Search Results (14)

With the rapid development of the Internet of Medical Things (IoMT), the data generated and collected by various sensors and medical devices are gradually increasing. How to realize flexible, efficient, and secure data sharing while ensuring data confidentiality and patient privacy has become a critical research challenge. The traditional Public Key Infrastructure (PKI) must deal with the complicated certificate management problem. An identity-based cryptosystem has the inherent key-escrow risk. These concerns make them unsuitable for resource-constrained and dynamic IoMT environments. To address it, this paper introduces a cloud data sharing protocol for IoMT using a Certificateless Proxy Re-encryption (CL-PRE) scheme that integrates an efficient access-list-based user revocation mechanism. In our system, a patient’s data can be encrypted and securely stored in a semi-trusted third party like the cloud server. When the patient wants to grant the access to designated users, e.g., doctors or medical institutions, a delegated proxy server will re-encrypt the ciphertext to a new one, which is decryptable by the designators. The proxy server also learns nothing during the re-encryption process, so as to maintain the end-to-end confidentiality. As for the security, the authors formally prove that the proposed CL-PRE mechanism for IoMT achieves Type-I and Type-II indistinguishability against adaptive chosen-identity and chosen-ciphertext attacks (IND-PrID-CCA) under the Decisional Bilinear Diffie–Hellman (DBDH) assumption. Moreover, the functional and computational comparisons with previous studies reveal the qualitative advantage of simultaneously achieving certificateless properties and user revocation, and the quantitative advantage of an optimized encryption cost (requiring only one bilinear pairing and two scalar multiplications), making it a theoretically efficient solution for resource-constrained IoMT devices. Full article

Quantum digital signatures (QDS) establish a framework for information-theoretically secure authentication in quantum networks. As a specialized extension of QDS, quantum proxy signatures facilitate secure delegation of signing privileges in distributed quantum environments. However, existing schemes require the predefinition of verifier identities at the system setup phase, which fundamentally constrains their deployment in real-world scenarios. To address this constraint, we propose a quantum proxy signature scheme supporting verification by arbitrary parties without pre-registration while maintaining information-theoretic security guarantees. This work presents a constructive approach to mitigating verification constraints in quantum proxy signature architectures. Full article

With the advancement of quantum computing, the utilization of quantum algorithms such as Shor’s algorithm enables the efficient resolution of problems that are intractable in classical computing paradigms, posing a significant threat to traditional signature schemes. Lattice-based cryptography is considered one of the most promising post-quantum cryptographic algorithms due to its computational advantages and potential resistance to quantum attacks. Proxy signature is an authorization mechanism that allows the original signer to delegate the signing power to a proxy. The security of existing proxy signature schemes is mostly based on classical hard problems, which cannot guarantee security under quantum attacks. Therefore, this paper combines lattice-based cryptography with proxy signatures to propose a new lattice-based proxy signature scheme (NLBPS). NLBPS constructs signatures using lattice-based trapdoor sampling algorithms and preimage sampling algorithms. Comparative analysis shows that the proposed scheme has relatively smaller key and signature sizes compared to some existing lattice-based proxy signature schemes, and it also offers a certain improvement in computational efficiency. Full article

Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine, without decryption, whether two ciphertexts encrypted with different public keys generate from the same message. In previous research, public key encryption with equality test (PKEET) was extended to include identity-based encryption with equality test (IBEET), thereby broadening the application of PKEET. Subsequently, certificateless encryption with equality test (CLEET) was introduced to address the key escrow problem in IBEET. However, existing CLEET schemes suffer from inefficiency and potential information leakage when dealing with multiple ciphertexts due to the need for pairwise equality tests. To address this issue, we propose a concept of certificateless encryption supporting multi-ciphertext equality test with proxy-assisted authorization (CLE-MET-PA). CLE-MET-PA incorporates the functionality of the multi-ciphertext equality test into CLEET, enabling a tester to perform a single equality test on multiple ciphertexts to determine whether the underlying plaintexts are equal, without revealing any additional information. This enhances the security of our scheme while significantly reducing the computational overhead compared to multiple pairwise equality tests, making our scheme more efficient. Additionally, our approach integrates proxy-assisted authorization, allowing users to delegate a proxy to grant authorizations for equality tests on their behalf when offline. Importantly, the proxy token used in our scheme does not include any portion of the user’s private key, providing enhanced protection compared to traditional PKEET schemes in which the user token is often part of the user’s private key. We construct a concrete CLE-MET-PA scheme and prove that it achieves CPA security and attains CCA security through an FO transformation. Full article

With the advent of the digital age, traditional lifestyle activities, such as reading books, referencing recipes, and enjoying music, have progressively transitioned from offline to online. However, numerous issues plague the conventional approach to digital copyright protection. This is especially true in the realm of recipe protection, where the rights and interests of original creators are inadequately safeguarded due to the widespread dissemination of a large number of recipes on the Internet. This primarily stems from the high costs of gathering evidence, incomplete coverage of evidence collection, and the inability to identify and halt infringement activities in a timely manner during the process of traditional digital copyright protection. Therefore, this study designs and implements a blockchain-based digital recipe copyright protection scheme to address the issues of insufficient legal evidence and cumbersome processes in traditional digital copyright protection. First, we enhance standard short text similarity calculation method SimHash, boosting the accuracy of text similarity detection. We then utilize the decentralization, immutability, time-stamping, traceability, and smart contract features of blockchain technology for data privacy protection. We employ the Interplanetary File System (IPFS) to store raw data, thereby ensuring user privacy and security. Lastly, we improve the proxy voting node selection in the existing delegated proof of stake (DPOS) consensus mechanism. According thorough evaluation and empirical analysis, the scheme effectively improves the accuracy of text similarity detection. Simultaneously, the enhanced DPOS mechanism effectively rewards nodes with excellent performance and penalizes nodes exhibiting malicious behavior. In this study, we successfully designed and implemented an innovative digital recipe copyright protection scheme. This scheme effectively enhances the accuracy of text similarity detection; ensures the privacy and security of user data; and, through an enhanced DPOS mechanism, rewards well-performing nodes while penalizing those exhibiting malicious behavior. Full article

Blind signatures have been widely applied when privacy preserving is required, and the delegation of blind signature rights and a proxy blind signature (Proxy-BS) become necessary when the signer cannot sign. Existing Proxy-BS schemes are based on traditional cryptographically hard problems, and they cannot resist quantum attacks. Moreover, most current Proxy-BS schemes depend on public key infrastructure (PKI), which leads to high certificate storage and management overhead. To simplify key management and resist quantum attacks, we propose a post-quantum secure identity-based proxy blind signature (ID-Proxy-BS) scheme on a lattice using a matrix cascade technique and lattice cryptosystem. Under the random oracle model (ROM), the security of the proposed scheme is proved. Security shows that the proposed scheme assures security against quantum attacks and satisfies the correctness, blindness, and unforgeability. In addition, we apply the ID-Proxy-BS scheme on a lattice to e-voting and propose a quantum-resistant proxy e-voting system, which is resistant to quantum attacks and achieves the efficiency of e-voting. Full article

With the prevalence of cloud computing, the outsourcing of computation has gained significant attention. Clients with limited computing power often outsource complex computing tasks to the cloud to save on computing resources and costs. In outsourcing the computation of functions, a function owner delegates a cloud server to perform the function’s computation on the input received from the user. There are three primary security concerns associated with this process: protecting function privacy for the function owner, protecting input privacy for the user and guaranteeing that the cloud server performs the computation correctly. Existing works have only addressed privately verifiable outsourcing computation with privacy or publicly verifiable outsourcing computation without input privacy or function privacy. By using the technologies of homomorphic encryption, proxy re-encryption and verifiable computation, we propose the first publicly verifiable outsourcing computation scheme that achieves both input privacy and function privacy for matrix functions, which can be extended to arbitrary multivariate polynomial functions. We additionally provide a faster privately verifiable method. Moreover, the function owner retains control over the function. Full article

In emergency scenarios where the on-site information is completely lacking or the original environmental state has been completely changed, autonomous and mobile swarm robotics are used to quickly build a rescue support system to ensure the safety of follow-up rescuers and improve rescue efficiency. To address the data security problem caused by the complex and changeable topology of the heterogeneous swarm robotics network in the process of building the rescue support system, this paper introduced a decentralized data security communication scheme for heterogeneous swarm robotics. First, we built a decentralized network topology model by using base robot, communication robotics, and business robotics, and it can ensure the stability of the system. Moreover, based on the decentralized network topology model, we designed a storage model using the master–slave blockchain method. The master chain is composed of base robot and communication robotics, which mainly store the digests of robot data in multiple slave chains to reach the global data consensus of the system. The slave chains are composed of business robotics and communication robotics, which mainly store all data on the slave chains to reach the local data consensus of the system. The whole data storage system adopts the Delegated Proof of Stake consensus mechanism to elect proxy nodes to participate in the data consensus tasks in the system and to ensure the data consistency of each robot node in the decentralized network. Additionally, a prototype of the heterogeneous swarm robotics system based on the master–slave chains is constructed to verify the effectiveness of the proposed model. The experimental results show that the scheme effectively solves the data security problem caused by the unstable communication link of the heterogeneous swarm robotics system. Full article

In e-health systems, patients encrypt their personal health data for privacy purposes and upload them to the cloud. There exists a need for sharing patient health data with doctors for healing purposes in one’s own preferred order. To achieve this fine-gained access control to delegation paths, some researchers have designed a new proxy re-encryption (PRE) scheme called autonomous path proxy re-encryption (AP-PRE), where the delegator can control the whole delegation path in a multi-hop delegation process. In this paper, we introduce a certificateless autonomous path proxy re-encryption (CLAP-PRE) using multilinear maps, which holds both the properties (i.e., certificateless, autonomous path) of certificateless encryption and autonomous path proxy re-encryption. In the proposed scheme, (a) each user has two public keys (user’s identity and traditional public key) with corresponding private keys, and (b) each ciphertext is first re-encrypted from a public key encryption (PKE) scheme to an identity-based encryption (IBE) scheme and then transformed in the IBE scheme. Our scheme is an IND-CPA secure CLAP-PRE scheme under the k-multilinear decisional Diffie–Hellman (k-MDDH) assumption in the random oracle model. Full article

Next Generation cellular networks are expected to offer better service quality, secure and reliable service provisioning, and more cooperative operation even in unexpected stressful situations. Service provider cooperation can facilitate reliable service provisioning and extended coverage in disasters situations or partial network failures. However, the current 4G and 5G standards do not offer security and privacy-friendly support for inter-operator agility and service mobility, a key enabler for such cooperation. The situation becomes more critical in presence of attackers, where establishing trust relationships becomes very complicated. This paper presents a novel UAV-assisted user-agility support framework that enables trustworthy seamless service migration in a zero-trust environment. The proposed framework facilitates temporal authentication-authority delegation and proxying to enable preservice, all-party mutual authentication. The framework is implemented and tested on top of the srsRAN open-source 4G/5G software stack. Experiments showed that the presented framework managed to facilitate effective and efficient trustworthy service migration between heterogeneous service provider networks. Full article

The homomorphic proxy re-encryption scheme combines the characteristics of a homomorphic encryption scheme and proxy re-encryption scheme. The proxy can not only convert a ciphertext of the delegator into a ciphertext of the delegatee, but also can homomorphically calculate the original ciphertext and re-encryption ciphertext belonging to the same user, so it is especially suitable for cloud computing. Yin et al. put forward the concept of a strong collusion attack on a proxy re-encryption scheme, and carried out a strong collusion attack on the scheme through an example. The existing homomorphic proxy re-encryption schemes use key switching algorithms to generate re-encryption keys, so it can not resist strong collusion attack. In this paper, we construct the first lattice-based homomorphic proxy re-encryption scheme with strong anti-collusion (HPRE-SAC). Firstly, algorithm TrapGen is used to generate an encryption key and trapdoor, then trapdoor sampling is used to generate a decryption key and re-encryption key, respectively. Finally, in order to ensure the homomorphism of ciphertext, a key switching algorithm is only used to generate the evaluation key. Compared with the existing homomorphic proxy re-encryption schemes, our HPRE-SAC scheme not only can resist strong collusion attacks, but also has smaller parameters. Full article

Sharing energy storage (SES) is a novel business model in order to increase the profits and improve the utilization rate of idle energy storage facilities. On the other hand, blockchains can be competently applied in the transaction and operation of SES because of distributed network architecture, traceability and tamper proof. In this paper, a management model of SES based on proxy signatures in the blockchain environment is proposed. Many management models including the principal-agent model are analyzed for SES in terms of benefit, cost, resources, and so on. Moreover, a blockchain framework and a typical transaction process of SES is presented. Finally, a proxy signature mechanism based on the ElGamal algorithm is proposed in order to address the problem that the signature power of nodes cannot be transferred on blockchains. Simulation results show that the proposed proxy signature mechanism can achieve the delegation of digital signature power under the premise of security and reliability, which is suitable for the management model of SES on blockchains. Full article

Information-Centric Networking (ICN) is an emerging communication paradigm built around content names. Securing ICN using named-based security is, therefore, a natural choice. For this paper, we designed and evaluated name-based security solutions that satisfy security requirements that are particular to ICN architectures. In order to achieve our goal, we leverage identity-based encryption, identity-based proxy re-encryption, and the emerging paradigm of decentralized identifiers. Our solutions support outsourcing content storage, content integrity protection and content authentication, and provenance verification, as well as access control. We show that our solutions have tolerable storage and computation overhead, thus proving their feasibility. Full article

Digital signature with proxy delegation, which is a secure ownership enforcement tool, allows an original signer to delegate signature rights to a third party called proxy, so that the proxy can sign messages on behalf of the original signer. Many real-world applications make use of this secure mechanism, e.g., digital property transfer. A traditional digital signature mechanism is required to bind a message and its signature together for verification. This may yield extra cost in bandwidth while the sizes of message and signature are relatively huge. Message recovery signature, enabling to reduce the cost of bandwidth, embeds a message into the corresponding signature; therefore, only the signature will be transmitted to the verifier and the message can further be recovered from the signature. In this paper, we, for the first time, propose a novel digital signature scheme in the identity-based context with proxy delegation and message recovery features and, more importantly, our scheme is quantum resistant, in a particular lattice-based signature. Our scheme achieves delegation information and signature existential unforgeability against adaptive chosen warrant and identity. Compared with the seminal lattice-based message recovery signature, our scheme is independent from public key infrastructure, realizes delegation transfer of signature rights, and compresses signature length ulteriorly. To the best of our knowledge, this paper is the first of its type. Full article