Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied

Amit Sahai,Brent Waters

DOI: https://doi.org/10.1007/11426639_27

2005-01-01

Abstract:We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.

Wenbo Ma,Zejun Ni

DOI: https://doi.org/10.62051/vqz8a719

2024-08-12

Abstract:The SM9 algorithm represents a sophisticated advancement in cryptographic protocols, characterized by its unique implementation of bilinear pairing techniques and identity-based encryption mechanisms. Unlike conventional approaches, SM9 leverages the user's identity directly in the generation of cryptographic keys, streamlining the process and enhancing security. This method stands in contrast to traditional schemes like SM2, which typically rely on external certificate management for public key association. Central to its innovation is the seamless integration of identity information into the public key itself, thereby simplifying the encryption process and reducing the overhead associated with certificate handling. SM9's versatility extends to various applications, including digital signature creation, robust data encryption, secure key exchange, and reliable identity verification. This algorithm has garnered significant attention for its ability to maintain a high level of security while offering greater efficiency and user convenience. By directly binding keys to user identities, it eliminates several complexities and potential vulnerabilities inherent in certificate-based systems. As a result, SM9 has demonstrated remarkable performance and utility across a wide range of research and practical applications, making it a noteworthy subject of study in the field of modern cryptography.

Yanli Ren,Dawu Gu,Shuozhong Wang,Xinpeng Zhang

DOI: https://doi.org/10.15388/informatica.2010.296

2010-01-01

Informatica

Abstract:In a fuzzy identity-based encryption (IBE) scheme, a user with the secret key for an identity ID is able to decrypt a ciphertext encrypted with another identity ID' if and only if ID and ID' are within a certain distance of each other as judged by some metric. Fuzzy IBE also allows to encrypt a document to all users that have a certain set of attributes. In 2005, Sahai and Waters first proposed the notion of fuzzy IBE and proved the security of their scheme under the selective-ID model. Currently, there is no fuzzy IBE scheme available that is fully CCA2 secure in the standard model. In this paper, we propose a new fuzzy IBE scheme which achieves IND-FID-CCA2 security in the standard model with a tight reduction. Moreover, the size of public parameters is independent of the number of attributes associated with an identity.

Rongmao Chen,Jinrong Chen,Xinyi Huang,Yi Wang

DOI: https://doi.org/10.1007/s11432-023-3877-9

2024-10-19

Science China Information Sciences

Abstract:The SM9 identity-based encryption (IBE) scheme is a cryptographic standard used in China, and has been incorporated into the ISO/IEC standard in 2021. This work primarily proposes a countermeasure to secure the SM9 IBE scheme if its implementation is tampered with or deviated from the standard specification. Such attacks, known as subversion attacks, are feasible and powerful in real-world cryptographic application scenarios. Our goal is to design a subversion-resilient variant of the SM9 IBE scheme, primarily using the cryptographic reverse firewall (CRF) proposed by Mironov and Stephens-Davidowitz at EUROCRYPT 2015. A CRF can sanitize cryptographic transcripts to eliminate covert channels, necessitating that the underlying primitive be rerandomizable. Unfortunately, the rerandomizability of the SM9 IBE scheme is disabled for ensuring security against chosen ciphertext attack (CCA). Hence, we shift our focus to a relaxed version of CCA security called RCCA security, offering security guarantees comparable to CCA security while allowing for ciphertext rerandomization. For this purpose, we design an efficient and RCCA-secure variant of the SM9 IBE scheme with provable security that can integrate with CRFs to achieve subversion resilience.

computer science, information systems,engineering, electrical & electronic

Guangsheng Tu,Wenchao Liu,Tanping Zhou,Xiaoyuan Yang,Fan Zhang

DOI: https://doi.org/10.1109/access.2024.3384247

IF: 3.9

2024-04-12

IEEE Access

Abstract:Combining multi-key fully homomorphic encryption (MKFHE) and identity-based encryption (IBE) to construct multi-identity based fully homomorphic encryption (MIBFHE) scheme can not only realize homomorphic operations and flexible access control on identity ciphertexts but also reduce the burden of public key certification management. However, MKFHE schemes used to construct MIBFHE usually have complex construction and large computational complexity, which also causes the same problem for MIBFHE schemes. To solve this problem, we construct a concise and efficient MIBFHE scheme based on the learning with errors (LWE) problem. Firstly, we construct an MKFHE scheme using a new method called "the decomposition method". Secondly, we make a suitable deformation of the current IBE scheme. Finally, we combine the above MKFHE scheme with IBE scheme to construct our MIBFHE scheme and prove its IND-sID-CPA security under the LWE assumption in the random oracle model. The analysis results show that our MIBFHE scheme can generate the extended ciphertext directly from the encryption algorithm, without generating fresh ciphertext in advance. In addition, the noise expansion rate is reduced from the polynomial of lattice dimension n and modulus q to the constant K of the maximum number of users. The scale of introduced auxiliary ciphertexts is reduced from to when generating the extended ciphertext.

computer science, information systems,telecommunications,engineering, electrical & electronic

Guomin Yang,Jing Chen,Duncan S. Wong,Xiaotie Deng,Dongsheng Wang

DOI: https://doi.org/10.1016/j.tcs.2008.07.001

IF: 1.002

2008-01-01

Theoretical Computer Science

Abstract:Constructing an identification scheme is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify himself to a public verifier who knows only the claimed identity of the prover and some public information. In this paper, we propose a new framework for both the design and analysis of IBI schemes. Our approach works in an engineering way. We first identify an IBI scheme as the composition of two building blocks, and then show that, with different security properties of these building blocks, the corresponding IBI schemes can achieve security against impersonation under different levels of attacks, namely, passive attack (id-imp-pa), active attack (id-imp-aa) or concurrent attack (id-imp-ca). In particular, we show that an id-imp-pa secure IBI scheme can be built if there exists a trapdoor weak-one-more relation and an honest verifier zero-knowledge proof with special soundness, while an id-imp-aa and id-imp-ca secure IBI scheme can be built if there exists a trapdoor strong-one-more relation and a Witness Dualism proof with Special Soundness (WD-SS). This new framework can capture IBI construction techniques that are not captured by other known frameworks. It also helps to construct new and efficient schemes. We demonstrate this by proposing two new IBI schemes, one achieving id-imp-pa, and the other one achieving both id-imp-aa and id-imp-ca, and neither of them can be captured by existing frameworks.

J. Li,X. Chen,H. Tian,C. Gao

DOI: https://doi.org/10.1504/ijahuc.2014.065156

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Since the notion of attribute-based encryption (ABE) was proposed, it has been found a lot of important applications such as fine-grained access control. However, the issue of key exposure problem in ABE has been solved completely. This problem is formally addressed and formulated in this paper. More specifically, we propose a new key-insulated ABE (KI-ABE) scheme as a solution to the key exposure problem. The definition and security model of KI-ABE is proposed. Then, a KI-ABE scheme is presented, which is provably secure under the proposed model. The scheme is secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Finally, we show that the scheme also supports user delegation, which is critical when one wants to delegate part of attributes (privileges) to others.

Yu Chen,Manuel Charlemagne,Zhi Guan,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1145/1755688.1755699

2010-01-01

Abstract:ABSTRACTMost traditional public key cryptosystems are constructed upon algebraically rich structures, which makes their key pairs combinable, i.e., the combination of some private keys and their corresponding public keys could form a new key pair. Exploring such combinable property, this paper proposes a novel Identity-Based Encryption (IBE) scheme based on the Diffie-Hellman Integrated Encryption Scheme (DHIES) with quadratic key combination structure from bilinear maps. The new scheme has a number of advantages over other IBE schemes. First, it uses DHIES to fulfill encryption, thus naturally obtains the security against adaptive chosen ciphertext attack from DHIES. Second, it is interoperable with existing security systems based on DHIES. Third, compared to many pairing-based IBE schemes, it only requires pairing computation during public key generation and there is no need for special hash function. We prove that our scheme is selective identity chosen ciphertext secure in the random oracle model assuming DHIES is chosen ciphertext secure. Additionally, the extract algorithm of our scheme also implies an identity-based short signature scheme.

Bolin Zhang,Bin Li,Jiaxin Zhang,Yuanxin Wei,Yunfei Yan,Heru Han,Qinglei Zhou

DOI: https://doi.org/10.3390/s24186011

2024-09-17

Abstract:With the rapid development of the Internet of Vehicles (IoV), the demand for secure and efficient signature verification is becoming increasingly urgent. To meet this need, we propose an efficient SM9 aggregate signature scheme implemented on Field-Programmable Gate Array (FPGA). The scheme includes both fault-tolerant and non-fault-tolerant aggregate signature modes, which are designed to address challenges in various network environments. We provide security proofs for these two signature verification modes based on a K-ary Computational Additive Diffie-Hellman (K-CAA) difficult problem. To handle the numerous parallelizable elliptic curve point multiplication operations required during verification, we utilize FPGA's parallel processing capabilities to design an efficient parallel point multiplication architecture. By the Montgomery point multiplication algorithm and the Barrett modular reduction algorithm, we optimize the single-point multiplication computation unit, achieving a point multiplication speed of 70776 times per second. Finally, the overall scheme was simulated and analyzed on an FPGA platform. The experimental results and analysis indicate that under error-free conditions, the proposed non-fault-tolerant aggregate mode reduces the verification time by up to 97.1% compared to other schemes. In fault-tolerant conditions, the proposed fault-tolerant aggregate mode reduces the verification time by up to 77.2% compared to other schemes. When compared to other fault-tolerant aggregate schemes, its verification time is only 28.9% of their consumption, and even in the non-fault-tolerant aggregate mode, the verification time is reduced by at least 39.1%. Therefore, the proposed scheme demonstrates significant advantages in both error-free and fault-tolerant scenarios.

Beini Zhou,Hui Li,Li Xu

DOI: https://doi.org/10.1109/iscc.2018.8538446

2018-01-01

Abstract:Identity-based encryption is a key distribution system in which the public key of a user is derived directly from his identity information. Compared with PKI, Identity-based encryption simplifies key management issue, but it still suffers from drawbacks inkey escrow and private key delivering. Motivated by this, we propose an improved key distribution solution called BIBE by integrating the technique of blockchain into the identity-based encryption. Specifically, we split the nodes in the chain to complete user authentication and private key protection, respectively. Furthermore, the two sides complete the mutual identity authentication with the identity information key pairs obtained from BIBE. Additionally, to prevent network attack, we employ timestamps, random numbers and hash algorithm in the process of identification. Through the rigorous and mathematical analysis, the proposed scheme demonstratesa far better performance on correctness, safety and efficiency.

Sumithra Alagarsamy,Vijayalakshmi Nagarajan,M. M. Yamuna Devi

DOI: https://doi.org/10.1007/s11276-023-03624-x

IF: 2.701

2024-01-31

Wireless Networks

Abstract:The technological breakthroughs of Internet of thing (IoT) applications in various sectors are nowadays contributing to the development of smart mobile IoT (SM-IoT). Lack of authentication and encryption schemes make SM-IoT more susceptible to major security and privacy issues. Signcryption has evolved as a new paradigm in recent years that provides better authenticity and security to the messages and minimizes both computation cost and communication costs simultaneously. To secure the communicated message on the sender and receiver sides, this paper proposes an efficient and secure decentralized communication system to offer personalized service for the users. The proposed network framework comprises four key entities namely trusted service providers, gateways, resource senders, and receivers. The master private keys are generated at the initial setup phase. Then, the optimal partial private keys are extracted and broadcasted through the channel by the key extraction process utilizing the fuzzy whale sine cosine levy algorithm. The ciphertext is generated for the sender on signcryption using a modified Identity-based Cryptography approach. The signcryption ciphertext generated is broadcasted via gateways to the receiver by measuring verification parameters. Finally, the designcryption process is performed using the certificateless hybrid signcryption scheme to retrieve the plaintext message. The proposed secure communication network is evaluated using performance metrics such as bilinear pairing time, modular experimentation time, pairing-based experimentation time, elliptic curve (EC) scalar point multiplication time, map-to-point hash function time, and EC point addition time. The experimental results revealed the effectiveness of the proposed secure communication framework on both the sender and receiver sides.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiqiang Liu,Sheng Zhong

2008-01-01

Abstract:Abstract： Identity-based encryption (IBE) is a very useful tool in cryptography. It has many potential applications. However, existing IBE schemes are signicantly slower than regular public key cryptosystems; thus, they may not be able to meet the need of some applications in practice. In this paper, we propose a simple IBE scheme, using a technique of combined public keys. Our IBE scheme is very fast, having time costs close to those of a regular public key cryptosystem, the ElGamal cryptosystem. We show that our IBE scheme is semantically secure under the Decisional Diffie-Hellman (DDH) Assumption. In addition, we give an identity-based signature scheme using the same technique.

Xinjie Zhao,Shize Guo,Tao Wang,Fan Zhang,Zhijie Shi

DOI: https://doi.org/10.1007/s11859-012-0875-7

2012-01-01

Abstract:This article proposes an enhanced differential fault analysis (DFA) method named as fault-propagation pattern-based DFA (FPP-DFA). The main idea of FPP-DFA is using the FPP of the ciphertext difference to predict the fault location and the fault-propagation path. It shows that FPP-DFA is very effective on SPN structure block ciphers using bitwise permutation, which is applied to two block ciphers. The first is PRESENT with the substitution-permutation sequence. With the fault model of injecting one nibble fault into the r -2nd round, on average 8 and 16 faults can reduce the key search space of PRESENT-80/128 to 2 14.7 and 2 21.1 , respectively. The second is PRINTcipher with the permutation-substitution sequence. For the first time, it shows that although the permutation of PRINTcipher is secret key dependent, FPP-DFA still works well on it. With the fault model of injecting one nibble fault into the r -2nd round, 12 and 24 effective faults can reduce the key search space of PRINTcipher-48/96 to 2 13.7 and 2 22.8 , respectively.

Fugeng Zeng ,Chunxiang Xu ,Xinpeng Zhang

DOI: https://doi.org/10.4156/aiss.vol4.issue12.23

2012-01-01

Abstract:In the ciphertext-policy ABE (CP-ABE) schemes, attributes are associated with secret keys and access structures are associated with ciphertexts. The access structures are described with the attributes and therefore the concept of CP-ABE is closely related to Role-Based Access Control. Because it requires both of the encryptor and the key generalization center meeting the construction, it will be more difficult to design. Ibraimi et al.[7] allegedly proposed an efficient and provable secure CP-ABE schemes. They require that the simulator can not send back the private keys of attributes which overlap with challenging access attributes. We point out their fault of security proof and their requirement is a small probability event and it is unreasonable to reduce to standard DBDH assumption. However, we give a proof in the generic bilinear group model, which is weaker than DBDH assumption.

Guomin Yang,Jing Chen,Duncan S. Wong,Xiaotie Deng,Dongsheng Wang

DOI: https://doi.org/10.1007/978-3-540-72738-5_20

2007-01-01

Abstract:Constructing identification schemes is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify itself to a public verifier who knows only the claimed identity of the prover and some common information. In this paper, we propose a simple and efficient framework for constructing IBI schemes. Unlike some related framework which constructs IBI schemes from some standard identification schemes, our framework is based on some more fundamental assumptions on intractable problems. Depending on the features of the underlying intractable problems presumed in our framework, we can derive IBI schemes secure against passive, active and concurrent adversaries. We show that the framework can capture a large class of schemes currently proposed, and also has the potential to cover many newly constructed schemes. As an example, based on the Katz-Wang standard signature scheme, we propose a new IBI scheme that is secure against active adversaries in a concurrent manner. It can be seen that our framework also help simplify the security proofs for new IBI schemes. Finally, and of independent interest, we define a new notion for proof systems called Witness Dualism. This notion is weaker than that of witness indistinguishable and we show that it is enough for constructing an IBI scheme secure against the most powerful type of adversaries defined.

Daode Zhang,Fuyang Fang,Bao Li,Xin Wang

DOI: https://doi.org/10.1007/978-3-319-64200-0_13

2017-01-01

Abstract:Xie et al. (SCN 2012) proposed the first deterministic identity-based encryption (DIBE) scheme with an adaptive security in the auxiliary-input setting, under the learning with errors (LWE) assumption. However, the master public key consists of O(lambda) number of basic matrices. In this paper, we consider to construct adaptively secure DIBE schemes from partitioning functions (IACR'17). By instantiating the DIBE construction with two partitioning functions, we get two DIBE schemes in which the master public key consists of O(log(3) lambda) (respectively, O(log(2) lambda)) number of basic matrices in the first (respectively, the second) DIBE scheme. We also change the identity-based encryption (IBE) scheme of Yamada16 (Eurocrypt'16) to construct DIBE scheme with the same security from the LWE problem. And the master public key consists of O(lambda(1/d)) number of basic matrices, where d >= 2 is a flexible integer.

Ke Ren,Peng Jiang,Keke Gai,Liehuang Zhu,Jingjing Huang

DOI: https://doi.org/10.1109/smartcloud52277.2021.00010

2021-11-01

Abstract:Access control, as one of flagship security mechanisms for cloud storage, allows authorized users' access right while repels unauthorized behaviors. State-of-the-art cryptographic access control systems are deployed on attribute-based encryption or identity-based encryption. They commonly inherit the key escrow problem, which incurs that pirate's untraceability. Meanwhile, with announcement of cryptographic industry standards, kinds of cryptographic algorithms according with these standards have better industrial applications. In this paper, we design SM9-based Traceable and Accountable Access Control (TA2C) to support pirate traceability and accountability. Built on top of identity-based broadcast encryption and SM9 specification, we present an SM9-based TA 2 C construction, which is provably secure in the indistinguishability and traceability security models. We also implement an SM9-based TA 2 C prototype system that supports 100 users and evaluation results show that it just needs about 1 second for encryption/decryption and tracing operations on a workstation with basic configuration.

Jasmine, R. Megiba

DOI: https://doi.org/10.1007/s11276-024-03780-8

IF: 2.701

2024-06-11

Wireless Networks

Abstract:Today, cloud computing has received greater attention for storing and processing huge amounts of data over the internet. Security concerns are one of the most challenging issues that have affected the growth of cloud computing services. Data storage in the cloud is unsecured using a password system that can be easily stolen by intruders. Hence, there is a need to achieve cloud data security using multimodal biometric cryptosystem-based authentication and encryption systems and to mitigate the risk of attackers, especially in the case of accessing the data from unauthorized users. In this paper, we propose a Secure Multimodal Cloud Authentication and Authorization Scheme (SMCAAS) framework that brings additional security to both encryption and authentication for user biometric identification against different attacks in the cloud environment. In the SMCAAS framework, we presented an improved encryption system using the Biometric Identity Based Encryption Method (BIBE) to facilitate the exchange of the trapdoor between the user's Biometric Identity Record (BIR) and the cloud server with additional security measures in cloud computing environments. Then a trusted cryptographic hash function uses the Secure Hash Algorithm-512 (SHA-512) to authenticate the biometric user who intends to access the system. Based on the derived two steps, the Multimodal Biometric Authentication Module (MBAM) module performs multimodal biometric features to provide additional security and is designed to verify the user's biometric identity in a cloud environment. Informal security analysis proves that the SMCAAS approach is secure against different attacks. Numerical results demonstrate that the SMCAAS approach obtains high security in terms of error rate (ERR) and biometric quality metrics, and also that the performance measures of the encryption and decryption time for the message file achieve less average time than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Junzuo Lai,Robert H. Deng,Shengli Liu,Jian Weng,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-55220-5_5

2015-01-01

Abstract:Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the random coins, the remaining unopened messages retain their privacy. Recently, Bellare, Waters and Yilek considered SOA-security in the identity-based setting, and presented the first identity-based encryption (IBE) schemes that are proven secure against selective opening chosen plaintext attack (SO-CPA). However, how to achieve SO-CCA security for IBE is still open. In this paper, we introduce a new primitive called extractable IBE and define its IND-ID-CCA security notion. We present a generic construction of SO-CCA secure IBE from an IND-ID-CCA secure extractable IBE with "One-Sided Public Openability"(1SPO), a collision-resistant hash function and a strengthened cross-authentication code. Finally, we propose two concrete constructions of extractable 1SPO-IBE schemes, resulting in the first simulation-based SO-CCA secure IBE schemes without random oracles.