several works have been proposed to deal with this problem. However, the data retrieval in theseschemes requires the participation of data owners and lacks finer-grained access control. In this paper, we proposean attribute-based keyword search scheme over the encrypted blockchain, which allows users to search encryptedfiles over the blockchain based on their attributes. In addition, we build a file chain structure to improve theefficiency of searching files with the same keyword. Security analysis proves the security of the proposed scheme.Theoretical analysis and experimental results in performance evaluation show that our scheme is feasible andefficient.
文摘In this paper, we analyze two signcryption schemes on elliptic curves proposed by Zheng Yu-liang and Hideki Imai. We point out a serious problem with the schemes that the elliptic curve based signcryption schemes lose confidentiality to gain non-repudiation. We also propose two improvement versions that not only overcome the security leak inherent in the schemes but also provide public verifiability or forward security. Our improvement versions require smaller computing cost than that required by signature-then-encryption methods.
文摘In this paper, the security technology of ad hoc networks is studied.To improve the previous multi-receiver signcryption schemes, an ID-based multi-message and multi-receiver signcryption scheme for rekeying in ad hoc networks is proposed.In this scheme, a sender can simultaneously signcrypt n messeges for n receivers, and a receiver can unsigncrypt the ciphertext to get his message with his own private key.An analysis of this scheme indicates that it achieves authenticity and confidentiality in the random oracle model while being of lower computation and communication overhead.Finally, for the application of our scheme in ad hoc, a threshold key updating protocol for ad hoc networks is given.
基金Sponsored by the National Natural Science Foudnation of China (Grant No. 60072018,60273082)National Outstanding Youth Science Foundation of China (Grant No. 60225007)
文摘In 1996, Mambo et al introduced the concept of proxy signature. However, proxy signature can only provide the delegated authenticity and cannot provide confidentiality. Recently, Gamage et al and Chan and Wei proposed different proxy signcryption schemes respectively, which extended the concept of proxy signature.However, only the specified receiver can decrypt and verify the validity of proxy signcryption in their schemes.To protect the receiver' s benefit in case of a later dispute, Wu and Hsu proposed a convertible authenticated encryption scheme, which carn enable the receiver to convert signature into an ordinary one that can be verified by anyone. Based on Wu and Hsu' s scheme and improved Kim' s scheme, we propose a convertible proxy signcryption scheme. The security of the proposed scheme is based on the intractability of reversing the one-way hash function and solving the discrete logarithm problem. The proposed scheme can satisfy all properties of strong proxy signature and withstand the public key substitution attack and does not use secure channel. In addition, the proposed scheme can be extended to convertible threshold proxy signcryption scheme.
基金Supported by the National Natural Science Foundation of China(No.61179026)the Fundamental Research funds for the Centeral Universities(No.3122013K001)
文摘Through cryptanalysis of the improved scheme of a generalized group-oriented threshold signcryption schemes,it is found that the improved scheme can effectively resist conspiracy attack and forgery attack,but does not have semantic security and public verification function,and sends threshold signcryption by the secret secure channel,which increases the communication costs and potential safety hazards of the system.A new group-oriented publicly verifiable threshold signcryption scheme is proposed on the basis of the improved scheme,the new scheme overcomes the drawbacks of the improved scheme,which not only provides with semantic security and public verification function,but also can send threshold signcryption by the public channel.
基金Supported by the National Natural Science Foun-dation of China (60273049 ,60303026 ,90104005)
文摘Signcryption has been a rapidly emerging efficient approach to achieve authenticity and confidentiality within a logic single step. However, it is still a difficult problem to realize public verifiability of signcryption in an efficient and secure way. Here, we present a generic solution to realize public verifiability based on quadratic residue.
基金Supported by the National Natural Science Foun-dation of China (60473021 ,60503012)the Natural Science Foun-dation of Henan Province (511010900)
文摘Mobile commerce uses wireless device and wireless link to result in the transfer of values in exchange of information, services or goods. Wireless mobile ad hoc networks (MANETs) will bring a revolution to the business model of mobile commerce if such networks are used as the underlying network technology for mobile commerce. Mobile commerce will remain in a niche market until the security issue is properly addressed. Hence, security is also very important for MANET applications in mobile commerce. Robust key management is one of the most crucial technologies for security of MANETs. In this paper, a new solution for key management is proposed using identity-based (ID-based) signcryption and threshold secret sharing. It enables flexible and efficient key management while respecting the constraints of MANETs. In our solution, each mobile host uses its globally unique identity as its public key. It greatly decreases the computation and storage costs of mobile hosts, as well as communication cost for system key management.
