The problem of data right confirmation is a long-term bottleneck in data sharing.Existing methods for confirming data rights lack credibility owing to poor supervision,and work only with specific data types because of...The problem of data right confirmation is a long-term bottleneck in data sharing.Existing methods for confirming data rights lack credibility owing to poor supervision,and work only with specific data types because of their technical limitations.The emergence of blockchain is followed by some new data-sharing models that may provide improved data security.However,few of these models perform well enough in confirming data rights because the data access could not be fully under the control of the blockchain facility.In view of this,we propose a right-confirmable data-sharing model named RCDS that features symbol mapping coding(SMC)and blockchain.With SMC,each party encodes its digital identity into the byte sequence of the shared data by generating a unique symbol mapping table,whereby declaration of data rights can be content-independent for any type and any volume of data.With blockchain,all data-sharing participants jointly supervise the delivery and the access to shared data,so that granting of data rights can be openly verified.The evaluation results show that RCDS is effective and practical in data-sharing applications that are conscientious about data right confirmation.展开更多
In Crypto'05, Boneh et al. presented two broadcast encryption schemes. Their work has exciting achievements: the header (also called ciphertexts) and the private keys are of constant size. In their paper, they giv...In Crypto'05, Boneh et al. presented two broadcast encryption schemes. Their work has exciting achievements: the header (also called ciphertexts) and the private keys are of constant size. In their paper, they give an open question to construct a traitor tracing algorithm for their broadcast encryption schemes, and combine the two systems to obtain an efficient trace-and-revoke system. In this paper, we give a negative answer to their open question. More precisely, we show that three or more insider users are able to collude to forge a valid private key for pirate decoding against their schemes. Moreover, we prove that there exists no traitor tracing algorithm to identify the colluders. Our pirate decoding can also similarly be applied to Lee et al.'s broadcast encryption schemes in ISPEC'06.展开更多
T6 et al presented a bilinear-map-based traitor tracing scheme(TSZ scheme) with revocation, but it is a symmetric scheme because it does not provide non-repudiation. In this paper, an improved TSZ scheme was propose...T6 et al presented a bilinear-map-based traitor tracing scheme(TSZ scheme) with revocation, but it is a symmetric scheme because it does not provide non-repudiation. In this paper, an improved TSZ scheme was proposed by using oblivious polynomial evaluation (OPE) protocol and service parameters. Under the recondition of general sameness capabilities of both TSZ and improved TSZ scheme, the new scheme adds some advantages such as providing multi-service capability, user's non-repudiation and data provider's no-framing innocent users. Furthermore, it is also proved to be semantically secure under the decisional bilinear Diffie-Hellman (DBDH problem) assumption.展开更多
Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center...Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.展开更多
Traitor tracing schemes are introduced to combat the piracy scenarios. The notation of dynamic traitor tracing is proposed by Fiat and Tassa, which fights against rebroadcast of decrypted content. In this paper, using...Traitor tracing schemes are introduced to combat the piracy scenarios. The notation of dynamic traitor tracing is proposed by Fiat and Tassa, which fights against rebroadcast of decrypted content. In this paper, using the idea of searching user address level by level, a new dynamic traitor tracing scheme based on a multilevel structure of user set is constructed. The scheme proposed can efficiently combat with the immediate rebroadcast attack, and possesses lower tracing complexity. Importantly, the tracing scheme can be applicable to systems with different sizes of subscriber sets.展开更多
In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA a...In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA and develop this idea from two-party to multi-party, and combine this multi-party public key idea with the multiplication in ring R of NTRU. What we get from this design is extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and revocation property, etc. Moreover, this novel work contains other desirable features, such as traitor tracing. With its complexity only O(log2n), the tracing algorithm of this system is more efficient than that of the previous ones.展开更多
In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of...In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of defeating most multiple-round based traitor tracing schemes such as the schemes based on the black-box confirmation method. In particular, the proposed pirate decoder is customized to defeat the private key and the public key fully collusion resistant traitor tracing (FTT) schemes, respectively. We show how the decoder prolongs a trace process so that the tracer has to give up his effort. FTT schemes are designed to identify all the traitors. We show that decoder enables the FTT schemes to identify at most 1 traitors. Finally, assuming the decoder is embedded with several bytes of memory, we demonstrate how the decoder is able to frame innocent users at will.展开更多
Anonymous authentication schemes, mostly based on the notion of group signatures, allow a group member to obtain membership from a server and gain access rights if the member can prove their authenticity to the verifi...Anonymous authentication schemes, mostly based on the notion of group signatures, allow a group member to obtain membership from a server and gain access rights if the member can prove their authenticity to the verifier. However, existing authentication schemes are impractical because they neglect to provide an exclusive verification of the blacklist. In addition, the schemes are unaware of malicious members who are involved in privilege transferring. In this paper, a novel membership authentication scheme providing detection of membership transfer and proof of membership exclusiveness to the blacklist is proposed.展开更多
基金Project supported by the Natural Science Foundation of Hebei Province,China(No.F2023201032)the S&T Program of Hebei Province,China(No.20310105D)。
文摘The problem of data right confirmation is a long-term bottleneck in data sharing.Existing methods for confirming data rights lack credibility owing to poor supervision,and work only with specific data types because of their technical limitations.The emergence of blockchain is followed by some new data-sharing models that may provide improved data security.However,few of these models perform well enough in confirming data rights because the data access could not be fully under the control of the blockchain facility.In view of this,we propose a right-confirmable data-sharing model named RCDS that features symbol mapping coding(SMC)and blockchain.With SMC,each party encodes its digital identity into the byte sequence of the shared data by generating a unique symbol mapping table,whereby declaration of data rights can be content-independent for any type and any volume of data.With blockchain,all data-sharing participants jointly supervise the delivery and the access to shared data,so that granting of data rights can be openly verified.The evaluation results show that RCDS is effective and practical in data-sharing applications that are conscientious about data right confirmation.
基金the National Natural Science Foundation of China (Grant Nos. 60303026, 60573030, and 60673077)
文摘In Crypto'05, Boneh et al. presented two broadcast encryption schemes. Their work has exciting achievements: the header (also called ciphertexts) and the private keys are of constant size. In their paper, they give an open question to construct a traitor tracing algorithm for their broadcast encryption schemes, and combine the two systems to obtain an efficient trace-and-revoke system. In this paper, we give a negative answer to their open question. More precisely, we show that three or more insider users are able to collude to forge a valid private key for pirate decoding against their schemes. Moreover, we prove that there exists no traitor tracing algorithm to identify the colluders. Our pirate decoding can also similarly be applied to Lee et al.'s broadcast encryption schemes in ISPEC'06.
基金Supported by the National Natural Science Foundation of China (60372046)
文摘T6 et al presented a bilinear-map-based traitor tracing scheme(TSZ scheme) with revocation, but it is a symmetric scheme because it does not provide non-repudiation. In this paper, an improved TSZ scheme was proposed by using oblivious polynomial evaluation (OPE) protocol and service parameters. Under the recondition of general sameness capabilities of both TSZ and improved TSZ scheme, the new scheme adds some advantages such as providing multi-service capability, user's non-repudiation and data provider's no-framing innocent users. Furthermore, it is also proved to be semantically secure under the decisional bilinear Diffie-Hellman (DBDH problem) assumption.
基金supported by the National Natural Science Foundation of China (60473029)the National Basic Research Program of China (2007CB311201)the Open Foundation of Beijing Institute of Electronic Science and Technology.
文摘Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.
基金Supported by the National Key Basic Research and Development Program(973 Program)(2012CB316103)
文摘Traitor tracing schemes are introduced to combat the piracy scenarios. The notation of dynamic traitor tracing is proposed by Fiat and Tassa, which fights against rebroadcast of decrypted content. In this paper, using the idea of searching user address level by level, a new dynamic traitor tracing scheme based on a multilevel structure of user set is constructed. The scheme proposed can efficiently combat with the immediate rebroadcast attack, and possesses lower tracing complexity. Importantly, the tracing scheme can be applicable to systems with different sizes of subscriber sets.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2007AA01Z435)National Natural Science Foundation of China (60772136)the National Science and Technology Pillar Program (2008BAH22B03, 2007BAH08B01)
文摘In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA and develop this idea from two-party to multi-party, and combine this multi-party public key idea with the multiplication in ring R of NTRU. What we get from this design is extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and revocation property, etc. Moreover, this novel work contains other desirable features, such as traitor tracing. With its complexity only O(log2n), the tracing algorithm of this system is more efficient than that of the previous ones.
文摘In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of defeating most multiple-round based traitor tracing schemes such as the schemes based on the black-box confirmation method. In particular, the proposed pirate decoder is customized to defeat the private key and the public key fully collusion resistant traitor tracing (FTT) schemes, respectively. We show how the decoder prolongs a trace process so that the tracer has to give up his effort. FTT schemes are designed to identify all the traitors. We show that decoder enables the FTT schemes to identify at most 1 traitors. Finally, assuming the decoder is embedded with several bytes of memory, we demonstrate how the decoder is able to frame innocent users at will.
文摘Anonymous authentication schemes, mostly based on the notion of group signatures, allow a group member to obtain membership from a server and gain access rights if the member can prove their authenticity to the verifier. However, existing authentication schemes are impractical because they neglect to provide an exclusive verification of the blacklist. In addition, the schemes are unaware of malicious members who are involved in privilege transferring. In this paper, a novel membership authentication scheme providing detection of membership transfer and proof of membership exclusiveness to the blacklist is proposed.