B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext...B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext attack(CPA), based on the weaker model of security known as selective ID-based threshold CPA and the common model known as ID-based threshold CPA respectively.展开更多
The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test appro...The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test approach based on elliptic curve cryptography is designed. The application of these techniques in Web security is studied. Performance analysis shows that our scheme is characterized by excellent security as well as high efficiency.展开更多
In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or mor...In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or more than t shares;and (b) the secret cannot be obtained when there are fewer than t shares. In the secret reconstruction, participating users can be either legitimate shareholders or attackers. Shamir’s scheme only considers the situation when all participating users are legitimate shareholders. In this paper, we show that when there are more than t users participating and shares are released asynchronously in the secret reconstruction, an attacker can always release his share last. In such a way, after knowing t valid shares of legitimate shareholders, the attacker can obtain the secret and therefore, can successfully impersonate to be a legitimate shareholder without being detected. We propose a simple modification of Shamir’s scheme to fix this security problem. Threshold cryptography is a research of group-oriented applications based on the secret sharing scheme. We show that a similar security problem also exists in threshold cryptographic applications. We propose a modified scheme to fix this security problem as well.展开更多
In this paper, based on the verifiable pair and identity-based threshold cryptography, a novel identity-based (ID-based) threshold decryption scheme (IDTDS) is proposed, which is provably secure against adaptive c...In this paper, based on the verifiable pair and identity-based threshold cryptography, a novel identity-based (ID-based) threshold decryption scheme (IDTDS) is proposed, which is provably secure against adaptive chosen cipbertext attack under the computational bilinear Diffie-Hellman (CBDH) problem assumption in the random oracle. The pubic cheekability of ciphertext in the IDTDS is given by simply creating a signed E1Gamal encryption instead of a noninteractive zero-knowledge proof. Furthermore, we introduce a modified verifiable pairing to ensure all decryption shares are consistent. Our scheme is more efficient in verification than the schemes considered previously.展开更多
Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and p...Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and prove its se- curity in the random oracle model. This new paring-based scheme features a few improvements compared with other schemes in the literature. The two most noticeable features are its efficiency, by drastically reducing the number of pair- ing computations, and the ability it gives the user to share the identity-based private key without requiring any access to a private key generator. With the ability it gives the user to share the identity-based private key, our ID-based threshold decryption (IBTD) scheme, the second of its kind, is signif- icantly more efficient than the first scheme, which was de- veloped by Baek and Zheng, at the expense of a slightly in- creased ciphertext length. In fact, our IBTD scheme tries to use as few bilinear pairings as possible, especially without depending on the suite of Baek-Zheng secret sharing tools based on pairings.展开更多
For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through desig...For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares.The generation and distribution of private key shares,the encryption,the decryption and the combination are introduced in detail.The validity and security of the scheme are proved and analyzed.Comparisons with the existing schemes show that the proposed scheme is more flexible.展开更多
本文中,我们首先证明了李增鹏等人提出的多比特多密钥全同态加密方案(MFHE)满足密钥同态性质,利用此性质,可以通过门限解密得到最终解密结果.使用该方案,我们设计了一个在CRS模型下和半恶意攻击者模型下安全的三轮多方计算协议(MPC).该...本文中,我们首先证明了李增鹏等人提出的多比特多密钥全同态加密方案(MFHE)满足密钥同态性质,利用此性质,可以通过门限解密得到最终解密结果.使用该方案,我们设计了一个在CRS模型下和半恶意攻击者模型下安全的三轮多方计算协议(MPC).该安全多方计算协议的安全性是基于容错学习问题(LWE)的两个变种问题Ferr LWE和Some are errorless.LWE,而且,通过非交互的零知识证明,我们可以把半恶意攻击者模型下安全的三轮多方计算协议转变为在恶意模型下安全的三轮多方计算协议.展开更多
文摘B.Libert and J.Quisquater proposed an identity(ID)-based threshold decryption scheme. This paper found flaw in their security reduction and presented two methods to prove this scheme is resist against chosen-plaintext attack(CPA), based on the weaker model of security known as selective ID-based threshold CPA and the common model known as ID-based threshold CPA respectively.
基金Supported by the Foundation of National 863 Programme of China (No. 2002AA142040)
文摘The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based elliptic curve cryptography is presented. A zero-knowledge test approach based on elliptic curve cryptography is designed. The application of these techniques in Web security is studied. Performance analysis shows that our scheme is characterized by excellent security as well as high efficiency.
文摘In Shamir’s(t,n) threshold of the secret sharing scheme, a secret is divided into n shares by a dealer and is shared among n shareholders in such a way that (a) the secret can be reconstructed when there are t or more than t shares;and (b) the secret cannot be obtained when there are fewer than t shares. In the secret reconstruction, participating users can be either legitimate shareholders or attackers. Shamir’s scheme only considers the situation when all participating users are legitimate shareholders. In this paper, we show that when there are more than t users participating and shares are released asynchronously in the secret reconstruction, an attacker can always release his share last. In such a way, after knowing t valid shares of legitimate shareholders, the attacker can obtain the secret and therefore, can successfully impersonate to be a legitimate shareholder without being detected. We propose a simple modification of Shamir’s scheme to fix this security problem. Threshold cryptography is a research of group-oriented applications based on the secret sharing scheme. We show that a similar security problem also exists in threshold cryptographic applications. We propose a modified scheme to fix this security problem as well.
基金Supported by the National Natural Science Foundation of China (60970119, 60803149)the National Basic Research Program of China (973 Program) (2007CB311201)
文摘In this paper, based on the verifiable pair and identity-based threshold cryptography, a novel identity-based (ID-based) threshold decryption scheme (IDTDS) is proposed, which is provably secure against adaptive chosen cipbertext attack under the computational bilinear Diffie-Hellman (CBDH) problem assumption in the random oracle. The pubic cheekability of ciphertext in the IDTDS is given by simply creating a signed E1Gamal encryption instead of a noninteractive zero-knowledge proof. Furthermore, we introduce a modified verifiable pairing to ensure all decryption shares are consistent. Our scheme is more efficient in verification than the schemes considered previously.
文摘Using Shamir's secret sharing scheme to indi- rectly share the identity-based private key in the form of a pairing group element, we propose an efficient identity-based threshold decryption scheme from pairings and prove its se- curity in the random oracle model. This new paring-based scheme features a few improvements compared with other schemes in the literature. The two most noticeable features are its efficiency, by drastically reducing the number of pair- ing computations, and the ability it gives the user to share the identity-based private key without requiring any access to a private key generator. With the ability it gives the user to share the identity-based private key, our ID-based threshold decryption (IBTD) scheme, the second of its kind, is signif- icantly more efficient than the first scheme, which was de- veloped by Baek and Zheng, at the expense of a slightly in- creased ciphertext length. In fact, our IBTD scheme tries to use as few bilinear pairings as possible, especially without depending on the suite of Baek-Zheng secret sharing tools based on pairings.
基金the National Natural Science Foundation of China(No.60374066)
文摘For the applied limitation of the existing threshold decryption schemes based on the(t,n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares.The generation and distribution of private key shares,the encryption,the decryption and the combination are introduced in detail.The validity and security of the scheme are proved and analyzed.Comparisons with the existing schemes show that the proposed scheme is more flexible.
文摘本文中,我们首先证明了李增鹏等人提出的多比特多密钥全同态加密方案(MFHE)满足密钥同态性质,利用此性质,可以通过门限解密得到最终解密结果.使用该方案,我们设计了一个在CRS模型下和半恶意攻击者模型下安全的三轮多方计算协议(MPC).该安全多方计算协议的安全性是基于容错学习问题(LWE)的两个变种问题Ferr LWE和Some are errorless.LWE,而且,通过非交互的零知识证明,我们可以把半恶意攻击者模型下安全的三轮多方计算协议转变为在恶意模型下安全的三轮多方计算协议.
文摘基于身份的门限解密体制(identity-based threshold decryption,IBTD)是将秘密共享方法和基于身份加密算法有效结合.在(t,N)门限解密方案中,N个解密服务器共享用户私钥,当解密时,至少需要t个服务器参与并计算相应解密份额,才能正确恢复出明文.然而,少于t个或更少的服务器无法获取关于明文的任何信息.目前现存的格上IBTD方案都是在随机预言模型下证明的,主要方法是对服从高斯分布的私钥直接分割.针对该问题,构造了一种非交互的IBTD方案,采用拉格朗日秘密分割方法对一个公共向量进行拆分,每个解密服务器得到各自的特征向量,通过用户的私有陷门,对特征向量进行原像抽样,得到私钥份额,有效隐藏了用户完整私钥,提高方案的安全性.在解密份额验证时,采用离散对数问题的难解性,实现了可公开验证性.在解密份额组合时,通过公共向量分割合并和解密份额分割合并之间运算的同态性,保证解密的正确性.在标准模型下,将该方案的安全性规约为判定性LWE(learning with errors)困难假设,证明了其满足IND-sID-CPA安全.