9 resultados para signcryption
Resumo:
Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public keys— instead, public keys can be arbitrary identifiers such as email addresses, while private keys are derived at any time by a trusted private key generator upon request by the designated principals. Despite the flurry of recent results on IB encryption and signature, some questions regarding the security and efficiency of practicing IB encryption (IBE) and signature (IBS) as a joint IB signature/encryption (IBSE) scheme with a common set of parameters and keys, remain unanswered. We first propose a stringent security model for IBSE schemes. We require the usual strong security properties of: (for confidentiality) indistinguishability against adaptive chosen-ciphertext attacks, and (for nonrepudiation) existential unforgeability against chosen-message insider attacks. In addition, to ensure as strong as possible ciphertext armoring, we also ask (for anonymity) that authorship not be transmitted in the clear, and (for unlinkability) that it remain unverifiable by anyone except (for authentication) by the legitimate recipient alone. We then present an efficient IBSE construction, based on bilinear pairings, that satisfies all these security requirements, and yet is as compact as pairing-based IBE and IBS in isolation. Our scheme is secure, compact, fast and practical, offers detachable signatures, and supports multirecipient encryption with signature sharing for maximum scalability.
Resumo:
The notion of identity-based IB cryptography was proposed by Shamir [177] as a specialization of public key PK cryptography which dispensed with the need for cumbersome directories, certificates, and revocation lists.
Resumo:
The primary motivation for signcryption was the gain in efficiency when both encryption and signing need to be performed. These two cryptographic operations may be done sequentially either by first encrypt and then sign (EtS) or alternatively, by first sign and then encrypt (StE). Further gains in efficiency can be achieved if encryption and signature are carried out in parallel (E&S). More importantly, however, is that these efficiency gains are complemented by gains in security, i.e., we may use relative weak encryption and signature schemes in order to obtain a “stronger” signcryption scheme. The reader is referred to Chaps. 2 and 3 for a discussion of the different “strengths” of security model (e.g., outsider vs. insider adversaries, two-user vs. multi-user setting).
Resumo:
Recently, the Big Data paradigm has received considerable attention since it gives a great opportunity to mine knowledge from massive amounts of data. However, the new mined knowledge will be useless if data is fake, or sometimes the massive amounts of data cannot be collected due to the worry on the abuse of data. This situation asks for new security solutions. On the other hand, the biggest feature of Big Data is "massive", which requires that any security solution for Big Data should be "efficient". In this paper, we propose a new identity-based generalized signcryption scheme to solve the above problems. In particular, it has the following two properties to fit the efficiency requirement. (1) It can work as an encryption scheme, a signature scheme or a signcryption scheme as per need. (2) It does not have the heavy burden on the complicated certificate management as the traditional cryptographic schemes. Furthermore, our proposed scheme can be proven-secure in the standard model. © 2014 Elsevier Inc. All rights reserved.
Resumo:
A parallel authentication and public-key encryption is introduced and exemplified on joint encryption and signing which compares favorably with sequential Encrypt-then-Sign (ɛtS) or Sign-then-Encrypt (Stɛ) schemes as far as both efficiency and security are concerned. A security model for signcryption, and thus joint encryption and signing, has been recently defined which considers possible attacks and security goals. Such a scheme is considered secure if the encryption part guarantees indistinguishability and the signature part prevents existential forgeries, for outsider but also insider adversaries. We propose two schemes of parallel signcryption, which are efficient alternative to Commit-then-Sign-and- Encrypt (Ct&G3&S). They are both provably secure in the random oracle model. The first one, called generic parallel encrypt and sign, is secure if the encryption scheme is semantically secure against chosen-ciphertext attacks and the signature scheme prevents existential forgeries against random-message attacks. The second scheme, called optimal parallel encrypt. and sign, applies random oracles similar to the OAEP technique in order to achieve security using encryption and signature components with very weak security requirements — encryption is expected to be one-way under chosen-plaintext attacks while signature needs to be secure against universal forgeries under random-plaintext attack, that is actually the case for both the plain-RSA encryption and signature under the usual RSA assumption. Both proposals are generic in the sense that any suitable encryption and signature schemes (i.e. which simply achieve required security) can be used. Furthermore they allow both parallel encryption and signing, as well as parallel decryption and verification. Properties of parallel encrypt and sign schemes are considered and a new security standard for parallel signcryption is proposed.
Resumo:
该文基于可验证秘密共享思想和对Zheng的签密方案的必要修改,首次构造了一种不需要可信中心的门限签密方案.它能同时达到门限签名和加密的双重目的,实现代价仅和门限签名相当,并具有非否认性质.该文对当前一些分布式密钥分配协议做了分析,并基于Naor的基本思想,重点利用签密方案设计了协议SC—DKDS.与其它协议相比,该协议在减低实现成本等方面更为有效,因为它不需要认证信道、秘密信道及复杂的零知识证明等.该文还在RO(Random Oracle,随机预言)模型中给出了以上协议的安全性证明.
Resumo:
在随机Oracle模型的基础上, 提出一种基于单向陷门置换(trapdoor permutations, TDPs)的、可并行的、长消息签密方案——PLSC (parallel long-message signcryption). 该方法采用“整体搅乱, 局部加密(scramble all, and encrypt small)”的思想, 用一个伪随机数对要传送的消息和用户的身份(ID)进行“搅乱(scrambling operation)”, 然后对两个固定长度的小片段(并行地)进行单向陷门置换(TDP)操作. 这种设计使得整个方案可直接高效地处理任意长度的消息, 既可避免循环调用单向陷门置换(如CBC模式)所造成的计算资源的极度消耗, 也可避免由“对称加密方案”与“签密方案”进行“黑盒混合(black-box hybrid)”所造成的填充(padding)冗余. 不仅可以显著地节约消息带宽, 而且可以显著地提高整体效率. 具体地说, 该方法对任何长度的消息进行签密, 仅需进行一次接收方的TDP运算(相当于加密), 以及一次发送方的TDP运算(相当于签名), 从而最大限度地降低了TDP运算的次数, 提高了整体的运算效率. 因为, 对于公钥加密算法来说, 运算量主要集中在TDP运算上, TDP运算是整个算法的瓶颈所在. 另一方面, 由于避免了填充上的冗余, 新方案的效率也高于标准的“黑盒混合”方案.重要的是, 新方案能够达到选择密文攻击下的紧致的语义安全性(IND- CCA2)、密文完整性(INT-CTXT)以及不可否认性(non-repudiation). 而且所有这些安全要求都可以在多用户(multi-user)、内部安全(insider-security)的环境下得以实现. 另外, 尽管新方案主要针对长消息的签密, 但它也可应用于某些不能进行大块数据处理的环境(智能卡或其他只有少量内存的环境). 也就是说, 对于这些小内存设备来说, 仍然可以用该方案来实现长消息的签密处理.
