We survey the state of research on identity-based cryptography and attribute-based cryptography.We firstly review the basic concepts of identity-based cryptographic schemes in which users' identifier information s...We survey the state of research on identity-based cryptography and attribute-based cryptography.We firstly review the basic concepts of identity-based cryptographic schemes in which users' identifier information such as email or IP addresses instead of digital certificates can be used as public key for encryption or signature verification,and subsequently review some important identity-based encryption,signature and signcryption schemes.Then we give our research on Identity-Based Encryption-Signature(IBES) method.We also survey the attribute-based cryptographic schemes in which the identity of user is viewed as a set of descriptive attributes,including some important attribute-based encryption and signature schemes.We subsequently give our research on Attribute-Based Encryption and Identity-Based Signature (ABE-IBS) method.Both methods aim at efficiently improving the security of wireless sensor network.Finally,we propose a few interesting open problems concerning with practical and theoretical aspects of identity-based cryptography and attribute-based cryptography.展开更多
In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-...In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-based threshold signature which allows mobile nodes to jointly generate and distribute the secrets for social attributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by getting enough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist potential routing attacks.Simulation results show that:by implementing our security scheme,the network delivery probability of the social context-based routing protocol can be effectively improved when there are large numbers of compromised nodes in opportunistic networks.展开更多
An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is propo...An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.展开更多
Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi...Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.展开更多
To design an efficient protocol for sharing the encrypted lock keys in the renting house system,we introduce a new notion called time-and identitybased proxy reencryption(TIPRE)and the blockchain platform.Our CPA secu...To design an efficient protocol for sharing the encrypted lock keys in the renting house system,we introduce a new notion called time-and identitybased proxy reencryption(TIPRE)and the blockchain platform.Our CPA secure TIPRE scheme is constructed from Green et al.’s identity-based proxy reencryption scheme by adding the time property.In every time period,a time stamp authority generates a public key embedded with the current time stamp for each user.In our protocol for the renting house system,the TIPRE scheme is the primary building block,and the blockchain platform serves instead of a trusted third party,such as a real estate agency between landlords and tenants.The TIPRE scheme allows the landlord to change the lock key at each time period for safety.The blockchain platform allows the landlords and tenants to directly interact,and all of the interactions are recorded in the blockchain database to provide the desired security requirements,such as nonrepudiation and unforgeability.Finally,we provide the secure analysis of our protocol and test its performance by implementing it in the MacBook Pro and the Intel Edison development platforms.展开更多
In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive se...In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive security) under three static(i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.展开更多
The study of vehicular ad-hoc networks(VANETs)has received significant attention among academia;even so,its security and privacy still become a central issue that is wide-open to discuss.The authentication schemes dep...The study of vehicular ad-hoc networks(VANETs)has received significant attention among academia;even so,its security and privacy still become a central issue that is wide-open to discuss.The authentication schemes deployed in VANETs have a substantial impact on its security and privacy.Many researchers have proposed a variety of schemes related to the information verification and efficiency improvement in VANETs.In recent years,many papers have proposed identity-based batch verification(IBV)schemes in regard to diminishing overhead in the message verification process in VANETs.This survey begins with providing background information about VANETs and clarifying its security and privacy,as well as performance requirements that must be satisfied.After presenting an outlook of some relevant surveys of VANETs,a brief review of some IBV schemes published in recent years is conferred.The detailed approach of each scheme,with a comprehensive comparison between them,has been provided afterward.Finally,we summarize those recent studies and possible future improvements.展开更多
Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approac...Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.展开更多
可截取签名允许签名人根据需要,在不与原始签名人交互的情况下删除已签名中的敏感数据块,并为截取后的数据计算一个公开并且可验证的签名.目前大多数可截取签名方案都是基于传统数论的困难假设构造的,鉴于量子计算机可能构成的威胁,构...可截取签名允许签名人根据需要,在不与原始签名人交互的情况下删除已签名中的敏感数据块,并为截取后的数据计算一个公开并且可验证的签名.目前大多数可截取签名方案都是基于传统数论的困难假设构造的,鉴于量子计算机可能构成的威胁,构造能够抵抗量子计算攻击的可截取签名方案尤为重要.因此基于格的Ring-SIS(ring short integer solution)问题,提出一种理想格上基于身份的可截取签名方案,证明了该方案在选择身份和消息攻击下存在不可伪造性和隐私性.理论分析和效率分析表明,相较于同类方案,该方案在功能性上同时具备身份认证、隐私性和抗量子攻击等多种功能,用户公钥尺寸更短、安全性更高、算法耗时更低.展开更多
5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large nu...5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large number of devices,thus realizing richer application scenarios and constructing 5G-enabled vehicular networks.However,due to the vulnerability of wireless communication,vehicle privacy and communication security have become the key problems to be solved in vehicular networks.Moreover,the large-scale communication in the vehicular networks also makes the higher communication efficiency an inevitable requirement.In order to achieve efficient and secure communication while protecting vehicle privacy,this paper proposes a lightweight key agreement and key update scheme for 5G vehicular networks based on blockchain.Firstly,the key agreement is accomplished using certificateless public key cryptography,and based on the aggregate signature and the cooperation between the vehicle and the trusted authority,an efficient key updating method is proposed,which reduces the overhead and protects the privacy of the vehicle while ensuring the communication security.Secondly,by introducing blockchain and using smart contracts to load the vehicle public key table for key management,this meets the requirements of vehicle traceability and can dynamically track and revoke misbehaving vehicles.Finally,the formal security proof under the eck security model and the informal security analysis is conducted,it turns out that our scheme is more secure than other authentication schemes in the vehicular networks.Performance analysis shows that our scheme has lower overhead than existing schemes in terms of communication and computation.展开更多
基金supported by the National Natural Science Foundation of China(No. 60873231)Natural Science Fund for Colleges and the Universities of Jiangsu Province(No. 08KJB520006)+2 种基金Natural Science Foundation of Jiangsu Province(No. BK2009426)Colleges and Universities of Jiangsu Province Plans to Graduate Research and Innovation(No.CX09B_151Z)the Innovation Fund of NJUPT(No.NY208006)
文摘We survey the state of research on identity-based cryptography and attribute-based cryptography.We firstly review the basic concepts of identity-based cryptographic schemes in which users' identifier information such as email or IP addresses instead of digital certificates can be used as public key for encryption or signature verification,and subsequently review some important identity-based encryption,signature and signcryption schemes.Then we give our research on Identity-Based Encryption-Signature(IBES) method.We also survey the attribute-based cryptographic schemes in which the identity of user is viewed as a set of descriptive attributes,including some important attribute-based encryption and signature schemes.We subsequently give our research on Attribute-Based Encryption and Identity-Based Signature (ABE-IBS) method.Both methods aim at efficiently improving the security of wireless sensor network.Finally,we propose a few interesting open problems concerning with practical and theoretical aspects of identity-based cryptography and attribute-based cryptography.
基金the Major national S&T program under Grant No. 2011ZX03005-002National Natural Science Foundation of China under Grant No. 60872041,61072066the Fundamental Research Funds for the Central Universities under Grant No. JY10000903001,JY10000901034
文摘In opportunistic Networks,compromised nodes can attack social context-based routing protocols by publishing false social attributes information.To solve this problem,we propose a security scheme based on the identity-based threshold signature which allows mobile nodes to jointly generate and distribute the secrets for social attributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by getting enough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist potential routing attacks.Simulation results show that:by implementing our security scheme,the network delivery probability of the social context-based routing protocol can be effectively improved when there are large numbers of compromised nodes in opportunistic networks.
基金supported by a grant from the National Natural Science Foundation of China (10961013)
文摘An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper,an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols,it requires less communication cost.
基金supported by the National Natural Science Foundation of China under Grants No.61272499,No.10990011
文摘Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.
基金This research is partially supported by the National Natural Science Foundation of China under Grant Nos.61672016the Jiangsu Qing Lan Project,the Six Talent Peaks Project in Jiangsu Province under Grant RJFW-010the Guangxi Key Laboratory of Cryptography and Information Security under Grant GCIS201815.
文摘To design an efficient protocol for sharing the encrypted lock keys in the renting house system,we introduce a new notion called time-and identitybased proxy reencryption(TIPRE)and the blockchain platform.Our CPA secure TIPRE scheme is constructed from Green et al.’s identity-based proxy reencryption scheme by adding the time property.In every time period,a time stamp authority generates a public key embedded with the current time stamp for each user.In our protocol for the renting house system,the TIPRE scheme is the primary building block,and the blockchain platform serves instead of a trusted third party,such as a real estate agency between landlords and tenants.The TIPRE scheme allows the landlord to change the lock key at each time period for safety.The blockchain platform allows the landlords and tenants to directly interact,and all of the interactions are recorded in the blockchain database to provide the desired security requirements,such as nonrepudiation and unforgeability.Finally,we provide the secure analysis of our protocol and test its performance by implementing it in the MacBook Pro and the Intel Edison development platforms.
基金supported by the Nature Science Foundation of China under grant 60970119, 60803149the National Basic Research Program of China(973) under grant 2007CB311201
文摘In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive security) under three static(i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.
文摘The study of vehicular ad-hoc networks(VANETs)has received significant attention among academia;even so,its security and privacy still become a central issue that is wide-open to discuss.The authentication schemes deployed in VANETs have a substantial impact on its security and privacy.Many researchers have proposed a variety of schemes related to the information verification and efficiency improvement in VANETs.In recent years,many papers have proposed identity-based batch verification(IBV)schemes in regard to diminishing overhead in the message verification process in VANETs.This survey begins with providing background information about VANETs and clarifying its security and privacy,as well as performance requirements that must be satisfied.After presenting an outlook of some relevant surveys of VANETs,a brief review of some IBV schemes published in recent years is conferred.The detailed approach of each scheme,with a comprehensive comparison between them,has been provided afterward.Finally,we summarize those recent studies and possible future improvements.
基金supported by the National Key Research and Development Program of China under Grant No.2021YFB2700600the National Natural Science Foundation of China under Grant No.62132013+5 种基金the Key Research and Development Programs of Shaanxi under Grant Nos.S2024-YF-YBGY-1540 and 2021ZDLGY06-03the Basic Strengthening Plan Program under Grant No.2023-JCJQ-JJ-0772the Key-Area Research and Development Program of Guangdong Province under Grant No.2021B0101400003Hong Kong RGC Research Impact Fund under Grant Nos.R5060-19 and R5034-18Areas of Excellence Scheme under Grant No.Ao E/E-601/22-RGeneral Research Fund under Grant Nos.152203/20E,152244/21E,152169/22E and152228/23E。
文摘Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.
文摘可截取签名允许签名人根据需要,在不与原始签名人交互的情况下删除已签名中的敏感数据块,并为截取后的数据计算一个公开并且可验证的签名.目前大多数可截取签名方案都是基于传统数论的困难假设构造的,鉴于量子计算机可能构成的威胁,构造能够抵抗量子计算攻击的可截取签名方案尤为重要.因此基于格的Ring-SIS(ring short integer solution)问题,提出一种理想格上基于身份的可截取签名方案,证明了该方案在选择身份和消息攻击下存在不可伪造性和隐私性.理论分析和效率分析表明,相较于同类方案,该方案在功能性上同时具备身份认证、隐私性和抗量子攻击等多种功能,用户公钥尺寸更短、安全性更高、算法耗时更低.
基金supported in part by the National Natural Science Foundation of China under Grant 61941113,Grant 61971033,and Grant 61671057by the Henan Provincial Department of Science and Technology Project(No.212102210408)by the Henan Provincial Key Scientific Research Project(No.22A520041).
文摘5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large number of devices,thus realizing richer application scenarios and constructing 5G-enabled vehicular networks.However,due to the vulnerability of wireless communication,vehicle privacy and communication security have become the key problems to be solved in vehicular networks.Moreover,the large-scale communication in the vehicular networks also makes the higher communication efficiency an inevitable requirement.In order to achieve efficient and secure communication while protecting vehicle privacy,this paper proposes a lightweight key agreement and key update scheme for 5G vehicular networks based on blockchain.Firstly,the key agreement is accomplished using certificateless public key cryptography,and based on the aggregate signature and the cooperation between the vehicle and the trusted authority,an efficient key updating method is proposed,which reduces the overhead and protects the privacy of the vehicle while ensuring the communication security.Secondly,by introducing blockchain and using smart contracts to load the vehicle public key table for key management,this meets the requirements of vehicle traceability and can dynamically track and revoke misbehaving vehicles.Finally,the formal security proof under the eck security model and the informal security analysis is conducted,it turns out that our scheme is more secure than other authentication schemes in the vehicular networks.Performance analysis shows that our scheme has lower overhead than existing schemes in terms of communication and computation.
