The current development toward quantum attack has shocked our confidence on classical digital signature schemes.As one of the mainstreams of post quantum cryptography primitives,hash-based signature has attracted more...The current development toward quantum attack has shocked our confidence on classical digital signature schemes.As one of the mainstreams of post quantum cryptography primitives,hash-based signature has attracted more and more concern in both cryptographic research and application in recent years.The goal of this paper is to present,classify and discuss different solutions for hash-based signature.Firstly,this paper discusses the research progress in the component of hash-based signature,i.e.,one-time signature and few-time signature;then classifies the tree-based public key authentication schemes of hash-based signature into limited number and stateful schemes,unlimited number and stateful schemes and unlimited number and stateless schemes.The above discussion aims to analyze the overall design idea of different categories of hash-based signatures,as well as the construction,security reduction and performance efficiency of specific schemes.Finally,the perspectives and possible development directions of hash-based signature are briefly discussed.展开更多
5G provides a unified authentication architecture and access management for IoT(Internet of Things)devices.But existing authentication services cannot cover massive IoT devices with various computing capabilities.In a...5G provides a unified authentication architecture and access management for IoT(Internet of Things)devices.But existing authentication services cannot cover massive IoT devices with various computing capabilities.In addition,with the development of quantum computing,authentication schemes based on traditional digital signature technology may not be as secure as we expected.This paper studies the authentication mechanism from the user equipment to the external data network in 5G and proposed an authentication protocol prototype that conforms to the Third Generation Partnership Program(3GPP)standard.This prototype can accommodate various Hash-based signature technologies,applying their advantages in resource consumption to meet the authentication requirements of multiple types of IoT devices.The operation of the proposed authentication scheme is mainly based on the Hash function,which is more efficient than the traditional authentication scheme.It provides flexible and high-quality authentication services for IoT devices cluster in the 5G environment combining the advantages of Hash-based signature technology and 5G architecture.展开更多
Since Multivatriate Quadratic(MQ)-based Public Key Cryptosystem(MPKC)has been one of the hot research fields of post-quantum cryptography,it becomes important to analyze the security of new MPKC schemes.Wang et al.pro...Since Multivatriate Quadratic(MQ)-based Public Key Cryptosystem(MPKC)has been one of the hot research fields of post-quantum cryptography,it becomes important to analyze the security of new MPKC schemes.Wang et al.proposed a novel multivariate signature scheme with Hash-based Tame Transformation and Minus(HTTM)in 2011.For this extended MQ-based signature,we can transform it into an SFLASH variant by splitting and merging HT transformation,and solve an equivalent private key corresponding to the public key of HTTM.Thus,the adversary can forge legitimate signature for any message by using this equivalent private key.展开更多
Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is hon...Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is honest but curious,while the server may be trustless in the real world.Considering a malicious server not honestly performing the queries,verifiable SSE(VSSE)schemes are constructed to ensure the verifiability of the search results.However,existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification.To address this challenge,we present an efficient VSSE scheme,built on OXT protocol(Cash et al.,CRYPTO 2013),for conjunctive keyword queries with sublinear search overhead.The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator,by leveraging a well-established cryptographic primitive,Symmetric Hidden Vector Encryption(SHVE).Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations,thus greatly reducing the computational cost in the verification process.Besides,the proposed VSSE scheme can still provide a proof when the search result is empty.Finally,the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.展开更多
In distributed systems, it is important to adjust load distribution dynamically based on server performance and load information. Meanwhile, gray release and rapid expansion are the basic requirements to ensure reliab...In distributed systems, it is important to adjust load distribution dynamically based on server performance and load information. Meanwhile, gray release and rapid expansion are the basic requirements to ensure reliability and stability for systems with short version iteration cycles. The traditional Hash algorithm performs poorly in gray release, rapid expansion, and load distribution. To solve these problems, a novel Hash-based dynamic mapping(HDM) load balancing algorithm was proposed. On the one hand, this algorithm can adjust the load distribution dynamically based on server performance and load information. On the other hand, it implements gray release by controlling the ratio of requests assigned to the changed nodes. Additionally, HDM has a higher expansion efficiency. Experiments show that the HDM distributes the load more reasonably, provides a more stable gray release ratio, and has a higher expansion efficiency.展开更多
基金National Natural Science Foundation of China(No.61972391).
文摘The current development toward quantum attack has shocked our confidence on classical digital signature schemes.As one of the mainstreams of post quantum cryptography primitives,hash-based signature has attracted more and more concern in both cryptographic research and application in recent years.The goal of this paper is to present,classify and discuss different solutions for hash-based signature.Firstly,this paper discusses the research progress in the component of hash-based signature,i.e.,one-time signature and few-time signature;then classifies the tree-based public key authentication schemes of hash-based signature into limited number and stateful schemes,unlimited number and stateful schemes and unlimited number and stateless schemes.The above discussion aims to analyze the overall design idea of different categories of hash-based signatures,as well as the construction,security reduction and performance efficiency of specific schemes.Finally,the perspectives and possible development directions of hash-based signature are briefly discussed.
文摘5G provides a unified authentication architecture and access management for IoT(Internet of Things)devices.But existing authentication services cannot cover massive IoT devices with various computing capabilities.In addition,with the development of quantum computing,authentication schemes based on traditional digital signature technology may not be as secure as we expected.This paper studies the authentication mechanism from the user equipment to the external data network in 5G and proposed an authentication protocol prototype that conforms to the Third Generation Partnership Program(3GPP)standard.This prototype can accommodate various Hash-based signature technologies,applying their advantages in resource consumption to meet the authentication requirements of multiple types of IoT devices.The operation of the proposed authentication scheme is mainly based on the Hash function,which is more efficient than the traditional authentication scheme.It provides flexible and high-quality authentication services for IoT devices cluster in the 5G environment combining the advantages of Hash-based signature technology and 5G architecture.
基金Supported by the National Natural Science Foundation of China(No.61142007)Natural Science Foundation of Universities of Jiangsu Province(13KJB520005)the Research Fund for the Graduate Innovation Program of Jiangsu Province(CXZZ13_0493)
文摘Since Multivatriate Quadratic(MQ)-based Public Key Cryptosystem(MPKC)has been one of the hot research fields of post-quantum cryptography,it becomes important to analyze the security of new MPKC schemes.Wang et al.proposed a novel multivariate signature scheme with Hash-based Tame Transformation and Minus(HTTM)in 2011.For this extended MQ-based signature,we can transform it into an SFLASH variant by splitting and merging HT transformation,and solve an equivalent private key corresponding to the public key of HTTM.Thus,the adversary can forge legitimate signature for any message by using this equivalent private key.
基金supported by the National Natural Science Foundation of China (Grant Nos.61932010 and 62072357)the Zhuhai Top Discipline-Information Securitysupported by the China Scholarship Council (CSC)and the Australian Research Council (ARC).
文摘Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is honest but curious,while the server may be trustless in the real world.Considering a malicious server not honestly performing the queries,verifiable SSE(VSSE)schemes are constructed to ensure the verifiability of the search results.However,existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification.To address this challenge,we present an efficient VSSE scheme,built on OXT protocol(Cash et al.,CRYPTO 2013),for conjunctive keyword queries with sublinear search overhead.The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator,by leveraging a well-established cryptographic primitive,Symmetric Hidden Vector Encryption(SHVE).Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations,thus greatly reducing the computational cost in the verification process.Besides,the proposed VSSE scheme can still provide a proof when the search result is empty.Finally,the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.
文摘In distributed systems, it is important to adjust load distribution dynamically based on server performance and load information. Meanwhile, gray release and rapid expansion are the basic requirements to ensure reliability and stability for systems with short version iteration cycles. The traditional Hash algorithm performs poorly in gray release, rapid expansion, and load distribution. To solve these problems, a novel Hash-based dynamic mapping(HDM) load balancing algorithm was proposed. On the one hand, this algorithm can adjust the load distribution dynamically based on server performance and load information. On the other hand, it implements gray release by controlling the ratio of requests assigned to the changed nodes. Additionally, HDM has a higher expansion efficiency. Experiments show that the HDM distributes the load more reasonably, provides a more stable gray release ratio, and has a higher expansion efficiency.
