Research On Efficient Signature And Encryption Technologies For Public-Key Group-Oriented Cryptography

With the enhancement of network openness and cooperation,the network defense boundary of application systems is increasingly blurred or even disappeared.The security defense strategy in cyberspace is experiencing a gradual change from static "holistic defense",orienting system boundary to continuous"individual defense" orienting system resources.Meanwhile,the rapid development of quantum computers has also accelerated this change process and exacerbated network security risks.In view of this change,the classical cryptographic structure based on 1:1 public-private key pair cannot meet the practical needs of complex access control and fine-grained authorization.Thus,it has become an inevitable trend to study a more flexible and efficient Public-Key Group-oriented Cryptography(PKGC)under 1:n key structure to adapt to the future open network environment.Based on many excellent researches of existing PKGC systems,such as group signature,ring signature,identity-based encryption and Attribute-Based Encryption(ABE),this paper researches on efficient signature and encryption technologies over PKGC.Especially,the research will focus on efficiency,quantum-attacks,and collusion-attack resistances of group-oriented cryptography.By combining cryptographic security protocols with aggregation functions,access control and trapdoor function,this paper presents some new schemes,including a Designated Verifier-Set Signature(DVSS)scheme,an efficient ABE scheme over lattice-based on small policy matrix,and an ABE scheme over ring against collusion attacks.The main contributions of this paper are as follows:1)proposes a DVSS scheme over identity-based aggregator.At first,a notion of identity-based aggregator is defined,and two types of aggregators are constructed by using the zeros and poles of polynomials.Then,zero-pole cancellation method is introduced into the DVSS to support the identity verification of designated verifier,so that any member in this designated verifier-set can independently verify the correctness of signatures.The size of designated set is unlimited and independent of signature length.The output size of identity-based aggregator,signature and user's private key are O(1).Moreover,this scheme is proved to be existentially unforgeable under the SDH assumption,and it satisfies the exclusivity for non-designated verifiers under the GDHE assumption.Furthermore,this scheme can be applied to a deposit model of blockchain smart contracts that enables only designated parties in contracts to adduce evidence to provide security.2)proposes an efficient Ciphertext-Policy ABE scheme from Lattice(CPABE-L).By designing an optimization algorithm to generate a Small Policy Matrix(SPM)only consisting of elements in {-1,0,1},a reconstructed vector consisting of all ones is obtained to reduce the cumulative error caused by Learning with Errors(LWE)to the minimum.Then,an Error Proportion Allocation(EPA)method is designed to achieve the optimal estimation of system parameters in lattice-based cryptosystems.Experimental results show that this scheme has the advantages of short size parameters,efficient computation and lower storage costs.Moreover,the scheme is proved to satisfy the semantic security against IND-sAS-CPA under the decisional LWE assumption.In addition,the scheme is applied to Cloud File Sharing(CFS)architecture to protect sensitive cloud data from privacy leakage.3)proposes two Collusion-Resistant schemes over rings,Broadcast Encryption(RCR-BE)and Ciphertext-Policy ABE(RCR-CP-ABE),based on a new trapdoor function.Firstly,a Trapdoor Bivariate One-Way Function(TB-OWF)is introduced by extending the original univariate function to a bivariable one,and then the notions of partial preimage resistance and partial collision resistance are defined.Using the TB-OWF on Ring Short Integer Solution(Ring-SIS),the RCRBE scheme is constructed with two properties of unlimited private key generation and collusion resistance under large-scale groups.Furthermore,this paper gives the notion of Trapdoor Binary One-Way Function Family(TB-OWFF)and its concrete construction.Then,the RCR-CP-ABE scheme is constructed by combining TBOWFF with SPM algorithm over rings to resist collusion attacks among attribute keys of different users.Finally,the scheme is proved to meet the semantic security against IND-sAS-CPA-CA under the R-LWE assumption.The research of this paper shows that identity-based aggregator and SPM are efficient methods to improve the performance of PKGC system.Moreover,the construction of the new trapdoor function further improves the security of PKGC system.These works will provide better theoretical foundation and practical support for more secure and efficient applications,including blockchain smart contract and CFS,to resist quantum attacks in an open network environment.