In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-...In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-based threshold signature which allows mobile nodes to jointly generate and distribute the secrets for social attributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by getting enough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist potential routing attacks.Simulation results show that:by implementing our security scheme,the network delivery probability of the social context-based routing protocol can be effectively improved when there are large numbers of compromised nodes in opportunistic networks.展开更多
A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot....A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot. In this paper we propose an iden- tity-based threshold signature (IBTHS) scheme from bilinear pairings. The signing phase of our scheme is non-interactive, meaning that the signing players do not need to talk to each other. We prove our scheme secure (i.e., unforgeable and robust) in the standard model (i.e., without random oracles). No earlier proposed IBTHS scheme achieved even one of the features of being non-interactive (in the signing phase) and secure in the standard model.展开更多
Through cryptanalysis of the improved scheme of a generalized group-oriented threshold signcryption schemes,it is found that the improved scheme can effectively resist conspiracy attack and forgery attack,but does not...Through cryptanalysis of the improved scheme of a generalized group-oriented threshold signcryption schemes,it is found that the improved scheme can effectively resist conspiracy attack and forgery attack,but does not have semantic security and public verification function,and sends threshold signcryption by the secret secure channel,which increases the communication costs and potential safety hazards of the system.A new group-oriented publicly verifiable threshold signcryption scheme is proposed on the basis of the improved scheme,the new scheme overcomes the drawbacks of the improved scheme,which not only provides with semantic security and public verification function,but also can send threshold signcryption by the public channel.展开更多
Electronic healthcare systems can offer convenience but face the risk of data forgery and information leakage.To solve these issues,we propose an identity-based searchable attribute signcryption in lattice for a block...Electronic healthcare systems can offer convenience but face the risk of data forgery and information leakage.To solve these issues,we propose an identity-based searchable attribute signcryption in lattice for a blockchain-based medical system(BCMS-LIDSASC).BCMS-LIDSASC achieves decentralization and anti-quantum security in the blockchain environment,and provides fine-grained access control and searchability.Furthermore,smart contracts are used to replace traditional trusted third parties,and the interplanetary file system(IPFS)is used for ciphertext storage to alleviate storage pressure on the blockchain.Compared to other schemes,BCMS-LIDSASC requires smaller key size and less storage,and has lower computation cost.It contributes to secure and efficient management of medical data and can protect patient privacy and ensure the integrity of electronic healthcare systems.展开更多
In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid th...In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.展开更多
To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggre...To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.展开更多
In the existing Electronic Health Records(EHRs),the medical information of patients is completely controlled by various medical institutions.As such,patients have no dominant power over their own EHRs.These personal d...In the existing Electronic Health Records(EHRs),the medical information of patients is completely controlled by various medical institutions.As such,patients have no dominant power over their own EHRs.These personal data are not only inconvenient to access and share,but are also prone to cause privacy disclosure.The blockchain technology provides a new development direction in the medical field.Blockchain-based EHRs are characterized by decentralization,openness and non-tampering of records,which enable patients to better manage their own EHRs.In order to better protect the privacy of patients,only designated receivers can access EHRs,and receivers can authenticate the sharer to ensure that the EHRs are real and effective.In this study,we propose an identity-based signcryption scheme with multiple authorities for multiple receivers,which can resist N-1 collusion attacks among N authorities.In addition,the identity information of receivers is anonymous,so the relationship between them and the sharer is not disclosed.Under the random oracle model,it was proved that our scheme was secure and met the unforgeability and confidentiality requirements of signcryption.Moreover,we evaluated the performance of the scheme and found that it had the moderate signcryption efficiency and excellent signcryption attributes.展开更多
Mobile commerce uses wireless device and wireless link to result in the transfer of values in exchange of information, services or goods. Wireless mobile ad hoc networks (MANETs) will bring a revolution to the busin...Mobile commerce uses wireless device and wireless link to result in the transfer of values in exchange of information, services or goods. Wireless mobile ad hoc networks (MANETs) will bring a revolution to the business model of mobile commerce if such networks are used as the underlying network technology for mobile commerce. Mobile commerce will remain in a niche market until the security issue is properly addressed. Hence, security is also very important for MANET applications in mobile commerce. Robust key management is one of the most crucial technologies for security of MANETs. In this paper, a new solution for key management is proposed using identity-based (ID-based) signcryption and threshold secret sharing. It enables flexible and efficient key management while respecting the constraints of MANETs. In our solution, each mobile host uses its globally unique identity as its public key. It greatly decreases the computation and storage costs of mobile hosts, as well as communication cost for system key management.展开更多
Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been pro...Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter's privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.展开更多
Signcryption is a public key cryptographic method that achieves unforgeability and confidentiality simultaneously with significantly smaller overhead than that required by "digital signature followed by public key en...Signcryption is a public key cryptographic method that achieves unforgeability and confidentiality simultaneously with significantly smaller overhead than that required by "digital signature followed by public key encryption". It does this by signing and encr.ypting a message in a single step. An aggregate signcryption scheme allows individual signcryption ciphertexts intended for the same recipi- ent to be aggregated into a single (shorter) combined ciphertext without losing any of the security guarantees. We present an aggregate signcryption scheme in the identity-based setting using multilinear maps, and provide a proof of security in the standard model. To the best of our knowledge, our new scheme is the first aggregate signcryption scheme that is secure in the standard model.展开更多
B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext...B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext attack(CPA), based on the weaker model of security known as selective ID-based threshold CPA and the common model known as ID-based threshold CPA respectively.展开更多
Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In...Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation.展开更多
Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and p...Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and prove its se- curity in the random oracle model. This new paring-based scheme features a few improvements compared with other schemes in the literature. The two most noticeable features are its efficiency, by drastically reducing the number of pair- ing computations, and the ability it gives the user to share the identity-based private key without requiring any access to a private key generator. With the ability it gives the user to share the identity-based private key, our ID-based threshold decryption (IBTD) scheme, the second of its kind, is signif- icantly more efficient than the first scheme, which was de- veloped by Baek and Zheng, at the expense of a slightly in- creased ciphertext length. In fact, our IBTD scheme tries to use as few bilinear pairings as possible, especially without depending on the suite of Baek-Zheng secret sharing tools based on pairings.展开更多
基金the Major national S&T program under Grant No. 2011ZX03005-002National Natural Science Foundation of China under Grant No. 60872041,61072066the Fundamental Research Funds for the Central Universities under Grant No. JY10000903001,JY10000901034
文摘In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-based threshold signature which allows mobile nodes to jointly generate and distribute the secrets for social attributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by getting enough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist potential routing attacks.Simulation results show that:by implementing our security scheme,the network delivery probability of the social context-based routing protocol can be effectively improved when there are large numbers of compromised nodes in opportunistic networks.
基金Project (No. 2005AA145110) supported by the Hi-Tech Research and Development Program (863) of China
文摘A (t, n) threshold signature scheme distributes the secret key and hence the signing ability to n players in a way that any set of t+1 or more honest players can collaborate to sign, while any set of t players cannot. In this paper we propose an iden- tity-based threshold signature (IBTHS) scheme from bilinear pairings. The signing phase of our scheme is non-interactive, meaning that the signing players do not need to talk to each other. We prove our scheme secure (i.e., unforgeable and robust) in the standard model (i.e., without random oracles). No earlier proposed IBTHS scheme achieved even one of the features of being non-interactive (in the signing phase) and secure in the standard model.
基金Supported by the National Natural Science Foundation of China(No.61179026)the Fundamental Research funds for the Centeral Universities(No.3122013K001)
文摘Through cryptanalysis of the improved scheme of a generalized group-oriented threshold signcryption schemes,it is found that the improved scheme can effectively resist conspiracy attack and forgery attack,but does not have semantic security and public verification function,and sends threshold signcryption by the secret secure channel,which increases the communication costs and potential safety hazards of the system.A new group-oriented publicly verifiable threshold signcryption scheme is proposed on the basis of the improved scheme,the new scheme overcomes the drawbacks of the improved scheme,which not only provides with semantic security and public verification function,but also can send threshold signcryption by the public channel.
基金Project supported by the Special Project of Kunlun Talent Teaching Master of Qinghai Province,China(No.[2020]18)。
文摘Electronic healthcare systems can offer convenience but face the risk of data forgery and information leakage.To solve these issues,we propose an identity-based searchable attribute signcryption in lattice for a blockchain-based medical system(BCMS-LIDSASC).BCMS-LIDSASC achieves decentralization and anti-quantum security in the blockchain environment,and provides fine-grained access control and searchability.Furthermore,smart contracts are used to replace traditional trusted third parties,and the interplanetary file system(IPFS)is used for ciphertext storage to alleviate storage pressure on the blockchain.Compared to other schemes,BCMS-LIDSASC requires smaller key size and less storage,and has lower computation cost.It contributes to secure and efficient management of medical data and can protect patient privacy and ensure the integrity of electronic healthcare systems.
基金Supported by the National Natural Science Foun-dation of China (60473029)
文摘In 2006, Bao et al proposed an identlty-based threshold proxy signature scheme with known signers. In this paper, we show that Bao et al's scheme is vulnerable to the forgery attack. An adversary can forge a valid threshold proxy signature for any message with knowing a previously valid threshold proxy signature. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or verifiers, which might violate the original signer's intent. Furthermore, we propose an improved scheme that remedies the weaknesses of Bao et al's scheme. The improved scheme satisfies all secure requirements for threshold proxy signature.
基金supported by the National Grand Fundamental Research 973 Program of China under Grant No.2011CB302903 the National Natural Science Foundation of China under Grants No.61073188,No.61073115+1 种基金 the Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002 the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.yx002001
文摘To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.
基金This work was supported by the National Key Research and Development Project of China(Grant No.2017YFB0802302)the Science and Technology Support Project of Sichuan Province(Grant Nos.2016FZ0112,2017GZ0314,and 2018GZ0204)+2 种基金the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(Grant No.2016120080102643)the Application Foundation Project of Sichuan Province(Grant No.2017JY0168)the Science and Technology Project of Chengdu(Grant Nos.2017-RK00-00103-ZF,and 2016-HM01-00217-SF).
文摘In the existing Electronic Health Records(EHRs),the medical information of patients is completely controlled by various medical institutions.As such,patients have no dominant power over their own EHRs.These personal data are not only inconvenient to access and share,but are also prone to cause privacy disclosure.The blockchain technology provides a new development direction in the medical field.Blockchain-based EHRs are characterized by decentralization,openness and non-tampering of records,which enable patients to better manage their own EHRs.In order to better protect the privacy of patients,only designated receivers can access EHRs,and receivers can authenticate the sharer to ensure that the EHRs are real and effective.In this study,we propose an identity-based signcryption scheme with multiple authorities for multiple receivers,which can resist N-1 collusion attacks among N authorities.In addition,the identity information of receivers is anonymous,so the relationship between them and the sharer is not disclosed.Under the random oracle model,it was proved that our scheme was secure and met the unforgeability and confidentiality requirements of signcryption.Moreover,we evaluated the performance of the scheme and found that it had the moderate signcryption efficiency and excellent signcryption attributes.
基金Supported by the National Natural Science Foun-dation of China (60473021 ,60503012)the Natural Science Foun-dation of Henan Province (511010900)
文摘Mobile commerce uses wireless device and wireless link to result in the transfer of values in exchange of information, services or goods. Wireless mobile ad hoc networks (MANETs) will bring a revolution to the business model of mobile commerce if such networks are used as the underlying network technology for mobile commerce. Mobile commerce will remain in a niche market until the security issue is properly addressed. Hence, security is also very important for MANET applications in mobile commerce. Robust key management is one of the most crucial technologies for security of MANETs. In this paper, a new solution for key management is proposed using identity-based (ID-based) signcryption and threshold secret sharing. It enables flexible and efficient key management while respecting the constraints of MANETs. In our solution, each mobile host uses its globally unique identity as its public key. It greatly decreases the computation and storage costs of mobile hosts, as well as communication cost for system key management.
基金Supported by the National Natural Science Foundation of China (60573043)the Foundation of National Laboratory for Modern Communications (9140C1107010604)Youth Science and Technology Foundation of University of Electronic Science and Technology of China
文摘Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter's privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.
文摘Signcryption is a public key cryptographic method that achieves unforgeability and confidentiality simultaneously with significantly smaller overhead than that required by "digital signature followed by public key encryption". It does this by signing and encr.ypting a message in a single step. An aggregate signcryption scheme allows individual signcryption ciphertexts intended for the same recipi- ent to be aggregated into a single (shorter) combined ciphertext without losing any of the security guarantees. We present an aggregate signcryption scheme in the identity-based setting using multilinear maps, and provide a proof of security in the standard model. To the best of our knowledge, our new scheme is the first aggregate signcryption scheme that is secure in the standard model.
文摘B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext attack(CPA), based on the weaker model of security known as selective ID-based threshold CPA and the common model known as ID-based threshold CPA respectively.
基金the National Natural Science Foundation of China (60573043, 60372046).
文摘Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation.
文摘Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and prove its se- curity in the random oracle model. This new paring-based scheme features a few improvements compared with other schemes in the literature. The two most noticeable features are its efficiency, by drastically reducing the number of pair- ing computations, and the ability it gives the user to share the identity-based private key without requiring any access to a private key generator. With the ability it gives the user to share the identity-based private key, our ID-based threshold decryption (IBTD) scheme, the second of its kind, is signif- icantly more efficient than the first scheme, which was de- veloped by Baek and Zheng, at the expense of a slightly in- creased ciphertext length. In fact, our IBTD scheme tries to use as few bilinear pairings as possible, especially without depending on the suite of Baek-Zheng secret sharing tools based on pairings.
基金国家自然科学基金(the National Natural Science Foundation of China under Grant No.10571113)陕西省自然科学基金(the NaturalScience Foundation of Shaanxi Province of China under Grant No.2004A14)陕西省自然科学研究计划项目(No.07JK375)