Ideal function is the fundamental component in the universally composable security model. However, the certification ideal function defined in the universally composable security model realizes the identity authentica...Ideal function is the fundamental component in the universally composable security model. However, the certification ideal function defined in the universally composable security model realizes the identity authentication by binding identity to messages and the signature, which fails to characterize the special security requirements of anonymous authentication with other kind of certificate. Therefore, inspired by the work of Marten, an anonymous hash certification ideal function and a more universal certificate CA model are proposed in this paper. We define the security requirements and security notions for this model in the framework of universal composable security and prove in the plain model (not in the random-oracle model) that these security notions can be achieved using combinations of a secure digital signature scheme, a symmetrical encryption mechanism, a family of pseudorandom functions, and a family of one-way collision-free hash functions. Considering the limitation of wireless environment and computation ability of wireless devices, this anonymous Hash certification ideal function is realized by using symmetry primitives.展开更多
Deniable authentication protocols allow a sender to authenticate a message for a receiver, in a way which the receiver cannot convince a third party that such authentication ever took place. When we consider an asynch...Deniable authentication protocols allow a sender to authenticate a message for a receiver, in a way which the receiver cannot convince a third party that such authentication ever took place. When we consider an asynchronous multi-party network with open communications and an adversary that can adaptively corrupt as many parties as it wishes, we present a new approach to solve the problem of concurrent deniable authentication within the framework of universally composable (UC) security. We formulate a definition of an ideal functionality for deniable authentication. Our constructions rely on a modification of the verifiably smooth projective hashing (VSPH) with projection key function by trapdoor commitment. Our protocols are forward deniable and UC security against adaptive adversaries in the common reference string model. A new approach implies that security is preserved under concurrent composition of an unbounded number of protocol executions; it implies non-malleability with respect to arbitrary protocols and more. The novelty of our schemes is the use of witness indistinguishable protocols and the security is based on the decisional composite residuosity (DCR) assumption. This new approach is practically relevant as it leads to more efficient protocols and security reductions.展开更多
As an important component of internet of things, electronic product code (EPC) system is widely used in many areas. However, the mass deployment of EPC system is frequently degraded by security and privacy problems....As an important component of internet of things, electronic product code (EPC) system is widely used in many areas. However, the mass deployment of EPC system is frequently degraded by security and privacy problems. Therefore, the major researches focus on the design of a secure EPC system with high efficiency. This paper discusses the security requirements of EPC system and presents a universal composable (UC) model for EPC system, the ideal functionality of EPC system is also formally defined with the UC framework. Then a secure protocol for EPC system under UC framework is proposed and the analysis of security and performance of the proposed protocol is given, in comparison with other protocols, the results show that the proposed protocol is UC secure and can provide privacy protection, untraceability, authorized access, anonymity and concurrent security for EPC system. Furthermore, less computation and storage resource are required by the proposed protocol.展开更多
Within the framework of universal composability,an appropriate ideal functionality that captures the basic security requirements of three party password-based key exchange was defined. An efficient real-word three par...Within the framework of universal composability,an appropriate ideal functionality that captures the basic security requirements of three party password-based key exchange was defined. An efficient real-word three party password-based key exchange protocol was also proposed.This protocol securely realizes the ideal functionality with respect to static party corruption.Thus it provides security guarantees under arbitrary composition with other protocols.展开更多
We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the ...We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the recent GS schemes due to Ateniese et al. The security proofs are provided in the Universally Composable model, which allows the proofs of security valid not only when our scheme is executed in isolation, but also in composition with other secure cryptographic primitives. We also present several new computational assumptions and justify them in the generic group model. These assumptions are useful in the design of high-level protocols and may be of independent interest.展开更多
Canetti and Herzog have already proposed universally composable symbolic analysis(UCSA) to analyze mutual authentication and key exchange protocols. However,they do not analyze group key exchange protocol. Therefore,t...Canetti and Herzog have already proposed universally composable symbolic analysis(UCSA) to analyze mutual authentication and key exchange protocols. However,they do not analyze group key exchange protocol. Therefore,this paper explores an approach to analyze group key exchange protocols,which realize automation and guarantee the soundness of cryptography. Considered that there exist many kinds of group key exchange protocols and the participants’ number of each protocol is arbitrary. So this paper takes the case of Burmester-Desmedt(BD) protocol with three participants against passive adversary(3-BD-Passive) . In a nutshell,our works lay the root for analyzing group key exchange protocols automatically without sacrificing soundness of cryptography.展开更多
Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext veri...Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.展开更多
Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built ...Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).展开更多
基金the National Natural Science Foundation of China (Grant Nos. 90204012, 60573035, and 60573036)the MIC of Korea,under the ITRC support program supervised by the IITA (IITA-2006-C1090-0603-0026)
文摘Ideal function is the fundamental component in the universally composable security model. However, the certification ideal function defined in the universally composable security model realizes the identity authentication by binding identity to messages and the signature, which fails to characterize the special security requirements of anonymous authentication with other kind of certificate. Therefore, inspired by the work of Marten, an anonymous hash certification ideal function and a more universal certificate CA model are proposed in this paper. We define the security requirements and security notions for this model in the framework of universal composable security and prove in the plain model (not in the random-oracle model) that these security notions can be achieved using combinations of a secure digital signature scheme, a symmetrical encryption mechanism, a family of pseudorandom functions, and a family of one-way collision-free hash functions. Considering the limitation of wireless environment and computation ability of wireless devices, this anonymous Hash certification ideal function is realized by using symmetry primitives.
基金the National Natural Science Foundation of China (Grant Nos. 60702059, 60633020 and 60573036)by the MIC of Korea, under the ITRC support program supervised by the IITA (IITA-2006-C1090-0603-0026)
文摘Deniable authentication protocols allow a sender to authenticate a message for a receiver, in a way which the receiver cannot convince a third party that such authentication ever took place. When we consider an asynchronous multi-party network with open communications and an adversary that can adaptively corrupt as many parties as it wishes, we present a new approach to solve the problem of concurrent deniable authentication within the framework of universally composable (UC) security. We formulate a definition of an ideal functionality for deniable authentication. Our constructions rely on a modification of the verifiably smooth projective hashing (VSPH) with projection key function by trapdoor commitment. Our protocols are forward deniable and UC security against adaptive adversaries in the common reference string model. A new approach implies that security is preserved under concurrent composition of an unbounded number of protocol executions; it implies non-malleability with respect to arbitrary protocols and more. The novelty of our schemes is the use of witness indistinguishable protocols and the security is based on the decisional composite residuosity (DCR) assumption. This new approach is practically relevant as it leads to more efficient protocols and security reductions.
基金supported by the National Natural Science Foundation of China (60972077, 61121061)the Fundamental Research Funds for the Central Universities (BUPT2012RC0216)the National Science and technology key project(2010ZX03003-003-01)
文摘As an important component of internet of things, electronic product code (EPC) system is widely used in many areas. However, the mass deployment of EPC system is frequently degraded by security and privacy problems. Therefore, the major researches focus on the design of a secure EPC system with high efficiency. This paper discusses the security requirements of EPC system and presents a universal composable (UC) model for EPC system, the ideal functionality of EPC system is also formally defined with the UC framework. Then a secure protocol for EPC system under UC framework is proposed and the analysis of security and performance of the proposed protocol is given, in comparison with other protocols, the results show that the proposed protocol is UC secure and can provide privacy protection, untraceability, authorized access, anonymity and concurrent security for EPC system. Furthermore, less computation and storage resource are required by the proposed protocol.
基金Project(60573036)supported by the National Natural Science Foundation of china
文摘Within the framework of universal composability,an appropriate ideal functionality that captures the basic security requirements of three party password-based key exchange was defined. An efficient real-word three party password-based key exchange protocol was also proposed.This protocol securely realizes the ideal functionality with respect to static party corruption.Thus it provides security guarantees under arbitrary composition with other protocols.
基金This work is supported by the National Natural Science Foundation of China under Grant No.60473027ARC Discovery Grant of Australia under Grant No.DP0557493China Postdoctoral Science Foundation(Grant No.20060400035).
文摘We propose short group signature (GS) schemes which are provably secure without random oracles. Our basic scheme is about 14 times shorter than the Boyen-Waters GS scheme at Eurocrypt 2006, and 42% shorter than the recent GS schemes due to Ateniese et al. The security proofs are provided in the Universally Composable model, which allows the proofs of security valid not only when our scheme is executed in isolation, but also in composition with other secure cryptographic primitives. We also present several new computational assumptions and justify them in the generic group model. These assumptions are useful in the design of high-level protocols and may be of independent interest.
基金supported by National Natural Science Foundation of China No.61003262,National Natural Science Foundation of China No.60873237Doctoral Fund of Ministry of Education of China No.20070007071
文摘Canetti and Herzog have already proposed universally composable symbolic analysis(UCSA) to analyze mutual authentication and key exchange protocols. However,they do not analyze group key exchange protocol. Therefore,this paper explores an approach to analyze group key exchange protocols,which realize automation and guarantee the soundness of cryptography. Considered that there exist many kinds of group key exchange protocols and the participants’ number of each protocol is arbitrary. So this paper takes the case of Burmester-Desmedt(BD) protocol with three participants against passive adversary(3-BD-Passive) . In a nutshell,our works lay the root for analyzing group key exchange protocols automatically without sacrificing soundness of cryptography.
基金Supported by the National Basic Research Program of China (Grant No. G2002cb312205)
文摘Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.
基金Project supported by the National Key R&D Program of China(No.2017YFB0802000)the National Natural Science Foundation of China(Nos.61672412,61472309,and 61572390)the China Scholarship Council(No.201406960041)
文摘Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).
