Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in differ...Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.展开更多
The advent of quantum computers and algorithms challenges the semantic security of symmetric and asymmetric cryptosystems. Thus, the implementation of new cryptographic primitives is essential. They must follow the br...The advent of quantum computers and algorithms challenges the semantic security of symmetric and asymmetric cryptosystems. Thus, the implementation of new cryptographic primitives is essential. They must follow the breakthroughs and properties of quantum calculators which make vulnerable existing cryptosystems. In this paper, we propose a random number generation model based on evaluation of the thermal noise power of the volume elements of an electronic system with a volume of 58.83 cm<sup>3</sup>. We prove through the sampling of the temperature of each volume element that it is difficult for an attacker to carry out an exploit. In 12 seconds, we generate for 7 volume elements, a stream of randomly generated keys of 187 digits that will be transmitted from source to destination through the properties of quantum cryptography.展开更多
With the advent of quantum computing,numerous efforts have been made to standardize post-quantum cryptosystems with the intention of(eventually)replacing Elliptic Curve Cryptography(ECC)and Rivets-Shamir-Adelman(RSA)....With the advent of quantum computing,numerous efforts have been made to standardize post-quantum cryptosystems with the intention of(eventually)replacing Elliptic Curve Cryptography(ECC)and Rivets-Shamir-Adelman(RSA).A modified version of the traditional N-Th Degree Truncated Polynomial Ring(NTRU)cryptosystem called NTRU Prime has been developed to reduce the attack surface.In this paper,the Signcryption scheme was proposed,and it is most efficient than others since it reduces the complexity and runs the time of the code execution,and at the same time,provides a better security degree since it ensures the integrity of the sent message,confidentiality of the data,forward secrecy when using refreshed parameters for each session.Unforgeability to prevent the man-in-the-middle attack from being active or passive,and non-repudiation when the sender can’t deny the recently sent message.This study aims to create a novel NTRU cryptography algorithm system that takes advantage of the security features of curve fitting operations and the valuable characteristics of chaotic systems.The proposed algorithm combines the(NTRU Prime)and Shamir’s Secret Sharing(SSS)features to improve the security of the NTRU encryption and key generation stages that rely on robust polynomial generation.Based on experimental results and a comparison of the time required for crucial exchange between NTRU-SSS and the original NTRU,this study shows a rise in complexity with a decrease in execution time in the case when compared to the original NTRU.It’s encouraging to see signs that the suggested changes to the NTRU work to increase accuracy and efficiency.展开更多
Most of current public key cryptosystems would be vulnerable to the attacks of the future quantum computers.Post-quantum cryptography offers mathematical methods to secure information and communications against such a...Most of current public key cryptosystems would be vulnerable to the attacks of the future quantum computers.Post-quantum cryptography offers mathematical methods to secure information and communications against such attacks,and therefore has been receiving a significant amount of attention in recent years.Lattice-based cryptography,built on the mathematical hard problems in(high-dimensional)lattice theory,is a promising post-quantum cryptography family due to its excellent efficiency,moderate size and strong security.This survey aims to give a general overview on lattice-based cryptography.To this end,the authors begin with the introduction of the underlying mathematical lattice problems.Then they introduce the fundamental cryptanalytic algorithms and the design theory of lattice-based cryptography.展开更多
With the rapid increase in demand for data trustworthiness and data security,distributed data storage technology represented by blockchain has received unprecedented attention.These technologies have been suggested fo...With the rapid increase in demand for data trustworthiness and data security,distributed data storage technology represented by blockchain has received unprecedented attention.These technologies have been suggested for various uses because of their remarkable ability to offer decentralization,high autonomy,full process traceability,and tamper resistance.Blockchain enables the exchange of information and value in an untrusted environment.There has been a significant increase in attention to the confidentiality and privacy preservation of blockchain technology.Ensuring data privacy is a critical concern in cryptography,and one of the most important protocols used to achieve this is the secret-sharing method.By dividing the secret into shares and distributing them among multiple parties,no one can access the secret without the cooperation of the other parties.However,Attackers with quantum computers in the future can execute Grover’s and Shor’s algorithms on quantum computers that can break or reduce the currently widely used cryptosystems.Furthermore,centralized management of keys increases the risk of key leakage.This paper proposed a post-quantum threshold algo-rithm to reduce the risk of data privacy leakage in blockchain Systems.This algorithm uses distributed key management technology to reduce the risk of individual node private key leakage and provide post-quantum security.The proposed privacy-preserving cryptographic algorithm provides a post-quantum threshold architecture for managing data,which involves defining users and interaction processes within the system.This paper applies a linear secret-sharing solution to partition the private key of the Number Theory Research Unit(NTRU)algorithm into n parts.It constructs a t–n threshold that allows recovery of the plaintext only when more than t nodes participate in decryption.The characteristic of a threshold makes the scheme resistant to collusion attacks from members whose combined credibility is less than the threshold.This mitigates the risk of single-point private key leakage.During the threshold decryption process,the private key information of the nodes will not be leaked.In addition,the fact that the threshold algorithm is founded on the NTRU lattice enables it to withstand quantum attacks,thus enhancing its security.According to the analysis,the proposed scheme provides superior protection compared to currently availablemethods.This paper provides postquantum security solutions for data security protection of blockchain,which will enrich the use of blockchain in scenarios with strict requirements for data privacy protection.展开更多
The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing s...The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.展开更多
This research paper analyzes the urgent topic of quantum cybersecurity and the current federal quantum-cyber landscape. Quantum-safe implementations within existing and future Internet of Things infrastructure are dis...This research paper analyzes the urgent topic of quantum cybersecurity and the current federal quantum-cyber landscape. Quantum-safe implementations within existing and future Internet of Things infrastructure are discussed, along with quantum vulnerabilities in public key infrastructure and symmetric cryptographic algorithms. Other relevant non-encryption-specific areas within cybersecurity are similarly raised. The evolution and expansion of cyberwarfare as well as new developments in cyber defense beyond post-quantum cryptography and quantum key distribution are subsequently explored, with an emphasis on public and private sector awareness and vigilance in maintaining strong security posture.展开更多
In order to achieve secure signcryption schemes in the quantum era, Li Fagen et al. [Concurrency and Computation: Practice and Experience, 2012, 25(4): 2112-2122] and Wang Fenghe et al. [Applied Mathematics & Inf...In order to achieve secure signcryption schemes in the quantum era, Li Fagen et al. [Concurrency and Computation: Practice and Experience, 2012, 25(4): 2112-2122] and Wang Fenghe et al. [Applied Mathematics & Information Sciences, 2012, 6(1): 23-28] have independently extended the concept of signcryption to lattice-based cryptography. However, their schemes are only secure under the random or- acle model. In this paper, we present a lattice-based signcryp- tion scheme which is secure under the standard model. We prove that our scheme achieves indistinguishability against adaptive chosen-ciphertext attacks (IND-CCA2) under the learning with errors (LWE) assumption and existential unforgeability against adaptive chosen-message attacks (EUF- CMA) under the small integer solution (SIS) assumption.展开更多
Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In C...Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL- PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be cer- tificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large in- teger factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate- less encryption scheme based on lattices, more precisely, us- ing the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factoriza- tion and discrete logarithms, the most operations are matrix- vector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model.展开更多
This paper proposes the first lattice-based sequential aggregate signature (SAS) scheme with lazy verification that is provably secure in the random oracle model. As opposed to large integer factoring and discrete l...This paper proposes the first lattice-based sequential aggregate signature (SAS) scheme with lazy verification that is provably secure in the random oracle model. As opposed to large integer factoring and discrete logarithm based systems, the security of the construction relies on worst-case lattice problem, namely, under the small integer solution (SIS) assumption. Generally speaking, SAS schemes enable any group of signers ordered in a chain to sequentially combine their signatures such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Unlike prior such proposals, the new scheme does not require a signer to retrieve the keys of other signers and verify the aggregate-so-far before adding its own signature, and the signer can add its own signature to an unverified aggregate and forward it along immediately, postponing verification until load permits or the necessary public keys are obtained. Indeed, the new scheme does not even require a signer to know the public keys of other signers.展开更多
Lattice-based hierarchical identity-based broadcast encryption(H-IBBE)schemes have broad application prospects in the quantum era,because it reduces the burden of private key generator(PKG)and is suitable for one-to-m...Lattice-based hierarchical identity-based broadcast encryption(H-IBBE)schemes have broad application prospects in the quantum era,because it reduces the burden of private key generator(PKG)and is suitable for one-to-many communication.However,previous lattice-based H-IBBE schemes are mostly constructed in the random oracle model with more complex trapdoor delegation process and have lower practical application.A lattice-based H-IBBE is proposed in the fixed dimension under the standard model,which mainly consists of binary tree encryption(BTE)system,MP12 trapdoor function and ABB10b trapdoor delegation algorithm.First,this paper uses BTE system to eliminate the random oracle so that the scheme can be implemented under the standard model,and it also uses MP12 trapdoor function to reduce trapdoor generation complexity and obtains a safe and efficient trapdoor matrix;Second,this paper uses ABB10b trapdoor delegation algorithm to delegate user爷s private key,and the trapdoor matrices'dimensions are the same before and after the trapdoor delegation.Comparative analysis shows that trapdoor delegation process reduces complexity,and the size of cipher-text and trapdoor matrix does not increase with deeper trapdoor delegation process.This paper achieves indistinguishability of cipher-texts under a selective chosen-cipher-text and chosen-identity attack(INDr-sID-CCA)security in the standard model based on learning with errors(LWE)hard assumption.展开更多
Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Insp...Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Inspired by the pioneering work of Bellare and Fuchsbauer,we present a primitive called policy-based group signature.In policy-based group signatures,group members can on behalf of the group to sign documents that meet their own policies,and the generated signatures will not leak the identity and policies of the signer.Moreover,the group administrator is allowed to reveal the identity of signer when a controversy occurs.Through the analysis of application scenarios,we concluded that the policy-based group signature needs to meet two essential security properties:simulatability and traceability.And we construct a scheme of policy-based group signature from lattice through techniques such as commitment,zero-knowledge proof,rejection sampling.The security of our scheme is proved to be reduced to the module short integer solution(MSIS)and module learning with errors(MLWE)hard assumptions.Furthermore,we make a performance comparison between our scheme and three lattice-based group signature schemes.The result shows that our scheme has more advantages in storage overhead and the sizes of key and signature are decreased roughly by 83.13%,46.01%,respectively,compared with other schemes.展开更多
This paper proposes the first code-based quantum immune sequential aggregate signature(SAS)scheme and proves the security of the proposed scheme in the random oracle model.Aggregate signature(AS)schemes and sequential...This paper proposes the first code-based quantum immune sequential aggregate signature(SAS)scheme and proves the security of the proposed scheme in the random oracle model.Aggregate signature(AS)schemes and sequential aggregate signature schemes allow a group of potential signers to sign different messages respectively,and all the signatures of those users on those messages can be aggregated into a single signature such that the size of the aggregate signature is much smaller than the total size of all individual signatures.Because of the aggregation of many signatures into a single short signature,AS and SAS schemes can reduce bandwidth and save storage;moreover,when a SAS is verified,not only the valid but also the order in which each signer signed can be verified.AS and SAS schemes can be applied to traffic control,banking transaction and military applications.Most of the existing AS and SAS schemes are based either on pairing or Rivest-Shamir-Adleman(RSA),and hence,can be broken by Shor’s quantum algorithm for Integer Factoring Problem(IFP)and Discrete Logarithm Problem(DLP).There are no quantum algorithms to solve syndrome decoding problems.Hence,code-based cryptography is seen as one of the promising candidates for post-quantum cryptography.This paper shows how to construct quantum immune sequential aggregate signatures based on coding theory.Specifically,we construct our scheme with the first code based signature scheme proposed by Courtois,Finiasz and Sendrier(CFS).Compared to the CFS signature scheme without aggregation,the proposed sequential aggregate signature scheme can save about 90%storage when the number of signers is asymptotically large.展开更多
McEliece cryptosystem is a public key cryptosystem that combines channel coding and encryption,and the oldest PKC that is conjectured to be postquantum secure.To decrease the key size of the original scheme,alternativ...McEliece cryptosystem is a public key cryptosystem that combines channel coding and encryption,and the oldest PKC that is conjectured to be postquantum secure.To decrease the key size of the original scheme,alternative codes have been adopted to replace Goppa codes.In this paper,we propose a ring signature using low-density generator-matrix codes.Our new scheme satisfies anonymity and existential unforgeability under chosen message attacks(EUFCMA).As for efficiency,the number of decoding operations has been reduced largely compared with ZLC ring signature,and the size of the public key is about 0.2%of the ZLC展开更多
This work is the first to determine that a real quantum computer(including generalized and specialized)can decipher million-scale RSA relying solely on quantum algorithms,showing the real attack potential of D-Wave ma...This work is the first to determine that a real quantum computer(including generalized and specialized)can decipher million-scale RSA relying solely on quantum algorithms,showing the real attack potential of D-Wave machines.The influence of different column widths on RSA factorization results is studied on the basis of a multiplication table,and the optimal column method is determined by traversal experiments.The traversal experiment of integer factorization within 10000 shows that the local field and coupling coefficients are 75%–93%lower than the research of Shanghai University in 2020 and more than 85%lower than that of Purdue University in 2018.Extremely low Ising model parameters are crucial to reducing the hardware requirements,prompting factoring 1245407 on the D-Wave 2000Q real machine.D-Wave advantage already has more than 5000 qubits and will be expanded to 7000 qubits during 2023–2024,with remarkable improvements in decoherence and topology.This machine is expected to promote the solution of large-scale combinatorial optimization problems.One of the contributions of this paper is the discussion of the long-term impact of D-Wave on the development of post-quantum cryptography standards.展开更多
The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into...The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into four groups:lattice methods,algebraic methods,combinatorial methods,and exhaustive searching.The Blum–Kalai–Wasserman(BKW)algorithm is an important variety of combinatorial algorithms,which was first presented for solving the Learning Parity With Noise(LPN)problem and then extended to solve LWE.In this paper,we give an overview of BKW algorithms for solving LWE.We introduce the framework and key techniques of BKW algorithms and make comparisons between different BKW algorithms and also with lattice methods by estimating concrete security of specific LWE instances.We also briefly discuss the current problems and potential future directions of BKW algorithms.展开更多
Blind signcryption(BSC) can guarantee the blindness and untrackability of signcrypted messages, and moreover, it provides simultaneous unforgeability and confidentiality. Most traditional BSC schemes are based on the ...Blind signcryption(BSC) can guarantee the blindness and untrackability of signcrypted messages, and moreover, it provides simultaneous unforgeability and confidentiality. Most traditional BSC schemes are based on the number theory. However, with the rapid development of quantum computing, traditional BSC systems are faced with severe security threats. As promising candidate cryptosystems with the ability to resist attacks from quantum computing, lattice-based cryptosystems have attracted increasing attention in academic fields. In this paper, a post-quantum blind signcryption scheme from lattice(PQ-LBSCS) is devised by applying BSC to lattice-based cryptosystems. PQ-LBSCS inherits the advantages of the lattice-based cryptosystem and blind signcryption technique. PQ-LBSCS is provably secure under the hard assumptions of the learning with error problem and small integer solution problem in the standard model. Simulations are carried out using the Matlab tool to analyze the computational efficiency, and the simulation results show that PQ-LBSCS is more efficient than previous schemes. PQ-LBSCS has extensive application prospects in e-commerce, mobile communication, and smart cards.展开更多
Advances in quantum computers threaten to break public-key cryptosystems (e.g., RSA, ECC, and EIGamal), based on the hardness of factoring or taking a discrete logarithm. However, no quantum algorithms have yet been...Advances in quantum computers threaten to break public-key cryptosystems (e.g., RSA, ECC, and EIGamal), based on the hardness of factoring or taking a discrete logarithm. However, no quantum algorithms have yet been found for solving certain mathematical problems in non-commutative algebraic structures. Recently, two novel public-key encryption schemes, BKT-B cryptosystem and BKT-FO cryptosystem, based on factorization problems have been proposed at Security and Communication Networks in 2013. In this paper we show that these two schemes are vulnerable to structural attacks and linearization equations attacks, and that they only require polynomial time complexity to obtain messages from associated public keys. We conduct a detailed analysis of the two attack methods and show corresponding algorithmic descriptions and efficiency analyses. In addition, we provide some improvement suggestions for the two public-key encryption schemes.展开更多
As a candidate of the standard of post-quantum cryptography for NIST,Liu,et al.submitted a new public-key encryption scheme Compact-LWE,whose structure is similar to LWE,but with different distribution of errors.They ...As a candidate of the standard of post-quantum cryptography for NIST,Liu,et al.submitted a new public-key encryption scheme Compact-LWE,whose structure is similar to LWE,but with different distribution of errors.They thought that the special error distribution would protect Compact-LWE from known lattice-based attacks.Furthermore,they recommended a set of small parameters to improve the efficiency of Compact-LWE and claimed it can offer 192-bit security.However,in this paper,the authors show that Compact-LWE is not secure under recommended parameters by presenting two ciphertext-only attacks.First,the authors show that the message can be recovered efficiently from the ciphertext.Then the authors go further to recover an equivalent private key efficiently from the public key by exploiting the special structure of Compact-LWE.展开更多
Threshold proxy re-encryption(TPRE)can prevent collusion between a single proxy and a delegatee from converting arbitrary files against the wishes of the delegator through multiple proxies,and can also provide normal ...Threshold proxy re-encryption(TPRE)can prevent collusion between a single proxy and a delegatee from converting arbitrary files against the wishes of the delegator through multiple proxies,and can also provide normal services even when certain proxy servers are paralyzed or damaged.A non-interactive identity-based TPRE(IB-TPRE)scheme over lattices is proposed which removes the public key certificates.To accomplish this scheme,Shamir’s secret sharing is employed twice,which not only effectively hides the delegator’s private key information,but also decentralizes the proxy power by splitting the re-encryption key.Robustness means that a combiner can detect a misbehaving proxy server that has sent an invalid transformed ciphertext share.This property is achieved by lattice-based fully homomorphic signatures.As a result,the whole scheme is thoroughly capable of resisting quantum attacks even when they are available.The security of the proposed scheme is based on the decisional learning with error hardness assumption in the standard model.Two typical application scenarios,including a file-sharing system based on a blockchain network and a robust key escrow system with threshold cryptography,are presented.展开更多
基金This work was supported by the Defense Industrial Technology Development Program(Grant No.JCKY2021208B036).
文摘Due to the rapid advancements in network technology,blockchain is being employed for distributed data storage.In the Internet of Things(IoT)scenario,different participants manage multiple blockchains located in different trust domains,which has resulted in the extensive development of cross-domain authentication techniques.However,the emergence of many attackers equipped with quantum computers has the potential to launch quantum computing attacks against cross-domain authentication schemes based on traditional cryptography,posing a significant security threat.In response to the aforementioned challenges,our paper demonstrates a post-quantum cross-domain identity authentication scheme to negotiate the session key used in the cross-chain asset exchange process.Firstly,our paper designs the hiding and recovery process of user identity index based on lattice cryptography and introduces the identity-based signature from lattice to construct a post-quantum cross-domain authentication scheme.Secondly,our paper utilizes the hashed time-locked contract to achieves the cross-chain asset exchange of blockchain nodes in different trust domains.Furthermore,the security analysis reduces the security of the identity index and signature to Learning With Errors(LWE)and Short Integer Solution(SIS)assumption,respectively,indicating that our scheme has post-quantum security.Last but not least,through comparison analysis,we display that our scheme is efficient compared with the cross-domain authentication scheme based on traditional cryptography.
文摘The advent of quantum computers and algorithms challenges the semantic security of symmetric and asymmetric cryptosystems. Thus, the implementation of new cryptographic primitives is essential. They must follow the breakthroughs and properties of quantum calculators which make vulnerable existing cryptosystems. In this paper, we propose a random number generation model based on evaluation of the thermal noise power of the volume elements of an electronic system with a volume of 58.83 cm<sup>3</sup>. We prove through the sampling of the temperature of each volume element that it is difficult for an attacker to carry out an exploit. In 12 seconds, we generate for 7 volume elements, a stream of randomly generated keys of 187 digits that will be transmitted from source to destination through the properties of quantum cryptography.
文摘With the advent of quantum computing,numerous efforts have been made to standardize post-quantum cryptosystems with the intention of(eventually)replacing Elliptic Curve Cryptography(ECC)and Rivets-Shamir-Adelman(RSA).A modified version of the traditional N-Th Degree Truncated Polynomial Ring(NTRU)cryptosystem called NTRU Prime has been developed to reduce the attack surface.In this paper,the Signcryption scheme was proposed,and it is most efficient than others since it reduces the complexity and runs the time of the code execution,and at the same time,provides a better security degree since it ensures the integrity of the sent message,confidentiality of the data,forward secrecy when using refreshed parameters for each session.Unforgeability to prevent the man-in-the-middle attack from being active or passive,and non-repudiation when the sender can’t deny the recently sent message.This study aims to create a novel NTRU cryptography algorithm system that takes advantage of the security features of curve fitting operations and the valuable characteristics of chaotic systems.The proposed algorithm combines the(NTRU Prime)and Shamir’s Secret Sharing(SSS)features to improve the security of the NTRU encryption and key generation stages that rely on robust polynomial generation.Based on experimental results and a comparison of the time required for crucial exchange between NTRU-SSS and the original NTRU,this study shows a rise in complexity with a decrease in execution time in the case when compared to the original NTRU.It’s encouraging to see signs that the suggested changes to the NTRU work to increase accuracy and efficiency.
基金supported by the National Key Research and Development Program of China(No.2018YFA0704701)the National Natural Science Foundation of China(Nos.12271306,62102216,12226006)+2 种基金the Major Program of Guangdong Basic and Applied Research(No.2019B030302008)the Major Scientific and Technological Innovation Project of Shandong Province(No.2019JZZY010133)Shandong Key Research and Development Program(No.2020ZLYS09)。
文摘Most of current public key cryptosystems would be vulnerable to the attacks of the future quantum computers.Post-quantum cryptography offers mathematical methods to secure information and communications against such attacks,and therefore has been receiving a significant amount of attention in recent years.Lattice-based cryptography,built on the mathematical hard problems in(high-dimensional)lattice theory,is a promising post-quantum cryptography family due to its excellent efficiency,moderate size and strong security.This survey aims to give a general overview on lattice-based cryptography.To this end,the authors begin with the introduction of the underlying mathematical lattice problems.Then they introduce the fundamental cryptanalytic algorithms and the design theory of lattice-based cryptography.
基金supported by the National Key R&D Program of China(2022YFB2703400).
文摘With the rapid increase in demand for data trustworthiness and data security,distributed data storage technology represented by blockchain has received unprecedented attention.These technologies have been suggested for various uses because of their remarkable ability to offer decentralization,high autonomy,full process traceability,and tamper resistance.Blockchain enables the exchange of information and value in an untrusted environment.There has been a significant increase in attention to the confidentiality and privacy preservation of blockchain technology.Ensuring data privacy is a critical concern in cryptography,and one of the most important protocols used to achieve this is the secret-sharing method.By dividing the secret into shares and distributing them among multiple parties,no one can access the secret without the cooperation of the other parties.However,Attackers with quantum computers in the future can execute Grover’s and Shor’s algorithms on quantum computers that can break or reduce the currently widely used cryptosystems.Furthermore,centralized management of keys increases the risk of key leakage.This paper proposed a post-quantum threshold algo-rithm to reduce the risk of data privacy leakage in blockchain Systems.This algorithm uses distributed key management technology to reduce the risk of individual node private key leakage and provide post-quantum security.The proposed privacy-preserving cryptographic algorithm provides a post-quantum threshold architecture for managing data,which involves defining users and interaction processes within the system.This paper applies a linear secret-sharing solution to partition the private key of the Number Theory Research Unit(NTRU)algorithm into n parts.It constructs a t–n threshold that allows recovery of the plaintext only when more than t nodes participate in decryption.The characteristic of a threshold makes the scheme resistant to collusion attacks from members whose combined credibility is less than the threshold.This mitigates the risk of single-point private key leakage.During the threshold decryption process,the private key information of the nodes will not be leaked.In addition,the fact that the threshold algorithm is founded on the NTRU lattice enables it to withstand quantum attacks,thus enhancing its security.According to the analysis,the proposed scheme provides superior protection compared to currently availablemethods.This paper provides postquantum security solutions for data security protection of blockchain,which will enrich the use of blockchain in scenarios with strict requirements for data privacy protection.
文摘The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.
文摘This research paper analyzes the urgent topic of quantum cybersecurity and the current federal quantum-cyber landscape. Quantum-safe implementations within existing and future Internet of Things infrastructure are discussed, along with quantum vulnerabilities in public key infrastructure and symmetric cryptographic algorithms. Other relevant non-encryption-specific areas within cybersecurity are similarly raised. The evolution and expansion of cyberwarfare as well as new developments in cyber defense beyond post-quantum cryptography and quantum key distribution are subsequently explored, with an emphasis on public and private sector awareness and vigilance in maintaining strong security posture.
基金This work was supported by the National Natural Science Foundation of China (Grant Nos. 61272057, 61202434, 61170270, 61100203, 61003286, 61121061), the Fundamental Research Funds for the Central Universities (2012RC0612, 2011YB01), Langfang Teachers University Youth Fund (LSZQ200804), Hebei Education Funds for Youth Project (Q2012020, QN20131077).
文摘In order to achieve secure signcryption schemes in the quantum era, Li Fagen et al. [Concurrency and Computation: Practice and Experience, 2012, 25(4): 2112-2122] and Wang Fenghe et al. [Applied Mathematics & Information Sciences, 2012, 6(1): 23-28] have independently extended the concept of signcryption to lattice-based cryptography. However, their schemes are only secure under the random or- acle model. In this paper, we present a lattice-based signcryp- tion scheme which is secure under the standard model. We prove that our scheme achieves indistinguishability against adaptive chosen-ciphertext attacks (IND-CCA2) under the learning with errors (LWE) assumption and existential unforgeability against adaptive chosen-message attacks (EUF- CMA) under the small integer solution (SIS) assumption.
基金This work was supported by the National Natural Science Foundations of China (Grant Nos. 61173151, 61173152 and 61100229) and Huawei Technologies Co., Ltd., (YBCB2011116).
文摘Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL- PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be cer- tificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large in- teger factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate- less encryption scheme based on lattices, more precisely, us- ing the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factoriza- tion and discrete logarithms, the most operations are matrix- vector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model.
基金supported by the National Natural Science Foundations of China (61173151, 61472309)
文摘This paper proposes the first lattice-based sequential aggregate signature (SAS) scheme with lazy verification that is provably secure in the random oracle model. As opposed to large integer factoring and discrete logarithm based systems, the security of the construction relies on worst-case lattice problem, namely, under the small integer solution (SIS) assumption. Generally speaking, SAS schemes enable any group of signers ordered in a chain to sequentially combine their signatures such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Unlike prior such proposals, the new scheme does not require a signer to retrieve the keys of other signers and verify the aggregate-so-far before adding its own signature, and the signer can add its own signature to an unverified aggregate and forward it along immediately, postponing verification until load permits or the necessary public keys are obtained. Indeed, the new scheme does not even require a signer to know the public keys of other signers.
基金supported by the National Natural Science Foundation of China (61300216)the ‘13th Five-Year’ National Crypto Development Foundation (MMJJ20170122)+2 种基金the Project of Education Department of Henan Province (16A520013,18A413001)the Natural Science Foundation of Henan Polytechnic University (T2018-1)the Doctoral Fund of Henan Polytechnic University (B2014-044,B2016-36)
文摘Lattice-based hierarchical identity-based broadcast encryption(H-IBBE)schemes have broad application prospects in the quantum era,because it reduces the burden of private key generator(PKG)and is suitable for one-to-many communication.However,previous lattice-based H-IBBE schemes are mostly constructed in the random oracle model with more complex trapdoor delegation process and have lower practical application.A lattice-based H-IBBE is proposed in the fixed dimension under the standard model,which mainly consists of binary tree encryption(BTE)system,MP12 trapdoor function and ABB10b trapdoor delegation algorithm.First,this paper uses BTE system to eliminate the random oracle so that the scheme can be implemented under the standard model,and it also uses MP12 trapdoor function to reduce trapdoor generation complexity and obtains a safe and efficient trapdoor matrix;Second,this paper uses ABB10b trapdoor delegation algorithm to delegate user爷s private key,and the trapdoor matrices'dimensions are the same before and after the trapdoor delegation.Comparative analysis shows that trapdoor delegation process reduces complexity,and the size of cipher-text and trapdoor matrix does not increase with deeper trapdoor delegation process.This paper achieves indistinguishability of cipher-texts under a selective chosen-cipher-text and chosen-identity attack(INDr-sID-CCA)security in the standard model based on learning with errors(LWE)hard assumption.
基金supported by the National Natural Science Foundation of China(61802117)Support Plan of Scientific and Technological Innovation Team in Universities of Henan Province(20IRTSTHN013)the Youth Backbone Teacher Support Program of Henan Polytechnic University under Grant(2018XQG-10).
文摘Although the existing group signature schemes from lattice have been optimized for efficiency,the signing abilities of eachmember in the group are relatively single.It may not be suitable for complex applications.Inspired by the pioneering work of Bellare and Fuchsbauer,we present a primitive called policy-based group signature.In policy-based group signatures,group members can on behalf of the group to sign documents that meet their own policies,and the generated signatures will not leak the identity and policies of the signer.Moreover,the group administrator is allowed to reveal the identity of signer when a controversy occurs.Through the analysis of application scenarios,we concluded that the policy-based group signature needs to meet two essential security properties:simulatability and traceability.And we construct a scheme of policy-based group signature from lattice through techniques such as commitment,zero-knowledge proof,rejection sampling.The security of our scheme is proved to be reduced to the module short integer solution(MSIS)and module learning with errors(MLWE)hard assumptions.Furthermore,we make a performance comparison between our scheme and three lattice-based group signature schemes.The result shows that our scheme has more advantages in storage overhead and the sizes of key and signature are decreased roughly by 83.13%,46.01%,respectively,compared with other schemes.
基金This work was supported in part by the National Natural Science Foundation of China under Grant 62072240by the Natural Science Foundation of Jiangsu Province under Grant BK20210330by the National Key Research and Development Program of China under Grant 2020YFB1804604.
文摘This paper proposes the first code-based quantum immune sequential aggregate signature(SAS)scheme and proves the security of the proposed scheme in the random oracle model.Aggregate signature(AS)schemes and sequential aggregate signature schemes allow a group of potential signers to sign different messages respectively,and all the signatures of those users on those messages can be aggregated into a single signature such that the size of the aggregate signature is much smaller than the total size of all individual signatures.Because of the aggregation of many signatures into a single short signature,AS and SAS schemes can reduce bandwidth and save storage;moreover,when a SAS is verified,not only the valid but also the order in which each signer signed can be verified.AS and SAS schemes can be applied to traffic control,banking transaction and military applications.Most of the existing AS and SAS schemes are based either on pairing or Rivest-Shamir-Adleman(RSA),and hence,can be broken by Shor’s quantum algorithm for Integer Factoring Problem(IFP)and Discrete Logarithm Problem(DLP).There are no quantum algorithms to solve syndrome decoding problems.Hence,code-based cryptography is seen as one of the promising candidates for post-quantum cryptography.This paper shows how to construct quantum immune sequential aggregate signatures based on coding theory.Specifically,we construct our scheme with the first code based signature scheme proposed by Courtois,Finiasz and Sendrier(CFS).Compared to the CFS signature scheme without aggregation,the proposed sequential aggregate signature scheme can save about 90%storage when the number of signers is asymptotically large.
文摘McEliece cryptosystem is a public key cryptosystem that combines channel coding and encryption,and the oldest PKC that is conjectured to be postquantum secure.To decrease the key size of the original scheme,alternative codes have been adopted to replace Goppa codes.In this paper,we propose a ring signature using low-density generator-matrix codes.Our new scheme satisfies anonymity and existential unforgeability under chosen message attacks(EUFCMA).As for efficiency,the number of decoding operations has been reduced largely compared with ZLC ring signature,and the size of the public key is about 0.2%of the ZLC
基金supported by the Special Zone Project of National Defense Innovation.
文摘This work is the first to determine that a real quantum computer(including generalized and specialized)can decipher million-scale RSA relying solely on quantum algorithms,showing the real attack potential of D-Wave machines.The influence of different column widths on RSA factorization results is studied on the basis of a multiplication table,and the optimal column method is determined by traversal experiments.The traversal experiment of integer factorization within 10000 shows that the local field and coupling coefficients are 75%–93%lower than the research of Shanghai University in 2020 and more than 85%lower than that of Purdue University in 2018.Extremely low Ising model parameters are crucial to reducing the hardware requirements,prompting factoring 1245407 on the D-Wave 2000Q real machine.D-Wave advantage already has more than 5000 qubits and will be expanded to 7000 qubits during 2023–2024,with remarkable improvements in decoherence and topology.This machine is expected to promote the solution of large-scale combinatorial optimization problems.One of the contributions of this paper is the discussion of the long-term impact of D-Wave on the development of post-quantum cryptography standards.
基金supported by National Natural Science Foundation of China(No.U1936209).
文摘The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into four groups:lattice methods,algebraic methods,combinatorial methods,and exhaustive searching.The Blum–Kalai–Wasserman(BKW)algorithm is an important variety of combinatorial algorithms,which was first presented for solving the Learning Parity With Noise(LPN)problem and then extended to solve LWE.In this paper,we give an overview of BKW algorithms for solving LWE.We introduce the framework and key techniques of BKW algorithms and make comparisons between different BKW algorithms and also with lattice methods by estimating concrete security of specific LWE instances.We also briefly discuss the current problems and potential future directions of BKW algorithms.
基金Project supported by the Key Project of Natural Science Foundation Basic Research Program of Shaanxi Province,China (No. 2020JZ-54)the Innovation Foundation of Postgraduate of Xi’an University of Posts and Telecommunications,China (No. CXJJLY2018075)。
文摘Blind signcryption(BSC) can guarantee the blindness and untrackability of signcrypted messages, and moreover, it provides simultaneous unforgeability and confidentiality. Most traditional BSC schemes are based on the number theory. However, with the rapid development of quantum computing, traditional BSC systems are faced with severe security threats. As promising candidate cryptosystems with the ability to resist attacks from quantum computing, lattice-based cryptosystems have attracted increasing attention in academic fields. In this paper, a post-quantum blind signcryption scheme from lattice(PQ-LBSCS) is devised by applying BSC to lattice-based cryptosystems. PQ-LBSCS inherits the advantages of the lattice-based cryptosystem and blind signcryption technique. PQ-LBSCS is provably secure under the hard assumptions of the learning with error problem and small integer solution problem in the standard model. Simulations are carried out using the Matlab tool to analyze the computational efficiency, and the simulation results show that PQ-LBSCS is more efficient than previous schemes. PQ-LBSCS has extensive application prospects in e-commerce, mobile communication, and smart cards.
基金supported by the National Natural Science Foundation of China (Nos.61303212,61170080,61202386,61332019,U1135004,and 91018008)the National Key Basic Research and Development (973) Program of China (No.2014CB340600)the Natural Science Foundation of Hubei Province (Nos.2011CDB453 and 2014CFB440)
文摘Advances in quantum computers threaten to break public-key cryptosystems (e.g., RSA, ECC, and EIGamal), based on the hardness of factoring or taking a discrete logarithm. However, no quantum algorithms have yet been found for solving certain mathematical problems in non-commutative algebraic structures. Recently, two novel public-key encryption schemes, BKT-B cryptosystem and BKT-FO cryptosystem, based on factorization problems have been proposed at Security and Communication Networks in 2013. In this paper we show that these two schemes are vulnerable to structural attacks and linearization equations attacks, and that they only require polynomial time complexity to obtain messages from associated public keys. We conduct a detailed analysis of the two attack methods and show corresponding algorithmic descriptions and efficiency analyses. In addition, we provide some improvement suggestions for the two public-key encryption schemes.
基金supported by the National Natural Science Foundation of China under Grant No.61572490the National Key Research and Development Project under Grant No.2018YFA0704705the National Center for Mathematics and Interdisciplinary Sciences,CAS。
文摘As a candidate of the standard of post-quantum cryptography for NIST,Liu,et al.submitted a new public-key encryption scheme Compact-LWE,whose structure is similar to LWE,but with different distribution of errors.They thought that the special error distribution would protect Compact-LWE from known lattice-based attacks.Furthermore,they recommended a set of small parameters to improve the efficiency of Compact-LWE and claimed it can offer 192-bit security.However,in this paper,the authors show that Compact-LWE is not secure under recommended parameters by presenting two ciphertext-only attacks.First,the authors show that the message can be recovered efficiently from the ciphertext.Then the authors go further to recover an equivalent private key efficiently from the public key by exploiting the special structure of Compact-LWE.
基金Project supported by the National Natural Science Foundation of China(Nos.U1636114,61572521,and 61772550)the Innovative Research Team in Engineering University of People’s Armed Police,China(No.KYTD201805)+1 种基金the Natural Science Foundation of Shaanxi Province,China(No.2021JM-252)the Basic Research Project of Engineering University of People’s Armed Police,China(No.WJY201914)。
文摘Threshold proxy re-encryption(TPRE)can prevent collusion between a single proxy and a delegatee from converting arbitrary files against the wishes of the delegator through multiple proxies,and can also provide normal services even when certain proxy servers are paralyzed or damaged.A non-interactive identity-based TPRE(IB-TPRE)scheme over lattices is proposed which removes the public key certificates.To accomplish this scheme,Shamir’s secret sharing is employed twice,which not only effectively hides the delegator’s private key information,but also decentralizes the proxy power by splitting the re-encryption key.Robustness means that a combiner can detect a misbehaving proxy server that has sent an invalid transformed ciphertext share.This property is achieved by lattice-based fully homomorphic signatures.As a result,the whole scheme is thoroughly capable of resisting quantum attacks even when they are available.The security of the proposed scheme is based on the decisional learning with error hardness assumption in the standard model.Two typical application scenarios,including a file-sharing system based on a blockchain network and a robust key escrow system with threshold cryptography,are presented.