The security analysis of the BB84 protocol in the case of Calderbank–Shor–Steane code leakage

Quantum key distribution (QKD) allows authenticated parties to share secure keys. Its security comes from quantum physics rather than computational complexity. The previous work has been able to demonstrate the security of the BB84 protocol based on the uncertainty principle, entanglement purification and information theory. In the security proof method based on entanglement purification, it is assumed that the information of Calderbank–Shor–Steane (CSS) error correction code cannot be leaked, otherwise, it is insecure. However, there is no quantitative analysis of the relationship between the parameter of CSS code and the amount of information leaked. In the attack and defense strategy of the actual quantum key distribution system, especially in the application of the device that is easy to lose or out of control, it is necessary to assess the impact of the parameter leakage. In this paper, we derive the relationship between the leaked parameter of CSS code and the amount of the final key leakage based on the BB84 protocol. Based on this formula, we simulated the impact of different CSS code parameter leaks on the final key amount. Through the analysis of simulation results, the security of the BB84 protocol is inversely proportional to the value of [Formula: see text] and [Formula: see text] in the case of the CSS code leak.

Enabling efficient traceable and revocable time-based data sharing in smart city

With the assistance of emerging techniques, such as cloud computing, fog computing and Internet of Things (IoT), smart city is developing rapidly into a novel and well-accepted service pattern these days. The trend also facilitates numerous relevant applications, e.g., smart health care, smart office, smart campus, etc., and drives the urgent demand for data sharing. However, this brings many concerns on data security as there is more private and sensitive information contained in the data of smart city applications. It may incur disastrous consequences if the shared data are illegally accessed, which necessitates an efficient data access control scheme for data sharing in smart city applications with resource-poor user terminals. To this end, we proposes an efficient traceable and revocable time-based CP-ABE (TR-TABE) scheme which can achieve time-based and fine-grained data access control over large attribute universe for data sharing in large-scale smart city applications. To trace and punish the malicious users that intentionally leak their keys to pursue illicit profits, we design an efficient user tracing and revocation mechanism with forward and backward security. For efficiency improvement, we integrate outsourced decryption and verify the correctness of its result. The proposed scheme is proved secure with formal security proof and is demonstrated to be practical for data sharing in smart city applications with extensive performance evaluation.

Linkable Ring Signature Scheme Using Biometric Cryptosystem and NIZK and Its Application

Biometric encryption, especially based on fingerprint, plays an important role in privacy protection and identity authentication. In this paper, we construct a privacy-preserving linkable ring signature scheme. In our scheme, we utilize a fuzzy symmetric encryption scheme called symmetric keyring encryption (SKE) to hide the secret key and use non-interactive zero-knowledge (NIZK) protocol to ensure that we do not leak any information about the message. Unlike the blind signature, we use NIZK protocol to cancel the interaction between the signer (the prover) and the verifier. The security proof shows that our scheme is secure under the random oracle model. Finally, we implement it on a personal computer and analyze the performance of the constructed scheme in practical terms. Based on the constructed scheme and demo, we give an anonymous cryptocurrency transaction model as well as mobile demonstration.

Efficient and Secure Cross-Domain Sharing of Blockchain Electronic Medical Records Based on Edge Computing

In this article, we analysed the problems of electronic medical records (EMRs) and found that the EMRs generated by different hospitals for the same patient are mutually independent and duplication and data sharing are difficult among hospitals. In order to solve this problem, this paper proposes an efficient and secure cross-domain sharing scheme of EMRs based on edge computing. The program allows the doctor to access the personal history EMRs through the patient’s authorization so that the doctor can understand the patient’s history of illness and, on this basis, generate a new medical record for the patient. Then, the doctor sends the EMRs to the edge server, and the server calculates the ciphertext and adds it to the patient’s personal medical record to complete the case update. Analysis shows that this solution can effectively prevent data tampering and forgery through blockchain and avoid privacy leakage problems in plaintext sharing by using searchable encryption and by relying on edge servers to solve nearby computing tasks and divert the computing capacity of cloud servers to improve efficiency. The security proof shows that the scheme satisfies the complex problem of the BDH assumption. Performance analysis shows that the scheme is feasible and efficient.

Permutation-Based Lightweight Authenticated Cipher with Beyond Conventional Security

Lightweight authenticated ciphers are specially designed as authenticated encryption (AE) schemes for resource-constrained devices. Permutation-based lightweight authenticated ciphers have gained more attention in recent years. However, almost all of permutation-based lightweight AE schemes only ensure conventional security, i.e., about c / 2 -bit security, where c is the capacity of the permutation. This may be vulnerable for an insufficiently large capacity. This paper focuses on the stronger security guarantee and the better efficiency optimization of permutation-based lightweight AE schemes. On the basis of APE series (APE, APE R I , APE O W , and APE C A ), we propose a new improved permutation-based lightweight online AE mode APE + which supports beyond conventional security and concurrent absorption. Then, we derive a simple security proof and prove that APE + enjoys at most about min r , c -bit security, where r is the rate of the permutation. Finally, we discuss the properties of APE + on the hardware implementation.

pKAS: A Secure Password-Based Key Agreement Scheme for the Edge Cloud

For the simplicity and feasibility, password-based authentication and key agreement scheme has gradually become a popular way to protect network security. In order to achieve mutual authentication between users and edge cloud servers during data collection, password-based key agreement scheme has attracted much attention from researchers and users. However, security and simplicity are a contradiction, which is one of the biggest difficulties in designing a password-based key agreement scheme. Aimed to provide secure and efficient key agreement schemes for data collecting in edge cloud, we propose an efficient and secure key agreement in this paper. Our proposed scheme is proved by rigorous security proof, and the proposed scheme can be protected from various attacks. By comparing with other similar password-based key agreement schemes, our proposed scheme has lower computational and communication costs and has higher security.

Simple security proofs for continuous variable quantum key distribution with intensity fluctuating sources

Despite tremendous theoretical and experimental progress in continuous variable (CV) quantum key distribution (QKD), the security has not been rigorously established for most current continuous variable quantum key distribution systems that have imperfections. Among these imperfections, intensity fluctuation is one of the principal problems affecting security. In this paper, we provide simple security proofs for continuous variable quantum key distribution systems with intensity fluctuating sources. Specifically, depending on device assumptions in the source, the imperfect systems are divided into two general cases for security proofs. In the most conservative case, we prove the security based on the tagging idea, which is a main technique for the security proof of discrete variable quantum key distribution. Our proofs are simple to implement without any hardware adjustment for current continuous variable quantum key distribution systems. Also, we show that our proofs are able to provide secure secret keys in the finite-size scenario.

Stream privacy amplification for quantum cryptography

Privacy amplification is the key step to guarantee the security of quantum communication. The existing security proofs require accumulating a large number of raw key bits for privacy amplification. This is similar to block ciphers in classical cryptography that would delay the final key generation since an entire block must be accumulated before privacy amplification. Moreover, any leftover errors after information reconciliation would corrupt the entire block. By modifying the security proof based on quantum error correction, we develop a stream privacy amplification scheme, which resembles the classical stream cipher, to solve the problems of final key generation delay and error spread. The stream scheme can also help to enhance the security of trusted-relay quantum networks. Inspired by the connection between stream ciphers and quantum error correction in our security analysis, we further develop a generic information-theoretic tool to study the security of classical encryption algorithms.

Sigma Identification Protocol Construction Based on MPF

A new sigma identification protocol (SIP) based on matrix power function (MPF) defined over the modified medial platform semigroup and power near-semiring is proposed. It is proved that MPF SIP is resistant against direct and eavesdropping attacks. Our security proof relies on the assumption that MPF defined in the paper is a candidate for one-way function (OWF). Therefore, the corresponding MPF problem is reckoned to be a difficult one. This conjecture is based on the results demonstrated in our previous studies, where a certain kind of MPF problem was proven to be NP-complete.

Efficient access control with traceability and user revocation in IoT

With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.