Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and p...Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and prove its se- curity in the random oracle model. This new paring-based scheme features a few improvements compared with other schemes in the literature. The two most noticeable features are its efficiency, by drastically reducing the number of pair- ing computations, and the ability it gives the user to share the identity-based private key without requiring any access to a private key generator. With the ability it gives the user to share the identity-based private key, our ID-based threshold decryption (IBTD) scheme, the second of its kind, is signif- icantly more efficient than the first scheme, which was de- veloped by Baek and Zheng, at the expense of a slightly in- creased ciphertext length. In fact, our IBTD scheme tries to use as few bilinear pairings as possible, especially without depending on the suite of Baek-Zheng secret sharing tools based on pairings.展开更多
In this paper, based on the verifiable pair and identity-based threshold cryptography, a novel identity-based (ID-based) threshold decryption scheme (IDTDS) is proposed, which is provably secure against adaptive c...In this paper, based on the verifiable pair and identity-based threshold cryptography, a novel identity-based (ID-based) threshold decryption scheme (IDTDS) is proposed, which is provably secure against adaptive chosen cipbertext attack under the computational bilinear Diffie-Hellman (CBDH) problem assumption in the random oracle. The pubic cheekability of ciphertext in the IDTDS is given by simply creating a signed E1Gamal encryption instead of a noninteractive zero-knowledge proof. Furthermore, we introduce a modified verifiable pairing to ensure all decryption shares are consistent. Our scheme is more efficient in verification than the schemes considered previously.展开更多
For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through desig...For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares.The generation and distribution of private key shares,the encryption,the decryption and the combination are introduced in detail.The validity and security of the scheme are proved and analyzed.Comparisons with the existing schemes show that the proposed scheme is more flexible.展开更多
In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-...In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-based threshold signature which allows mobile nodes to jointly generate and distribute the secrets for social attributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by getting enough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist potential routing attacks.Simulation results show that:by implementing our security scheme,the network delivery probability of the social context-based routing protocol can be effectively improved when there are large numbers of compromised nodes in opportunistic networks.展开更多
A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot....A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot. In this paper we propose an iden- tity-based threshold signature (IBTHS) scheme from bilinear pairings. The signing phase of our scheme is non-interactive, meaning that the signing players do not need to talk to each other. We prove our scheme secure (i.e., unforgeable and robust) in the standard model (i.e., without random oracles). No earlier proposed IBTHS scheme achieved even one of the features of being non-interactive (in the signing phase) and secure in the standard model.展开更多
The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test appro...The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test approach based on elliptic curve cryptography is designed. The application of these techniques in Web security is studied. Performance analysis shows that our scheme is characterized by excellent security as well as high efficiency.展开更多
B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext...B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext attack(CPA), based on the weaker model of security known as selective ID-based threshold CPA and the common model known as ID-based threshold CPA respectively.展开更多
In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid th...In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.展开更多
In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or mor...In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or more than t shares;and (b) the secret cannot be obtained when there are fewer than t shares. In the secret reconstruction, participating users can be either legitimate shareholders or attackers. Shamir’s scheme only considers the situation when all participating users are legitimate shareholders. In this paper, we show that when there are more than t users participating and shares are released asynchronously in the secret reconstruction, an attacker can always release his share last. In such a way, after knowing t valid shares of legitimate shareholders, the attacker can obtain the secret and therefore, can successfully impersonate to be a legitimate shareholder without being detected. We propose a simple modification of Shamir’s scheme to fix this security problem. Threshold cryptography is a research of group-oriented applications based on the secret sharing scheme. We show that a similar security problem also exists in threshold cryptographic applications. We propose a modified scheme to fix this security problem as well.展开更多
Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In...Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation.展开更多
文摘Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and prove its se- curity in the random oracle model. This new paring-based scheme features a few improvements compared with other schemes in the literature. The two most noticeable features are its efficiency, by drastically reducing the number of pair- ing computations, and the ability it gives the user to share the identity-based private key without requiring any access to a private key generator. With the ability it gives the user to share the identity-based private key, our ID-based threshold decryption (IBTD) scheme, the second of its kind, is signif- icantly more efficient than the first scheme, which was de- veloped by Baek and Zheng, at the expense of a slightly in- creased ciphertext length. In fact, our IBTD scheme tries to use as few bilinear pairings as possible, especially without depending on the suite of Baek-Zheng secret sharing tools based on pairings.
基金Supported by the National Natural Science Foundation of China (60970119, 60803149)the National Basic Research Program of China (973 Program) (2007CB311201)
文摘In this paper, based on the verifiable pair and identity-based threshold cryptography, a novel identity-based (ID-based) threshold decryption scheme (IDTDS) is proposed, which is provably secure against adaptive chosen cipbertext attack under the computational bilinear Diffie-Hellman (CBDH) problem assumption in the random oracle. The pubic cheekability of ciphertext in the IDTDS is given by simply creating a signed E1Gamal encryption instead of a noninteractive zero-knowledge proof. Furthermore, we introduce a modified verifiable pairing to ensure all decryption shares are consistent. Our scheme is more efficient in verification than the schemes considered previously.
基金the National Natural Science Foundation of China(No.60374066)
文摘For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares.The generation and distribution of private key shares,the encryption,the decryption and the combination are introduced in detail.The validity and security of the scheme are proved and analyzed.Comparisons with the existing schemes show that the proposed scheme is more flexible.
基金the Major national S&T program under Grant No. 2011ZX03005-002National Natural Science Foundation of China under Grant No. 60872041,61072066the Fundamental Research Funds for the Central Universities under Grant No. JY10000903001,JY10000901034
文摘In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-based threshold signature which allows mobile nodes to jointly generate and distribute the secrets for social attributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by getting enough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist potential routing attacks.Simulation results show that:by implementing our security scheme,the network delivery probability of the social context-based routing protocol can be effectively improved when there are large numbers of compromised nodes in opportunistic networks.
基金Project (No. 2005AA145110) supported by the Hi-Tech Research and Development Program (863) of China
文摘A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot. In this paper we propose an iden- tity-based threshold signature (IBTHS) scheme from bilinear pairings. The signing phase of our scheme is non-interactive, meaning that the signing players do not need to talk to each other. We prove our scheme secure (i.e., unforgeable and robust) in the standard model (i.e., without random oracles). No earlier proposed IBTHS scheme achieved even one of the features of being non-interactive (in the signing phase) and secure in the standard model.
基金Supported by the Foundation of National 863 Programme of China (No. 2002AA142040)
文摘The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test approach based on elliptic curve cryptography is designed. The application of these techniques in Web security is studied. Performance analysis shows that our scheme is characterized by excellent security as well as high efficiency.
文摘B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext attack(CPA), based on the weaker model of security known as selective ID-based threshold CPA and the common model known as ID-based threshold CPA respectively.
基金Supported by the National Natural Science Foun-dation of China (60473029)
文摘In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.
文摘In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or more than t shares;and (b) the secret cannot be obtained when there are fewer than t shares. In the secret reconstruction, participating users can be either legitimate shareholders or attackers. Shamir’s scheme only considers the situation when all participating users are legitimate shareholders. In this paper, we show that when there are more than t users participating and shares are released asynchronously in the secret reconstruction, an attacker can always release his share last. In such a way, after knowing t valid shares of legitimate shareholders, the attacker can obtain the secret and therefore, can successfully impersonate to be a legitimate shareholder without being detected. We propose a simple modification of Shamir’s scheme to fix this security problem. Threshold cryptography is a research of group-oriented applications based on the secret sharing scheme. We show that a similar security problem also exists in threshold cryptographic applications. We propose a modified scheme to fix this security problem as well.
基金the National Natural Science Foundation of China (60573043, 60372046).
文摘Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation.
