36 results about "Provable security" patented technology

The invention discloses a SM2 algorithm collaborative signature and decryption method, device and system. The collaborative signature method comprises the following steps: computing a first elliptic curve group element set and sending the a server-side to check; checking a second elliptic curve group element set fed back by the server-side, and computing a third elliptical curve group element based on the first elliptic curve group element set and the second elliptic curve group element set; computing a first numerical value according to a user information hash value, a to-be-signed message and an abscissa of the third elliptical curve group element; generating a second numerical value according to the first numerical value, the first random number and a client private key component, and sending the second numerical value to the server-side; receiving a third numerical value computed according to the second numerical value, the second random number and the server-side private key component; and synthesizing as a SM2 digital signature according to the first numerical value and the third numerical value. The method disclosed by the invention has features of verification input and provable security, more conforms to the actual application environment, and can protect the user privacy better.

The invention provides an authentication method of an Ethernet passive optical network (EPON) system. By combining Galois field message authentication code (GMAC), the method realizes authentication process of the EPON system, can support ONU authentication and user authentication simultaneously, and designs a frame structure of the GMAC authentication of the EPON system and protocol process of the ONU authentication and the user authentication. The method can overcome the defect of one-way authentication existing in the EPON system authentication mode under the IEEE802.1X port access control mode, and effectively guarantee the source authenticity and data integrity of the authentication. GMAC has provable security, hash function structure thereof based on a binary Galois field multiplier is suitable for parallel and high-speed implementation of hardware and has increment authentication characteristic, thus leading the method to be capable of meeting the requirements of high-speed and effective identification authentication of the EPON system better and to have good security.

The invention provides a key distribution and reconstruction method based on the mobile internet. The method includes the steps of S1, constructing an identity-based key packaging model and a verifiable random function; S2, distributing keys; S3, reconstructing the keys. A calculable collusion-proof equilibrium method is designed, a protocol collusion-proof game-with-entropy model is constructed, and thus collusive attack of participants is prevented; a cryptographic protocol communication game model is constructed, and the defect that password protocols constructed in the broadcast communication network are unable to be implemented in the mobile internet is overcome; the key packaging mechanism applicable to the verifiable random function is studied, the rational key sharing protocol requiring no pubic key infrastructure is designed, and calculation fairness and delivery in the mobile internet is guaranteed; finally, the protocol is subjected to security analysis and proving through the theory of provable security.

The invention relates to a NOT operational character supported characteristic-based CP-ABE method having CCA security. An access control structure is an access control tree; a NOT node is added in the access control tree; and k is equal to -1. Meanwhile, according to regulation, a father node of the NOT node must be an ''AND'' node and only one intermediate node is hung under the NOT node; and thus the intermediate node is used as a root node to set a strategy tree and the strategy tree expresses a related strategy, set by an encryption party, of a NOT attribute. A high one-time signature technology is added to further enhance a security level of the method from a CPA security level to a CCA security level. Strategy expression based on an attribute encryption algorithm is enriched; security of the existing method is enhanced, thereby building the high access controlling capability; and moreover, the method has an encryption method with a provable security.

In an OCDM-based photonic encryption system by applying random noise on unused channels and varying the inter-code phases on realistic framing repetition, an OCDM-based encryption system with provable security guarantees results.

The present invention discloses an AES mask encryption method resisting high order power consumption analysis, that is, design of a mask protection solution resisting high order differential power consumption analysis, belonging to the technical field of information security. The present invention uses a mask technology design protection solution, so that the AES algorithm can resist high order differential power consumption analysis. The method mainly comprises the following steps of firstly, designing and generating a random number expression according to an Ishai-Sahai-Wagner provable security frame; and secondly, solving a security problem of zero attack in a one order multiplication mask solution provided by Akkar and used for protecting an AES password algorithm, designing a high order mask protection solution protecting the AES algorithm, and protecting, by using the random number generated in the first step, an S box non-linear operation with high energy consumption in protecting AES password algorithm. The AES password algorithm with high security and efficiency is more suited to an embedded environment with limited resources.

The present invention discloses a secure lightweight McEliece public key mask encryption method, and belongs to the technical field of information security. Design of the method is divided into two parts: constructing a Quasi-Dyadic MDPC code McEliece cipher code algorithm with a lightweight key and designing a mask protecting scheme that resists power-consumption analysis. According to the method of the present invention, a Quasi-Dyadic MDPC code is constructed and applied to a McEliece cipher code algorithm, so that the volume of a key is effectively reduced. According to the method of the present invention, mask technology is also used to design a protecting scheme, enabling the McEliece cipher code algorithm to resist power-consumption analysis. Meanwhile, the present invention solves the security problem that power consumption caused by using an ISW provable security framework core algorithm to generate a random number is prone to leak a share a and a share b simultaneously. The highly secure and highly efficient McEliece public key cipher code algorithm designed according to the method of the present invention is more applicable to an embedded environment with limited resources.

The invention discloses an equipment area provable security verification method with resistance to collusion attack and mainly solves the problem of absence of a security verification method with areas as credential information in existing position-based cryptography technologies. The implementation scheme of the method comprises steps as follows: a provable security verification model is built, and a prover is located in a target area; verifiers select information sources and random series and share information with one another, and the verifiers replay information in a broadcasting manner; a metric value is generated by the prover, and a verification value is calculated, and position information of the prover is broadcasted; the verifiers verify correctness of the verification value, whether the position information of the prover is accepted is judged, if the verification value passes the verification, the position information of the prover is broadcasted, otherwise, the verification value does not pass the verification, that is, the position claimed by the prover is not in the area, and the verification is finished. According to the method, any prover in the target area can effectively resist the collusion attack of multiple opponents after verification, and the security verification of the position of the prover is realized. The method can be used for verifying whether the equipment, namely, the prover, is located in the target area.

The invention relates to a method of changing secret keys based on shared key certificates. It is a method of shared certificate and digital signature based on discrete logarithms in large prime number area and Diffie-Hellman secret key changing agreement, and with collision resist different functions. It is safe with a fast calculation speed, which has been proved.

The invention discloses a hybrid secure communication method and system for key data quantum encryption and a storage medium, and the method comprises the steps: segmenting data in a communication service data stream according to different security levels through data analysis and discrimination or manual recognition and calibration; a quantum secret communication system in a'one-time pad 'working mode is used for transmitting data fragments calibrated as'security switching', a common communication system is used for transmitting other data fragments, and original communication service data flow is restored through fragment recombination. The hybrid secure communication method is compatible with other various technical schemes for improving the quantum secure communication rate from a physical layer, the rate pressure faced by the physical layer can be partially shared by an application layer, and meaningless calling of non-switching data on quantum keys is avoided through communication service data stream preprocessing. The maximum utilization of the quantum secure communication bandwidth is realized on the premise that key data has mathematically provable security, and an important support can be provided for a practical quantum secure communication network.

The invention discloses an authentication key negotiation method and system against continuous leakage. The system is composed of two users, respectively a session initiator and a responder; and eachuser has a pair of public and private keys. The method in the invention first performs system initialization and then performs a first interaction, and the session initiator sends a message parameterto the responder; then a second interaction is carried out, and the session responder responds to the initiator with the message parameter; finally, the session initiator and the responder authenticate key negotiation, update own private keys and generate a common communication key. The authentication key negotiation method and system against continuous leakage in the invention are particularly suitable for the secure communication of both parties, are high in security as having achieved cryptographically provable security, and is high in practicability as being able to execute safely and stably still in a continuous leakage environment; and in combination with an elliptic curve and bilinear pairing technology, a session key authentication negotiation protocol against continuous leakage isproposed, and the scheme efficiency is high.

The exchange method is based on discrete-logarithm issue and Diffie-Hellman cipher key exchange protocol on the elliptical curve and assisted with anti-impact odds and ends function, session key exchange method of public key certificate and digital signature. The method is good at security which can be certified and it has quick operation speed.

The invention relates to a convertible proxy signcryption method with provable security of cloud security control and is used for protecting privacies of users. The method mainly comprises the generation of proxy signing keys, signing, message recovery and signature verification, signature conversion and the like; the main difference between the general proxy signcryption scheme is as follows: the public keys, the proxy certificates and parameters of an original signer and a proxy signer cannot be transmitted as public parameters, and also need to be recovered as the message. The convertible proxy signcryption method with provable security provided by the invention can guarantee the confidentiality of the identities of the original signer and the proxy signer, so as to be applied to an authentication protocol of cloud computing.