Guoyan Zhang

The second-preimage attack on MD4

In Eurocrypt’05, Wang et al. presented new techniques to find collisions of Hash function MD4. The techniques are not only efficient to search for collisions, but also applicable to explore the second- preimage of MD4. About the second-preimage attack, they showed that a random message was a weak message with probability 2−122 and it only needed a one-time MD4 computation to find the second-preimage corresponding to the weak message. A weak message means that there exits a more efficient attack than the brute force attack to find its second-preimage. In this paper, we find another new collision differential path which can be used to find the second-preimage for more weak messages. For any random message, it is a weak message with probability 2−56, and it can be converted into a weak message by message modification techniques with about 227 MD4 computations. Furthermore, the original message is close to the resulting message (weak message), i.e, the Hamming weight of the difference for two messages is about 44.

A Certificateless Signature and Group Signature Schemes against Malicious PKG

Identity-based crypto system has many advantages over PKI-based cryptosystem in key distribution, but key escrow is always an inherent drawback. In order to solve the problem, certificateless public key cryptography was introduced by Al-Riyami and Paterson in [8]. In this paper, we first introduce a certificateless signature scheme secure against both malicious PKG attack and DOD attack without random oracle, which is the first scheme satisfying theses properties in the literature. Based on the certificateless signature scheme, we also present a constant-size group signature scheme against malicious group manager.

Secret Key Awareness Security Public Key Encryption Scheme

In this paper, firstly, we introduce a new security definition called secret key awareness security which is to guarantee anyone generating the public key to know the corresponding secret key. Following, we give a concrete implementing for secret key awareness security. Secondly, we present two applications: one is in plaintext awareness security cryptosystem, and another is in certificatless public key encryption scheme.

Certificateless threshold decryption scheme secure in the standard model

Certificateless cryptography solves the key escrow problem inherent in identity-based cryptography. This paper first presents a practical model for certificateless threshold decryption scheme which avoids both the single point of failure in the distributed networks and the inherent key escrow problem in identity-based cryptosystem. Based on the idea of [9], The paper also introduces the first certificateless threshold decryption scheme that is IND-CCA secure against chosen ciphertext attack in the standard model.

Fuzzy Certificateless Identity-Based Encryption Protocol from Lattice

Due to their conjectured resistance to quantum cryptanalysis, strong worst-case/average-case security guarantees, ease of implementation and increasing practicality, lattice-based cryptography is one of the hottest and fastest moving areas in mathematical cryptography today. In this paper, we give a fuzzy certificateless identity-based encryption scheme from lattice, whose security is based on the hardness of the Learning With Errors (LWE) problem. In the scheme, the user can choose his own secret key that the KGC cannot obtain, which is an efficient approach to mitigate the key escrow problem in fuzzy identity-based encryption scheme.

Attribute-Based Certificateless Cryptographic System

As an extension of identity-based encryption scheme, attribute-based encryption scheme also has the key escrow problem. Multi-authority attribute-based encryption schemes are principal solution, but it is at the cost of the introducing extra infrastructure and communication. This paper introduces the concept of attribute-based certificatless encryption system (ABCE), which is a new approach to mitigate the key escrow problem in attribute-based encryption scheme. In ABCE, the user can choose his own secret key that the KGC cannot obtain. In contrast to attribute-based encryption scheme under multiple authorities, our approach needs less extra cost. Following, we give a generic construction and an improvement in the efficiency.

A general construction for multi-authority attribute-based encryption

An attribute-based encryption scheme is a scheme in which each user is identified by a set of attributes, and some function of those attributes is used to determine decryption ability for each ciphertext. But as an extension for identity-based encryption scheme, the attribute-based schemes are also confronted with the key escrow problem. Furthermore, the attributes belonging to a user usually are monitored by different authorities. One approach to simultaneously resolve the two problems is multi-authority attribute-based encryption schemes, in which the secret keys of the users needed be distributed by different authorities. However, this solution comes at the cost of introducing extra infrastructure and communication. This paper gives a new approach, in which different attributes sets of a user are still certified by different authorities, but the secret key corresponding to the attributes is generated by the central authority. In order to resolve key escrow problem, different authorities generate secret value for the user, but the central authority cannot obtain the secret value. We give a general construction for multi-authority attribute-based encryption scheme using a general attribute-based encryption scheme. Finally, we present a concrete attribute-based encryption scheme secure against the malicious authorities.

A Multi-Authority Attribute-Based Encryption System Against Malicious KGC

Attribute-based encryption scheme is a scheme in which each user is identified by a set of attributes, and some function of those attributes is used to determine decryption ability for each ciphertext. Similar with identity-based encryption scheme, attribute-based schemes are also confronted with key escrow problem. Furthermore, the attributes belonging to a user usually are monitored by different authorities. This paper resolves the two problems by using a general attribute-based encryption scheme and K-Sibling intractable function families. In our construction, different attributes sets of a user are still certified by different authorities, but the partial private keys corresponding to the attributes are generated by a central authority. Simultineously, different authorities jointly generate the users’ secret value which cannot be obtained by the central authority. Compared with general multi-authourity attributed-based encryption scheme, our approach has more efficiency.

A Generic Construction for Proxy Cryptography

Proxy cryptosystem allows the original decryptor to delegate his decryption capability to the proxy decryptor. Due to the extensive application of proxy cryptography, some schemes have been presented, but there are not a general model for proxy cryptography. In this paper, we give the first general model and security model for proxy-protected anonymous proxy cryptography in which only the proxy decryptor can decrypt the ciphertexts for the original decryptor. Finally we give one concrete scheme according to the model as example.

A generic construction for proxy signature scheme

In proxy signature, the original signer can delegate his signature power to the proxy signer. Due to the extensive application of proxy signature, some schemes have been presented, but there is not a general model for proxy signature scheme, especially for the scheme with good properties. In this paper, we give the first generic model and security model for proxy-protected anonymous proxy signature, in which only the proxy signer can sign the messages for the original signer. Finally, we give one concrete scheme according to the model as example.