The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However...The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.展开更多
In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the ...In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.展开更多
Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the...Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.展开更多
A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances priv...A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.展开更多
Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor...Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.展开更多
Internet of Things(IoT),which provides the solution of connecting things and devices,has increasingly developed as vital tools to realize intelligent life.Generally,source-limited IoT sensors outsource their data to t...Internet of Things(IoT),which provides the solution of connecting things and devices,has increasingly developed as vital tools to realize intelligent life.Generally,source-limited IoT sensors outsource their data to the cloud,which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved.Though encryption technology can guarantee the confidentiality of private data,it hinders the usability of data.Searchable encryption(SE)has been proposed to achieve secure data sharing and searching.However,most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers.Moreover,the untrusted cloud server may perform an unfaithful search execution.To address these problems,in this paper,we propose the first verifiable identity-based keyword search(VIBKS)scheme from lattice.In particular,a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results.Besides,in order to reduce the communication overhead,we refer to the identity-based mechanism.We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honestbut-curious adversary.In addition,we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.展开更多
Cloud storage is a service involving cloud service providers providingstorage space to customers. Cloud storage services have numerous advantages,including convenience, high computation, and capacity, thereby attracti...Cloud storage is a service involving cloud service providers providingstorage space to customers. Cloud storage services have numerous advantages,including convenience, high computation, and capacity, thereby attracting usersto outsource data in the cloud. However, users outsource data directly via cloudstage services that are unsafe when outsourcing data is sensitive for users. Therefore, cipher text-policy attribute-based encryption is a promising cryptographicsolution in a cloud environment, and can be drawn up for access control by dataowners (DO) to define access policy. Unfortunately, an outsourced architectureapplied with attribute-based encryption introduces numerous challenges, including revocation. This issue is a threat to the data security of DO. Furthermore,highly secure and flexible cipher text-based attribute access control with role hierarchy user grouping in cloud storage is implemented by extending the KUNodes(revocation) storage identity-based encryption. Result is evaluated using Cloudsim, and our algorithm outperforms in terms of computational cost by consuming32 MB for 150-MB files.展开更多
Identity-based encryption with equality test(IBEET)is proposed to check whether the underlying messages of ciphertexts,even those encrypted with different public keys,are the same or not without decryption.Since peopl...Identity-based encryption with equality test(IBEET)is proposed to check whether the underlying messages of ciphertexts,even those encrypted with different public keys,are the same or not without decryption.Since people prefer to encrypt before outsourcing their data for privacy protection nowadays,the research of IBEET on cloud computing applications naturally attracts attention.However,we claim that the existing IBEET schemes suffer from the illegal trapdoor sharing problem caused by the inherited key escrow problem of the Identity-Based Encryption(IBE)mechanism.In traditional IBEET,the private key generator(PKG)with the master secret key generates trapdoors for all authorized cloud servers.Considering the reality in practice,the PKG is usually not fully trusted.In this case,the Private-Key Generator(PKG)may generate,share,or even sell any trapdoor without any risk of being caught,or not being held accountable,which may lead to serious consequences such as the illegal sharing of a gene bank's trapdoors.In this paper,to relieve the illegal trapdoor sharing problem in IBEET,we present a new notion,called IBEET Supporting Accountable Authorization(IBEET-AA).In IBEET-AA,if there is a disputed trapdoor,the generator will be distinguished among the PKG and suspected testers by an additional tracing algorithm.For the additional tracing function,except for the traditional indistinguishability(IND)and one-way(OW)security models in IBEET,we define three more security models to protect the tracing security against dishonest authorizers,PKG,and testers,respectively.Based on Gentry's IBE scheme,we instantiate IBEET-AA and give a specific construction along with a formalized security proof with random oracles.展开更多
In this article, based on Chatterjee-Sarkar' hierarchical identity-based encryption (HIBE), a novel identity-based encryption with wildcards (WIBE) scheme is proposed and is proven secure in the standard model (...In this article, based on Chatterjee-Sarkar' hierarchical identity-based encryption (HIBE), a novel identity-based encryption with wildcards (WIBE) scheme is proposed and is proven secure in the standard model (without random oracle). The proposed scheme is proven to be secure assuming that the decisional Bilinear Diffie-Hellman (DBDH) problem is hard. Compared with the Wa-WIBE scheme that is secure in the standard model, our scheme has shorter common parameters and ciphertext length.展开更多
An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-intera...An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.展开更多
In this paper, we first review the existing proofs of the Boneh-Franklin identity-based encryption scheme (BF-IBE for short), and show how to admit a new proof by slightly modifying the specifications of the hash func...In this paper, we first review the existing proofs of the Boneh-Franklin identity-based encryption scheme (BF-IBE for short), and show how to admit a new proof by slightly modifying the specifications of the hash functions of the original BF-IBE. Compared with prior proofs, our new proof provides a tighter security reduction and minimizes the use of random oracles, thus indicates BF-IBE has better provable security with our new choices of hash functions. The techniques developed in our proof can also be applied to improving security analysis of some other IBE schemes. As an independent technical contribution, we also give a rigorous proof of the Fujisaki-Okamoto (FO) transformation in the case of CPA-to-CCA, which demonstrates the efficiency of the FO-transformation (CPA-to-CCA), in terms of the tightness of security reduction, has long been underestimated. This result can remarkably benefit the security proofs of encryption schemes using the FO-transformation for CPA-to-CCA enhancement.展开更多
Leakage of private information including private keys of user has become a threat to the security of computing systems.It has become a common security requirement that a cryptographic scheme should withstand various l...Leakage of private information including private keys of user has become a threat to the security of computing systems.It has become a common security requirement that a cryptographic scheme should withstand various leakage attacks.In the real life,an adversary can break the security of cryptography primitive by performing continuous leakage attacks.Although,some research on the leakage-resilient cryptography had been made,there are still some remaining issued in previous attempts.The identity-based encryption(IBE)constructions were designed in the bounded-leakage model,and might not be able to meet their claimed security under the continuous-leakage attacks.In the real applications,the leakage is unbounded.That is,a practical cryptography scheme should keep its original security in the continuous leakage setting.The previous continuous leakage-resilient IBE schemes either only achieve chosen-plaintext attacks security or the chosen-ciphertext attacks(CCA)security is proved in the selective identity model.Aiming to solve these problems,in this paper,we show how to construct the continuous leakage-resilient IBE scheme,and the scheme’s adaptive CCA security is proved in the standard model based on the hardness of decisional bilinear Diffie-Hellman exponent assumption.For any adversary,all elements in the ciphertext are random,and an adversary cannot obtain any leakage on the private key of user from the corresponding given ciphertext.Moreover,the leakage parameter of our proposal is independent of the plaintext space and has a constant size.展开更多
This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key s...This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).展开更多
This study constructs a function-private inner-product predicate encryption(FP-IPPE)and achieves standard enhanced function privacy.The enhanced function privacy guarantees that a predicate secret key skf reveals noth...This study constructs a function-private inner-product predicate encryption(FP-IPPE)and achieves standard enhanced function privacy.The enhanced function privacy guarantees that a predicate secret key skf reveals nothing about the predicate f,as long as f is drawn from an evasive distribution with sufficient entropy.The proposed scheme extends the group-based public-key function-private predicate encryption(FP-PE)for“small superset predicates”proposed by Bartusek et al.(Asiacrypt 19),to the setting of inner-product predicates.This is the first construction of public-key FP-PE with enhanced function privacy security beyond the equality predicates,which is previously proposed by Boneh et al.(CRYPTO 13).The proposed construction relies on bilinear groups,and the security is proved in the generic bilinear group model.展开更多
With the rapid development of information technology,data security issues have received increasing attention.Data encryption and decryption technology,as a key means of ensuring data security,plays an important role i...With the rapid development of information technology,data security issues have received increasing attention.Data encryption and decryption technology,as a key means of ensuring data security,plays an important role in multiple fields such as communication security,data storage,and data recovery.This article explores the fundamental principles and interrelationships of data encryption and decryption,examines the strengths,weaknesses,and applicability of symmetric,asymmetric,and hybrid encryption algorithms,and introduces key application scenarios for data encryption and decryption technology.It examines the challenges and corresponding countermeasures related to encryption algorithm security,key management,and encryption-decryption performance.Finally,it analyzes the development trends and future prospects of data encryption and decryption technology.This article provides a systematic understanding of data encryption and decryption techniques,which has good reference value for software designers.展开更多
Data compression plays a vital role in datamanagement and information theory by reducing redundancy.However,it lacks built-in security features such as secret keys or password-based access control,leaving sensitive da...Data compression plays a vital role in datamanagement and information theory by reducing redundancy.However,it lacks built-in security features such as secret keys or password-based access control,leaving sensitive data vulnerable to unauthorized access and misuse.With the exponential growth of digital data,robust security measures are essential.Data encryption,a widely used approach,ensures data confidentiality by making it unreadable and unalterable through secret key control.Despite their individual benefits,both require significant computational resources.Additionally,performing them separately for the same data increases complexity and processing time.Recognizing the need for integrated approaches that balance compression ratios and security levels,this research proposes an integrated data compression and encryption algorithm,named IDCE,for enhanced security and efficiency.Thealgorithmoperates on 128-bit block sizes and a 256-bit secret key length.It combines Huffman coding for compression and a Tent map for encryption.Additionally,an iterative Arnold cat map further enhances cryptographic confusion properties.Experimental analysis validates the effectiveness of the proposed algorithm,showcasing competitive performance in terms of compression ratio,security,and overall efficiency when compared to prior algorithms in the field.展开更多
A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built...A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.展开更多
Due to the development of cloud computing and machine learning,users can upload their data to the cloud for machine learning model training.However,dishonest clouds may infer user data,resulting in user data leakage.P...Due to the development of cloud computing and machine learning,users can upload their data to the cloud for machine learning model training.However,dishonest clouds may infer user data,resulting in user data leakage.Previous schemes have achieved secure outsourced computing,but they suffer from low computational accuracy,difficult-to-handle heterogeneous distribution of data from multiple sources,and high computational cost,which result in extremely poor user experience and expensive cloud computing costs.To address the above problems,we propose amulti-precision,multi-sourced,andmulti-key outsourcing neural network training scheme.Firstly,we design a multi-precision functional encryption computation based on Euclidean division.Second,we design the outsourcing model training algorithm based on a multi-precision functional encryption with multi-sourced heterogeneity.Finally,we conduct experiments on three datasets.The results indicate that our framework achieves an accuracy improvement of 6%to 30%.Additionally,it offers a memory space optimization of 1.0×2^(24) times compared to the previous best approach.展开更多
With the fast development of multimedia social platforms,content dissemination on social media platforms is becomingmore popular.Social image sharing can also raise privacy concerns.Image encryption can protect social...With the fast development of multimedia social platforms,content dissemination on social media platforms is becomingmore popular.Social image sharing can also raise privacy concerns.Image encryption can protect social images.However,most existing image protection methods cannot be applied to multimedia social platforms because of encryption in the spatial domain.In this work,the authors propose a secure social image-sharing method with watermarking/fingerprinting and encryption.First,the fingerprint code with a hierarchical community structure is designed based on social network analysis.Then,discrete wavelet transform(DWT)from block discrete cosine transform(DCT)directly is employed.After that,all codeword segments are embedded into the LL,LH,and HL subbands,respectively.The selected subbands are confused based on Game of Life(GoL),and then all subbands are diffused with singular value decomposition(SVD).Experimental results and security analysis demonstrate the security,invisibility,and robustness of our method.Further,the superiority of the technique is elaborated through comparison with some related image security algorithms.The solution not only performs the fast transformation from block DCT to one-level DWT but also protects users’privacy in multimedia social platforms.With the proposed method,JPEG image secure sharing in multimedia social platforms can be ensured.展开更多
Existing chaotic encryption schemes primarily focus on single types of images,making the design of hybrid image encryption schemes more suitable for practical applications.In this paper,a hyperchaotic map with a spher...Existing chaotic encryption schemes primarily focus on single types of images,making the design of hybrid image encryption schemes more suitable for practical applications.In this paper,a hyperchaotic map with a spherical attractor is proposed,which is constructed using spherical coordinates.Dynamical analyses reveal that the hyperchaotic map exhibits global hyperchaos and high complexity,making it capable of generating more complex chaotic sequences suitable for image encryption.A hybrid encryption scheme based on a hyperchaotic map is proposed for two-dimensional(2D)images,three-dimensional(3D)models,and 3D point clouds.Firstly,the pixels of 2D image and the coordinate data of 3D image are fused into a plaintext cube,which is combined with Hash-512 to obtain the initial value of the hyperchaotic map.Chaotic sequences are utilized for cube space internal confusion and dynamic cross-diffusion.The encrypted images demonstrate high information entropy,and the test results show that the encryption scheme effectively protects the images.The proposed hybrid image encryption scheme provides an efficient solution for securing various types of images.展开更多
基金Rising-Star Program of Shanghai 2023 Science and Technology Innovation Action Plan(Yangfan Special Project),China(No.23YF1401000)Fundamental Research Funds for the Central Universities,China(No.2232022D-25)。
文摘The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.
文摘In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.
文摘Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.
文摘A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.
基金supported by the National Natural Science Foundation of China (No.61370203)China Postdoctoral Science Foundation Funded Project (No.2017M623008)+1 种基金Scientific Research Starting Project of SWPU (No.2017QHZ023)State Scholarship Foundation of China Scholarship Council (No.201708515149)
文摘Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.
基金supported by the National Natural Science Foundation of China(No:62072240)the National Key Research and Development Program of China(No.2020YFB1804604).
文摘Internet of Things(IoT),which provides the solution of connecting things and devices,has increasingly developed as vital tools to realize intelligent life.Generally,source-limited IoT sensors outsource their data to the cloud,which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved.Though encryption technology can guarantee the confidentiality of private data,it hinders the usability of data.Searchable encryption(SE)has been proposed to achieve secure data sharing and searching.However,most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers.Moreover,the untrusted cloud server may perform an unfaithful search execution.To address these problems,in this paper,we propose the first verifiable identity-based keyword search(VIBKS)scheme from lattice.In particular,a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results.Besides,in order to reduce the communication overhead,we refer to the identity-based mechanism.We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honestbut-curious adversary.In addition,we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.
文摘Cloud storage is a service involving cloud service providers providingstorage space to customers. Cloud storage services have numerous advantages,including convenience, high computation, and capacity, thereby attracting usersto outsource data in the cloud. However, users outsource data directly via cloudstage services that are unsafe when outsourcing data is sensitive for users. Therefore, cipher text-policy attribute-based encryption is a promising cryptographicsolution in a cloud environment, and can be drawn up for access control by dataowners (DO) to define access policy. Unfortunately, an outsourced architectureapplied with attribute-based encryption introduces numerous challenges, including revocation. This issue is a threat to the data security of DO. Furthermore,highly secure and flexible cipher text-based attribute access control with role hierarchy user grouping in cloud storage is implemented by extending the KUNodes(revocation) storage identity-based encryption. Result is evaluated using Cloudsim, and our algorithm outperforms in terms of computational cost by consuming32 MB for 150-MB files.
基金supported by the National Natural Science Foundation of China under Grant Nos.62102299,62272362,62002288the Henan Key Laboratory of Network Cryptography Technology under Grant No.LNCT2022-A05,and the Youth Innovation Team of Shaanxi Universities.
文摘Identity-based encryption with equality test(IBEET)is proposed to check whether the underlying messages of ciphertexts,even those encrypted with different public keys,are the same or not without decryption.Since people prefer to encrypt before outsourcing their data for privacy protection nowadays,the research of IBEET on cloud computing applications naturally attracts attention.However,we claim that the existing IBEET schemes suffer from the illegal trapdoor sharing problem caused by the inherited key escrow problem of the Identity-Based Encryption(IBE)mechanism.In traditional IBEET,the private key generator(PKG)with the master secret key generates trapdoors for all authorized cloud servers.Considering the reality in practice,the PKG is usually not fully trusted.In this case,the Private-Key Generator(PKG)may generate,share,or even sell any trapdoor without any risk of being caught,or not being held accountable,which may lead to serious consequences such as the illegal sharing of a gene bank's trapdoors.In this paper,to relieve the illegal trapdoor sharing problem in IBEET,we present a new notion,called IBEET Supporting Accountable Authorization(IBEET-AA).In IBEET-AA,if there is a disputed trapdoor,the generator will be distinguished among the PKG and suspected testers by an additional tracing algorithm.For the additional tracing function,except for the traditional indistinguishability(IND)and one-way(OW)security models in IBEET,we define three more security models to protect the tracing security against dishonest authorizers,PKG,and testers,respectively.Based on Gentry's IBE scheme,we instantiate IBEET-AA and give a specific construction along with a formalized security proof with random oracles.
基金supported by the National Natural Science Foundation of China (60473027).
文摘In this article, based on Chatterjee-Sarkar' hierarchical identity-based encryption (HIBE), a novel identity-based encryption with wildcards (WIBE) scheme is proposed and is proven secure in the standard model (without random oracle). The proposed scheme is proven to be secure assuming that the decisional Bilinear Diffie-Hellman (DBDH) problem is hard. Compared with the Wa-WIBE scheme that is secure in the standard model, our scheme has shorter common parameters and ciphertext length.
文摘An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.
基金supported by National Natural Science Foundation of China(Grant No.60970152)IIE's Research Project on Cryptography(Grant No.Y3Z0011102)+1 种基金the Strategic Priority Research Program of Chinese Academy of Sciences(Grant No.XDA06010701)National Key Basic Research Program of China(973 Program)(Grant No.2011CB302400)
文摘In this paper, we first review the existing proofs of the Boneh-Franklin identity-based encryption scheme (BF-IBE for short), and show how to admit a new proof by slightly modifying the specifications of the hash functions of the original BF-IBE. Compared with prior proofs, our new proof provides a tighter security reduction and minimizes the use of random oracles, thus indicates BF-IBE has better provable security with our new choices of hash functions. The techniques developed in our proof can also be applied to improving security analysis of some other IBE schemes. As an independent technical contribution, we also give a rigorous proof of the Fujisaki-Okamoto (FO) transformation in the case of CPA-to-CCA, which demonstrates the efficiency of the FO-transformation (CPA-to-CCA), in terms of the tightness of security reduction, has long been underestimated. This result can remarkably benefit the security proofs of encryption schemes using the FO-transformation for CPA-to-CCA enhancement.
基金This work was supported by the National Key R&D Program of China(2017YFB0802000)the National Natural Science Foundation of China(Grant Nos.61802242,61572303,61772326,61802241,61602290,61702259)+1 种基金the Natural Science Basic Research Plan in Shaanxi Province of China(2018JQ6088,2017JQ6038)the Fundamental Research Funds for the Central Universities(GK201803064).
文摘Leakage of private information including private keys of user has become a threat to the security of computing systems.It has become a common security requirement that a cryptographic scheme should withstand various leakage attacks.In the real life,an adversary can break the security of cryptography primitive by performing continuous leakage attacks.Although,some research on the leakage-resilient cryptography had been made,there are still some remaining issued in previous attempts.The identity-based encryption(IBE)constructions were designed in the bounded-leakage model,and might not be able to meet their claimed security under the continuous-leakage attacks.In the real applications,the leakage is unbounded.That is,a practical cryptography scheme should keep its original security in the continuous leakage setting.The previous continuous leakage-resilient IBE schemes either only achieve chosen-plaintext attacks security or the chosen-ciphertext attacks(CCA)security is proved in the selective identity model.Aiming to solve these problems,in this paper,we show how to construct the continuous leakage-resilient IBE scheme,and the scheme’s adaptive CCA security is proved in the standard model based on the hardness of decisional bilinear Diffie-Hellman exponent assumption.For any adversary,all elements in the ciphertext are random,and an adversary cannot obtain any leakage on the private key of user from the corresponding given ciphertext.Moreover,the leakage parameter of our proposal is independent of the plaintext space and has a constant size.
基金the National Natural Science Foundation of China(Nos.60673077,60873229)
文摘This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).
基金National Key Research and Development Program of China(2021YFB3101402)National Natural Science Foundation of China(62202294)。
文摘This study constructs a function-private inner-product predicate encryption(FP-IPPE)and achieves standard enhanced function privacy.The enhanced function privacy guarantees that a predicate secret key skf reveals nothing about the predicate f,as long as f is drawn from an evasive distribution with sufficient entropy.The proposed scheme extends the group-based public-key function-private predicate encryption(FP-PE)for“small superset predicates”proposed by Bartusek et al.(Asiacrypt 19),to the setting of inner-product predicates.This is the first construction of public-key FP-PE with enhanced function privacy security beyond the equality predicates,which is previously proposed by Boneh et al.(CRYPTO 13).The proposed construction relies on bilinear groups,and the security is proved in the generic bilinear group model.
文摘With the rapid development of information technology,data security issues have received increasing attention.Data encryption and decryption technology,as a key means of ensuring data security,plays an important role in multiple fields such as communication security,data storage,and data recovery.This article explores the fundamental principles and interrelationships of data encryption and decryption,examines the strengths,weaknesses,and applicability of symmetric,asymmetric,and hybrid encryption algorithms,and introduces key application scenarios for data encryption and decryption technology.It examines the challenges and corresponding countermeasures related to encryption algorithm security,key management,and encryption-decryption performance.Finally,it analyzes the development trends and future prospects of data encryption and decryption technology.This article provides a systematic understanding of data encryption and decryption techniques,which has good reference value for software designers.
基金the Deanship of Graduate Studies and Scientific Research at Qassim University for financial support(QU-APC-2025).
文摘Data compression plays a vital role in datamanagement and information theory by reducing redundancy.However,it lacks built-in security features such as secret keys or password-based access control,leaving sensitive data vulnerable to unauthorized access and misuse.With the exponential growth of digital data,robust security measures are essential.Data encryption,a widely used approach,ensures data confidentiality by making it unreadable and unalterable through secret key control.Despite their individual benefits,both require significant computational resources.Additionally,performing them separately for the same data increases complexity and processing time.Recognizing the need for integrated approaches that balance compression ratios and security levels,this research proposes an integrated data compression and encryption algorithm,named IDCE,for enhanced security and efficiency.Thealgorithmoperates on 128-bit block sizes and a 256-bit secret key length.It combines Huffman coding for compression and a Tent map for encryption.Additionally,an iterative Arnold cat map further enhances cryptographic confusion properties.Experimental analysis validates the effectiveness of the proposed algorithm,showcasing competitive performance in terms of compression ratio,security,and overall efficiency when compared to prior algorithms in the field.
基金funded by Princess Nourah bint Abdulrahman UniversityResearchers Supporting Project number (PNURSP2024R408), Princess Nourah bint AbdulrahmanUniversity, Riyadh, Saudi Arabia.
文摘A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.
基金supported by Natural Science Foundation of China(Nos.62303126,62362008,author Z.Z,https://www.nsfc.gov.cn/,accessed on 20 December 2024)Major Scientific and Technological Special Project of Guizhou Province([2024]014)+2 种基金Guizhou Provincial Science and Technology Projects(No.ZK[2022]General149) ,author Z.Z,https://kjt.guizhou.gov.cn/,accessed on 20 December 2024)The Open Project of the Key Laboratory of Computing Power Network and Information Security,Ministry of Education under Grant 2023ZD037,author Z.Z,https://www.gzu.edu.cn/,accessed on 20 December 2024)Open Research Project of the State Key Laboratory of Industrial Control Technology,Zhejiang University,China(No.ICT2024B25),author Z.Z,https://www.gzu.edu.cn/,accessed on 20 December 2024).
文摘Due to the development of cloud computing and machine learning,users can upload their data to the cloud for machine learning model training.However,dishonest clouds may infer user data,resulting in user data leakage.Previous schemes have achieved secure outsourced computing,but they suffer from low computational accuracy,difficult-to-handle heterogeneous distribution of data from multiple sources,and high computational cost,which result in extremely poor user experience and expensive cloud computing costs.To address the above problems,we propose amulti-precision,multi-sourced,andmulti-key outsourcing neural network training scheme.Firstly,we design a multi-precision functional encryption computation based on Euclidean division.Second,we design the outsourcing model training algorithm based on a multi-precision functional encryption with multi-sourced heterogeneity.Finally,we conduct experiments on three datasets.The results indicate that our framework achieves an accuracy improvement of 6%to 30%.Additionally,it offers a memory space optimization of 1.0×2^(24) times compared to the previous best approach.
基金funded by NSFC Grants 61502154,61972136,the NSF of Hubei Province(2023AFB004,2024AFB544)Hubei Provincial Department of Education Project(No.Q20232206)Project of Hubei University of Economics(No.T201410).
文摘With the fast development of multimedia social platforms,content dissemination on social media platforms is becomingmore popular.Social image sharing can also raise privacy concerns.Image encryption can protect social images.However,most existing image protection methods cannot be applied to multimedia social platforms because of encryption in the spatial domain.In this work,the authors propose a secure social image-sharing method with watermarking/fingerprinting and encryption.First,the fingerprint code with a hierarchical community structure is designed based on social network analysis.Then,discrete wavelet transform(DWT)from block discrete cosine transform(DCT)directly is employed.After that,all codeword segments are embedded into the LL,LH,and HL subbands,respectively.The selected subbands are confused based on Game of Life(GoL),and then all subbands are diffused with singular value decomposition(SVD).Experimental results and security analysis demonstrate the security,invisibility,and robustness of our method.Further,the superiority of the technique is elaborated through comparison with some related image security algorithms.The solution not only performs the fast transformation from block DCT to one-level DWT but also protects users’privacy in multimedia social platforms.With the proposed method,JPEG image secure sharing in multimedia social platforms can be ensured.
基金Project supported by the Basic Scientific Research Projects of Department of Education of Liaoning Province,China(Grant No.LJ212410152049)the Technological Innovation Projects in the field of artificial intelligence of Liaoning Province,China(Grant No.2023JH26/10300011)。
文摘Existing chaotic encryption schemes primarily focus on single types of images,making the design of hybrid image encryption schemes more suitable for practical applications.In this paper,a hyperchaotic map with a spherical attractor is proposed,which is constructed using spherical coordinates.Dynamical analyses reveal that the hyperchaotic map exhibits global hyperchaos and high complexity,making it capable of generating more complex chaotic sequences suitable for image encryption.A hybrid encryption scheme based on a hyperchaotic map is proposed for two-dimensional(2D)images,three-dimensional(3D)models,and 3D point clouds.Firstly,the pixels of 2D image and the coordinate data of 3D image are fused into a plaintext cube,which is combined with Hash-512 to obtain the initial value of the hyperchaotic map.Chaotic sequences are utilized for cube space internal confusion and dynamic cross-diffusion.The encrypted images demonstrate high information entropy,and the test results show that the encryption scheme effectively protects the images.The proposed hybrid image encryption scheme provides an efficient solution for securing various types of images.
