Currently,data security mainly relies on password(PW)or system channel key(SKCH)to encrypt data before they are sent,no matter whether in broadband networks,the 5th generation(5G)mobile communications,satellite commun...Currently,data security mainly relies on password(PW)or system channel key(SKCH)to encrypt data before they are sent,no matter whether in broadband networks,the 5th generation(5G)mobile communications,satellite communications,and so on.In these environments,a fixed password or channel key(e.g.,PW/SKCH)is often adopted to encrypt different data,resulting in security risks since thisPW/SKCH may be solved after hackers collect a huge amount of encrypted data.Actually,the most popularly used security mechanism Advanced Encryption Standard(AES)has its own problems,e.g.,several rounds have been solved.On the other hand,if data protected by the same PW/SKCH at different time points can derive different data encryption parameters,the system’s security level will be then greatly enhanced.Therefore,in this study,a security scheme,named Wrapping Encryption Based on Double Randomness Mechanism(WEBDR),is proposed by integrating a password key(or a system channel key)and an Initialization Vector(IV)to generate an Initial Encryption Key(IEK).Also,an Accumulated Shifting Substitution(ASS)function and a three-dimensional encryption method are adopted to produce a set of keys.Two randomness encryption mechanisms are developed.The first generates system sub-keys and calculates the length of the first pseudo-random numbers by employing IEK for providing subsequent encryption/decryption.The second produces a random encryption key and a sequence of internal feedback codes and computes the length of the second pseudo-random numbers for encrypting delivered messages.A wrapped mechanism is further utilized to pack a ciphertext file so that a wrapped ciphertext file,rather than the ciphertext,will be produced and then transmitted to its destination.The findings are as follows.Our theoretic analyses and simulations demonstrate that the security of the WEBDR in cloud communication has achieved its practical security.Also,AES requires 176 times exclusive OR(XOR)operations for both encryption and decryption,while the WEBDR consumes only 3 operations.That is why the WEBDR is 6.7∼7.09 times faster than the AES,thus more suitable for replacing the AES to protect data transmitted between a cloud system and its users.展开更多
Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes ...Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem.展开更多
Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor...Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.展开更多
Fully homomorphic encryption is faced with two problems now. One is candidate fully homomorphic encryption schemes are few. Another is that the efficiency of fully homomorphic encryption is a big question. In this pap...Fully homomorphic encryption is faced with two problems now. One is candidate fully homomorphic encryption schemes are few. Another is that the efficiency of fully homomorphic encryption is a big question. In this paper, we propose a fully homomorphic encryption scheme based on LWE, which has better key size. Our main contributions are: (1) According to the binary-LWE recently, we choose secret key from binary set and modify the basic encryption scheme proposed in Linder and Peikert in 2010. We propose a fully homomorphic encryption scheme based on the new basic encryption scheme. We analyze the correctness and give the proof of the security of our scheme. The public key, evaluation keys and tensored ciphertext have better size in our scheme. (2) Estimating parameters for fully homomorphic encryption scheme is an important work. We estimate the concert parameters for our scheme. We compare these parameters between our scheme and Bral2 scheme. Our scheme have public key and private key that smaller by a factor of about logq than in Bral2 scheme. Tensored ciphertext in our scheme is smaller by a factor of about log2q than in Bral2 scheme. Key switching matrix in our scheme is smaller by a factor of about log3q than in Bra12 scheme.展开更多
Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on ident...Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on identity, attributes and prediction algorithms yet;these techniques are highly prone to attackers. This would raise a need of an effective encryption technique, which would ensure secure data migration. With this scenario, our proposed methodology Efficient Probabilistic Public Key Encryption(EPPKE) is optimized with Covariance Matrix Adaptation Evolution Strategies(CMA-ES). It ensures data integrity through the Luhn algorithm with BLAKE 2b encapsulation. This enables an optimized security to the data which is migrated through cloud. The proposed methodology is implemented in Open Stack with Java Language. It achieves better results by providing security compared to other existing techniques like RSA, IBA, ABE, PBE, etc.展开更多
Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the clo...Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.展开更多
Security is a primary concern in communication for reliable transfer ofinformation between the authenticated members, which becomes more complexin a network of Internet of Things (IoT). To provide security for group c...Security is a primary concern in communication for reliable transfer ofinformation between the authenticated members, which becomes more complexin a network of Internet of Things (IoT). To provide security for group communication a key management scheme incorporating Bilinear pairing technique withMulticast and Unicast key management protocol (BMU-IOT) for decentralizednetworks has been proposed. The first part of the proposed work is to dividethe network into clusters where sensors are connected to and is administered bycluster head. Each sensor securely shares its secret keys with the cluster headusing unicast. Based on these decryption keys, the cluster head generates a common encryption key using bilinear pairing. Any sensor in the subgroup candecrypt the message, which is encrypted by the common encryption key. Theremaining part focuses to reduce communication, computation and storage costsof the proposed framework and the resilience against various attacks. The implementation is carried out and results are compared with the existing schemes thathave given considerably better results. Thus, the lightweight devices of IoT canprovide efficiency and security by reducing their overhead in terms of complexity.展开更多
We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does no...We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does not need to carry smart card storing his private information but just needs to know his identity and password. For this purpose, the scheme was implemented over elliptic curves because of their well-known advantages with regard to processing and size constraints. Furthermore, the scheme is provably secure under the assumptions that the hash function closely behaves like a random oracle and that the elliptic curve computational Diffie-Hellman problem is difficult.展开更多
Trapdoor is a key component of public key cryptography design which is the essential security foundation of modern cryptography.Normally,the traditional way in designing a trapdoor is to identify a computationally har...Trapdoor is a key component of public key cryptography design which is the essential security foundation of modern cryptography.Normally,the traditional way in designing a trapdoor is to identify a computationally hard problem,such as the NPC problems.So the trapdoor in a public key encryption mechanism turns out to be a type of limited resource.In this paper,we generalize the methodology of adversarial learning model in artificial intelligence and introduce a novel way to conveniently obtain sub-optimal and computationally hard trapdoors based on the automatic information theoretic search technique.The basic routine is constructing a generative architecture to search and discover a probabilistic reversible generator which can correctly encoding and decoding any input messages.The architecture includes a trapdoor generator built on a variational autoencoder(VAE)responsible for searching the appropriate trapdoors satisfying a maximum of entropy,a random message generator yielding random noise,and a dynamic classifier taking the results of the two generator.The evaluation of our construction shows the architecture satisfying basic indistinguishability of outputs under chosen-plaintext attack model(CPA)and high efficiency in generating cheap trapdoors.展开更多
Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how ...Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how to correctly decrypt a ciphertext where all servers continually leak information about their secret keys to an external attacker. Dodis et al. and Akavia et al. show two concrete schemes on how to store secrets on continually leaky servers. However, their construc- tions are only interactive between two servers. To achieve continual leakage security among more than two servers, we give the first threshold public key encryption scheme against adaptively chosen ciphertext attack in the continual leak- age model under three static assumptions. In our model, the servers update their keys individually and asynchronously, without any communication between two servers. Moreover, the update procedure is re-randomized and the randomness can leak as well.展开更多
Certificateless public key cryptography (CL-PKC) enjoys the advantage of identity based cryptography without suffering from its inherent key escrow problem. In this paper, a new efficient certificateless public key ...Certificateless public key cryptography (CL-PKC) enjoys the advantage of identity based cryptography without suffering from its inherent key escrow problem. In this paper, a new efficient certificateless public key encryption scheme is proposed and its security can reach chosen-ciphertext (CCA2) secure in the random oracle model assuming the CDH and p-BDHI problem are difficult. A comparison shows that the efficiency of the proposed scheme is better than all known paring-based certificateless public key encryption schemes in the random oracle model.展开更多
Genes have great significance for the prevention and treatment of some diseases.A vital consideration is the need to find a way to locate pathogenic genes by analyzing the genetic data obtained from different medical ...Genes have great significance for the prevention and treatment of some diseases.A vital consideration is the need to find a way to locate pathogenic genes by analyzing the genetic data obtained from different medical institutions while protecting the privacy of patients’genetic data.In this paper,we present a secure scheme for locating disease-causing genes based on Multi-Key Homomorphic Encryption(MKHE),which reduces the risk of leaking genetic data.First,we combine MKHE with a frequency-based pathogenic gene location function.The medical institutions use MKHE to encrypt their genetic data.The cloud then homomorphically evaluates specific gene-locating circuits on the encrypted genetic data.Second,whereas most location circuits are designed only for locating monogenic diseases,we propose two location circuits(TH-intersection and Top-q)that can locate the disease-causing genes of polygenic diseases.Third,we construct a directed decryption protocol in which the users involved in the homomorphic evaluation can appoint a target user who can obtain the final decryption result.Our experimental results show that compared to the JWB+17 scheme published in the journal Science,our scheme can be used to diagnose polygenic diseases,and the participants only need to upload their encrypted genetic data once,which reduces the communication traffic by a few hundred-fold.展开更多
Searchable public key encryption enables a storage server to retrieve the publicly encrypted data without revealing the original data contents.It offers a perfect cryptographic solution to encrypted data retrieval in ...Searchable public key encryption enables a storage server to retrieve the publicly encrypted data without revealing the original data contents.It offers a perfect cryptographic solution to encrypted data retrieval in encrypted data storage systems.Certificateless cryptography(CLC)is a novel cryptographic primitive that has many merits.It overcomes the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems.Motivated by the appealing features of CLC,three certificateless encryption with keyword search(CLEKS)schemes were presented in the literature.However,all of them were constructed with the costly bilinear pairing and thus are not suitable for the devices that have limited computing resources and battery power.So,it is interesting and worthwhile to design a CLEKS scheme without using bilinear pairing.In this study,we put forward a pairing-free CLEKS scheme that does not exploit bilinear pairing.We strictly prove that the scheme achieves keyword ciphertext indistinguishability against adaptive chosen-keyword attacks under the complexity assumption of the computational Diffie-Hellman problem in the random oracle model.Efficiency comparison and the simulation show that it enjoys better performance than the previous pairing-based CLEKS schemes.In addition,we briefly introduce three extensions of the proposed CLEKS scheme.展开更多
Provable security has been widely used for analyzing the security of cryptosystems. Its main idea is to reduce the security to some well-defined computational assumption. The reduction process is called the security p...Provable security has been widely used for analyzing the security of cryptosystems. Its main idea is to reduce the security to some well-defined computational assumption. The reduction process is called the security proof. In this paper, we find a flaw in the security proof of BDOP-PEKS and PEKS-STAT, present a new conclusion for the security of BDOP-PEKS, and give a security proof. The flaw in the security proof of PEKS-STAT can be fixed in the same way. Finally we conclude some steps of security proof, and emphasize that the probability is as important as the construction.展开更多
The decryption participant's private key share for decryption is delegated by key generation center in the threshold IBE scheme.However,a key generation center which is absolutely trustworthy does not exist.So the au...The decryption participant's private key share for decryption is delegated by key generation center in the threshold IBE scheme.However,a key generation center which is absolutely trustworthy does not exist.So the author presents a certificateless threshold public key encryption scheme.Collaborating with an administrator,the decryption participant generates his whole private key share for decryption in the scheme.The administrator does not know the decryption participant's private key share for decryption.Making use of q-SDH assumption,the author constructs a certificateless threshold public key encryption scheme.The security of the scheme is eventually reduced to the solving of Decisional Bilinear Diffie-Hellman problem.Moreover,the scheme is secure under the chosen ciphertext attack in the standard model.展开更多
We prot)ose a security-enhanced double-random phase encryption (DRPE) scheme using orthogonally encoded image and electronically synthesized key data to cope with the security problem of DRPE technique caused by fi...We prot)ose a security-enhanced double-random phase encryption (DRPE) scheme using orthogonally encoded image and electronically synthesized key data to cope with the security problem of DRPE technique caused by fixed double-random phase masks for eneryption. In the proposed scheme, we adopt the electronically synthesized key to frequently update the phase mask using a spatial light modulator, and also employ the orthogonal encoding technique to encode the image and electronically synthesized key data, which can enhance the security of both data. We provide detailed procedures for eneryption and decryption of the proposed scheme, and provide the simulation results to show the eneryption effects of the proposed scheme.展开更多
Advances in quantum computers threaten to break public-key cryptosystems (e.g., RSA, ECC, and EIGamal), based on the hardness of factoring or taking a discrete logarithm. However, no quantum algorithms have yet been...Advances in quantum computers threaten to break public-key cryptosystems (e.g., RSA, ECC, and EIGamal), based on the hardness of factoring or taking a discrete logarithm. However, no quantum algorithms have yet been found for solving certain mathematical problems in non-commutative algebraic structures. Recently, two novel public-key encryption schemes, BKT-B cryptosystem and BKT-FO cryptosystem, based on factorization problems have been proposed at Security and Communication Networks in 2013. In this paper we show that these two schemes are vulnerable to structural attacks and linearization equations attacks, and that they only require polynomial time complexity to obtain messages from associated public keys. We conduct a detailed analysis of the two attack methods and show corresponding algorithmic descriptions and efficiency analyses. In addition, we provide some improvement suggestions for the two public-key encryption schemes.展开更多
Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present...Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user's ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.展开更多
The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keyw...The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption (SSE) and public key encryption with keyword search (PEKS). Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks;therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks (SEK-IA) framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.展开更多
Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.Howeve...Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.However,storing sensitive data on remote servers poses privacy challenges and is currently a source of concern.SE(Searchable Encryption)is a positive way to protect users sensitive data,while preserving search ability on the server side.SE allows the server to search encrypted data without leaking information in plaintext data.The two main branches of SE are SSE(Searchable Symmetric Encryption)and PEKS(Public key Encryption with Keyword Search).SSE allows only private key holders to produce ciphertexts and to create trapdoors for search,whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors.This article surveys the two main techniques of SE:SSE and PEKS.Different SE schemes are categorized and compared in terms of functionality,efficiency,and security.Moreover,we point out some valuable directions for future work on SE schemes.展开更多
基金supported in part by Ministry of Science and Technology(MOST),Taiwan under the Grant MOST 109-2221-E-029-017-MY2.
文摘Currently,data security mainly relies on password(PW)or system channel key(SKCH)to encrypt data before they are sent,no matter whether in broadband networks,the 5th generation(5G)mobile communications,satellite communications,and so on.In these environments,a fixed password or channel key(e.g.,PW/SKCH)is often adopted to encrypt different data,resulting in security risks since thisPW/SKCH may be solved after hackers collect a huge amount of encrypted data.Actually,the most popularly used security mechanism Advanced Encryption Standard(AES)has its own problems,e.g.,several rounds have been solved.On the other hand,if data protected by the same PW/SKCH at different time points can derive different data encryption parameters,the system’s security level will be then greatly enhanced.Therefore,in this study,a security scheme,named Wrapping Encryption Based on Double Randomness Mechanism(WEBDR),is proposed by integrating a password key(or a system channel key)and an Initialization Vector(IV)to generate an Initial Encryption Key(IEK).Also,an Accumulated Shifting Substitution(ASS)function and a three-dimensional encryption method are adopted to produce a set of keys.Two randomness encryption mechanisms are developed.The first generates system sub-keys and calculates the length of the first pseudo-random numbers by employing IEK for providing subsequent encryption/decryption.The second produces a random encryption key and a sequence of internal feedback codes and computes the length of the second pseudo-random numbers for encrypting delivered messages.A wrapped mechanism is further utilized to pack a ciphertext file so that a wrapped ciphertext file,rather than the ciphertext,will be produced and then transmitted to its destination.The findings are as follows.Our theoretic analyses and simulations demonstrate that the security of the WEBDR in cloud communication has achieved its practical security.Also,AES requires 176 times exclusive OR(XOR)operations for both encryption and decryption,while the WEBDR consumes only 3 operations.That is why the WEBDR is 6.7∼7.09 times faster than the AES,thus more suitable for replacing the AES to protect data transmitted between a cloud system and its users.
基金This research was supported by the National Science Foundation of China for Funding Projects (61173089,61472298) and National Statistical Science Program of China(2013LZ46).
文摘Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem.
基金supported by the National Natural Science Foundation of China (No.61370203)China Postdoctoral Science Foundation Funded Project (No.2017M623008)+1 种基金Scientific Research Starting Project of SWPU (No.2017QHZ023)State Scholarship Foundation of China Scholarship Council (No.201708515149)
文摘Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.
基金The first author would like to thank for the Fund of Jiangsu Innovation Program for Graduate Education,the Fundamental Research Funds for the Central Universities,and Ningbo Natural Science Foundation,the Chinese National Scholarship fund,and also appreciate the benefit to this work from projects in science and technique of Ningbo municipal.The third author would like to thank for Ningbo Natural Science Foundation
文摘Fully homomorphic encryption is faced with two problems now. One is candidate fully homomorphic encryption schemes are few. Another is that the efficiency of fully homomorphic encryption is a big question. In this paper, we propose a fully homomorphic encryption scheme based on LWE, which has better key size. Our main contributions are: (1) According to the binary-LWE recently, we choose secret key from binary set and modify the basic encryption scheme proposed in Linder and Peikert in 2010. We propose a fully homomorphic encryption scheme based on the new basic encryption scheme. We analyze the correctness and give the proof of the security of our scheme. The public key, evaluation keys and tensored ciphertext have better size in our scheme. (2) Estimating parameters for fully homomorphic encryption scheme is an important work. We estimate the concert parameters for our scheme. We compare these parameters between our scheme and Bral2 scheme. Our scheme have public key and private key that smaller by a factor of about logq than in Bral2 scheme. Tensored ciphertext in our scheme is smaller by a factor of about log2q than in Bral2 scheme. Key switching matrix in our scheme is smaller by a factor of about log3q than in Bra12 scheme.
文摘Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on identity, attributes and prediction algorithms yet;these techniques are highly prone to attackers. This would raise a need of an effective encryption technique, which would ensure secure data migration. With this scenario, our proposed methodology Efficient Probabilistic Public Key Encryption(EPPKE) is optimized with Covariance Matrix Adaptation Evolution Strategies(CMA-ES). It ensures data integrity through the Luhn algorithm with BLAKE 2b encapsulation. This enables an optimized security to the data which is migrated through cloud. The proposed methodology is implemented in Open Stack with Java Language. It achieves better results by providing security compared to other existing techniques like RSA, IBA, ABE, PBE, etc.
文摘Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.
文摘Security is a primary concern in communication for reliable transfer ofinformation between the authenticated members, which becomes more complexin a network of Internet of Things (IoT). To provide security for group communication a key management scheme incorporating Bilinear pairing technique withMulticast and Unicast key management protocol (BMU-IOT) for decentralizednetworks has been proposed. The first part of the proposed work is to dividethe network into clusters where sensors are connected to and is administered bycluster head. Each sensor securely shares its secret keys with the cluster headusing unicast. Based on these decryption keys, the cluster head generates a common encryption key using bilinear pairing. Any sensor in the subgroup candecrypt the message, which is encrypted by the common encryption key. Theremaining part focuses to reduce communication, computation and storage costsof the proposed framework and the resilience against various attacks. The implementation is carried out and results are compared with the existing schemes thathave given considerably better results. Thus, the lightweight devices of IoT canprovide efficiency and security by reducing their overhead in terms of complexity.
基金Supported by the National Natural Science Foun-dation of China (60473021)
文摘We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does not need to carry smart card storing his private information but just needs to know his identity and password. For this purpose, the scheme was implemented over elliptic curves because of their well-known advantages with regard to processing and size constraints. Furthermore, the scheme is provably secure under the assumptions that the hash function closely behaves like a random oracle and that the elliptic curve computational Diffie-Hellman problem is difficult.
基金the National Natural Science Foundation of China(No.61572521,U1636114)National Key Project of Research and Development Plan(2017YFB0802000)+2 种基金Natural Science Foundation of Shaanxi Province(2021JM-252)Innovative Research Team Project of Engineering University of APF(KYTD201805)Fundamental Research Project of Engineering University of PAP(WJY201910).
文摘Trapdoor is a key component of public key cryptography design which is the essential security foundation of modern cryptography.Normally,the traditional way in designing a trapdoor is to identify a computationally hard problem,such as the NPC problems.So the trapdoor in a public key encryption mechanism turns out to be a type of limited resource.In this paper,we generalize the methodology of adversarial learning model in artificial intelligence and introduce a novel way to conveniently obtain sub-optimal and computationally hard trapdoors based on the automatic information theoretic search technique.The basic routine is constructing a generative architecture to search and discover a probabilistic reversible generator which can correctly encoding and decoding any input messages.The architecture includes a trapdoor generator built on a variational autoencoder(VAE)responsible for searching the appropriate trapdoors satisfying a maximum of entropy,a random message generator yielding random noise,and a dynamic classifier taking the results of the two generator.The evaluation of our construction shows the architecture satisfying basic indistinguishability of outputs under chosen-plaintext attack model(CPA)and high efficiency in generating cheap trapdoors.
基金This work was supported by the Science and Technology on Communication Security Laboratory Foundation (9140C110301110C1103), the Weaponry Equipment Pre-Research Foundation, the PLA General Armament Department (9140A04020311DZ02), and the National Natural Science Foundation of China (61370203).
文摘Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how to correctly decrypt a ciphertext where all servers continually leak information about their secret keys to an external attacker. Dodis et al. and Akavia et al. show two concrete schemes on how to store secrets on continually leaky servers. However, their construc- tions are only interactive between two servers. To achieve continual leakage security among more than two servers, we give the first threshold public key encryption scheme against adaptively chosen ciphertext attack in the continual leak- age model under three static assumptions. In our model, the servers update their keys individually and asynchronously, without any communication between two servers. Moreover, the update procedure is re-randomized and the randomness can leak as well.
基金Supported by the National Natural Science Foundation of China (60673070)the Natural Science Foundation of Jiangsu Province,China (BK2006217)
文摘Certificateless public key cryptography (CL-PKC) enjoys the advantage of identity based cryptography without suffering from its inherent key escrow problem. In this paper, a new efficient certificateless public key encryption scheme is proposed and its security can reach chosen-ciphertext (CCA2) secure in the random oracle model assuming the CDH and p-BDHI problem are difficult. A comparison shows that the efficiency of the proposed scheme is better than all known paring-based certificateless public key encryption schemes in the random oracle model.
基金supported by the National Key R&D Program of China(No.2017YFB0802000)the Innovative Research Team in Engineering University of PAP(No.KYTD201805)+2 种基金the National Natural Science Foundation of China(No.61872384)the Natural Science Basic Research Plan in Shaanxi Province of China(No.2020JQ-492)the Fundamental Research Project of Engineering University of PAP(Nos.WJY201910,WJY201914,and WJY201912)。
文摘Genes have great significance for the prevention and treatment of some diseases.A vital consideration is the need to find a way to locate pathogenic genes by analyzing the genetic data obtained from different medical institutions while protecting the privacy of patients’genetic data.In this paper,we present a secure scheme for locating disease-causing genes based on Multi-Key Homomorphic Encryption(MKHE),which reduces the risk of leaking genetic data.First,we combine MKHE with a frequency-based pathogenic gene location function.The medical institutions use MKHE to encrypt their genetic data.The cloud then homomorphically evaluates specific gene-locating circuits on the encrypted genetic data.Second,whereas most location circuits are designed only for locating monogenic diseases,we propose two location circuits(TH-intersection and Top-q)that can locate the disease-causing genes of polygenic diseases.Third,we construct a directed decryption protocol in which the users involved in the homomorphic evaluation can appoint a target user who can obtain the final decryption result.Our experimental results show that compared to the JWB+17 scheme published in the journal Science,our scheme can be used to diagnose polygenic diseases,and the participants only need to upload their encrypted genetic data once,which reduces the communication traffic by a few hundred-fold.
基金Project supported by the National Natural Science Foundation of China(Nos.61772009 and U1736112)the Fundamental Research Funds for the Central Universities,China(Nos.2016B10114 and 2017B17014)the Natural Science Foundation of Jiangsu Province,China(No.BK20181304)
文摘Searchable public key encryption enables a storage server to retrieve the publicly encrypted data without revealing the original data contents.It offers a perfect cryptographic solution to encrypted data retrieval in encrypted data storage systems.Certificateless cryptography(CLC)is a novel cryptographic primitive that has many merits.It overcomes the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems.Motivated by the appealing features of CLC,three certificateless encryption with keyword search(CLEKS)schemes were presented in the literature.However,all of them were constructed with the costly bilinear pairing and thus are not suitable for the devices that have limited computing resources and battery power.So,it is interesting and worthwhile to design a CLEKS scheme without using bilinear pairing.In this study,we put forward a pairing-free CLEKS scheme that does not exploit bilinear pairing.We strictly prove that the scheme achieves keyword ciphertext indistinguishability against adaptive chosen-keyword attacks under the complexity assumption of the computational Diffie-Hellman problem in the random oracle model.Efficiency comparison and the simulation show that it enjoys better performance than the previous pairing-based CLEKS schemes.In addition,we briefly introduce three extensions of the proposed CLEKS scheme.
基金Supported by the National Natural Science Foundation of China (60473021)
文摘Provable security has been widely used for analyzing the security of cryptosystems. Its main idea is to reduce the security to some well-defined computational assumption. The reduction process is called the security proof. In this paper, we find a flaw in the security proof of BDOP-PEKS and PEKS-STAT, present a new conclusion for the security of BDOP-PEKS, and give a security proof. The flaw in the security proof of PEKS-STAT can be fixed in the same way. Finally we conclude some steps of security proof, and emphasize that the probability is as important as the construction.
基金Supported by the National Natural Science Foundation of China(60903175,60703048)the Natural Science Foundation of Hubei Province (2009CBD307,2008CDB352)
文摘The decryption participant's private key share for decryption is delegated by key generation center in the threshold IBE scheme.However,a key generation center which is absolutely trustworthy does not exist.So the author presents a certificateless threshold public key encryption scheme.Collaborating with an administrator,the decryption participant generates his whole private key share for decryption in the scheme.The administrator does not know the decryption participant's private key share for decryption.Making use of q-SDH assumption,the author constructs a certificateless threshold public key encryption scheme.The security of the scheme is eventually reduced to the solving of Decisional Bilinear Diffie-Hellman problem.Moreover,the scheme is secure under the chosen ciphertext attack in the standard model.
基金supported in part by the Basic Science Research Program through the National Research Foundation of Korea Funded by the Ministry of Science,ICT & Future Planning(No.2011-0030079)the Ministry of Education(No.NRF-2013R1A1A2057549)
文摘We prot)ose a security-enhanced double-random phase encryption (DRPE) scheme using orthogonally encoded image and electronically synthesized key data to cope with the security problem of DRPE technique caused by fixed double-random phase masks for eneryption. In the proposed scheme, we adopt the electronically synthesized key to frequently update the phase mask using a spatial light modulator, and also employ the orthogonal encoding technique to encode the image and electronically synthesized key data, which can enhance the security of both data. We provide detailed procedures for eneryption and decryption of the proposed scheme, and provide the simulation results to show the eneryption effects of the proposed scheme.
基金supported by the National Natural Science Foundation of China (Nos.61303212,61170080,61202386,61332019,U1135004,and 91018008)the National Key Basic Research and Development (973) Program of China (No.2014CB340600)the Natural Science Foundation of Hubei Province (Nos.2011CDB453 and 2014CFB440)
文摘Advances in quantum computers threaten to break public-key cryptosystems (e.g., RSA, ECC, and EIGamal), based on the hardness of factoring or taking a discrete logarithm. However, no quantum algorithms have yet been found for solving certain mathematical problems in non-commutative algebraic structures. Recently, two novel public-key encryption schemes, BKT-B cryptosystem and BKT-FO cryptosystem, based on factorization problems have been proposed at Security and Communication Networks in 2013. In this paper we show that these two schemes are vulnerable to structural attacks and linearization equations attacks, and that they only require polynomial time complexity to obtain messages from associated public keys. We conduct a detailed analysis of the two attack methods and show corresponding algorithmic descriptions and efficiency analyses. In addition, we provide some improvement suggestions for the two public-key encryption schemes.
基金Supported by the National Natural Science Foundation of China(6090317560703048)+1 种基金the Natural Science Foundation of Hubei Province(2009CBD3072008CDB352)
文摘Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user's ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.
基金This work is supported by the National Natural Science Foundation of China under Grant Nos. 61300181 and 61502044, and the Fundamental Research Funds for the Central Universities of China under Grant No. 2015RC23.
文摘The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption (SSE) and public key encryption with keyword search (PEKS). Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks;therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks (SEK-IA) framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.
基金This work is supported by Guangxi Cooperative Innovation Center of Cloud Computing and Big Data(No.YD16506)。
文摘Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.However,storing sensitive data on remote servers poses privacy challenges and is currently a source of concern.SE(Searchable Encryption)is a positive way to protect users sensitive data,while preserving search ability on the server side.SE allows the server to search encrypted data without leaking information in plaintext data.The two main branches of SE are SSE(Searchable Symmetric Encryption)and PEKS(Public key Encryption with Keyword Search).SSE allows only private key holders to produce ciphertexts and to create trapdoors for search,whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors.This article surveys the two main techniques of SE:SSE and PEKS.Different SE schemes are categorized and compared in terms of functionality,efficiency,and security.Moreover,we point out some valuable directions for future work on SE schemes.