Identity-based threshold signature(IDTS)is a forceful primitive to protect identity and data privacy,in which parties can collaboratively sign a given message as a signer without reconstructing a signing key.Neverthel...Identity-based threshold signature(IDTS)is a forceful primitive to protect identity and data privacy,in which parties can collaboratively sign a given message as a signer without reconstructing a signing key.Nevertheless,most IDTS schemes rely on a trusted key generation center(KGC).Recently,some IDTS schemes can achieve escrow-free security against corrupted KGC,but all of them are vulnerable to denial-of-service attacks in the dishonest majority setting,where cheaters may force the protocol to abort without providing any feedback.In this work,we present a fully decentralized IDTS scheme to resist corrupted KGC and denialof-service attacks.To this end,we design threshold protocols to achieve distributed key generation,private key extraction,and signing generation which can withstand the collusion between KGCs and signers,and then we propose an identification mechanism that can detect the identity of cheaters during key generation,private key extraction and signing generation.Finally,we formally prove that the proposed scheme is threshold unforgeability against chosen message attacks.The experimental results show that the computation time of both key generation and signing generation is<1 s,and private key extraction is about 3 s,which is practical in the distributed environment.展开更多
The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies axe either accessible o...The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies axe either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them. The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations. CSchema language has a type system to guarantee the type correctness of the embedded calculation expressions and moreover this type system also generates a security view after type checking a CSchema policy. Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies. These released documents are then ready to be accessed by, for instance, XML query engines. By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.展开更多
基金support by the National Key R&D Program of China(No.2021YFB3100400)the National Natural Science Foundation of China(Grant Nos.62172216,U20A201092)+6 种基金the Jiangsu Provincial Key Research and Development Program(Nos.BE2022068,BE2022068-2)the Key R&D Program of Guangdong Province(No.2020B0101090002)the Natural Science Foundation of Jiangsu Province(No.BK20211180)the Research Fund of Guangxi Key Laboratory of Trusted Software(No.KX202034)the Research Fund of State Key Laboratory of Integrated Services Networks(Xidian University)(No.ISN23-20)the Fund of Prospective Layout of Scientific Research for NUAA(Nanjing University of Aeronautics and Astronautics)JSPS Postdoctoral Fellowships(No.P21073).
文摘Identity-based threshold signature(IDTS)is a forceful primitive to protect identity and data privacy,in which parties can collaboratively sign a given message as a signer without reconstructing a signing key.Nevertheless,most IDTS schemes rely on a trusted key generation center(KGC).Recently,some IDTS schemes can achieve escrow-free security against corrupted KGC,but all of them are vulnerable to denial-of-service attacks in the dishonest majority setting,where cheaters may force the protocol to abort without providing any feedback.In this work,we present a fully decentralized IDTS scheme to resist corrupted KGC and denialof-service attacks.To this end,we design threshold protocols to achieve distributed key generation,private key extraction,and signing generation which can withstand the collusion between KGCs and signers,and then we propose an identification mechanism that can detect the identity of cheaters during key generation,private key extraction and signing generation.Finally,we formally prove that the proposed scheme is threshold unforgeability against chosen message attacks.The experimental results show that the computation time of both key generation and signing generation is<1 s,and private key extraction is about 3 s,which is practical in the distributed environment.
文摘The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies axe either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them. The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations. CSchema language has a type system to guarantee the type correctness of the embedded calculation expressions and moreover this type system also generates a security view after type checking a CSchema policy. Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies. These released documents are then ready to be accessed by, for instance, XML query engines. By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.
