Abstract ：

Dynamic symmetric searchable encryption (DSSE) allows clients to perform keyword searches and updates on encrypted databases outsourced to cloud servers. Ensuring forward privacy is a crucial security property for DSSE schemes to protect data privacy. However, existing forward-private DSSE schemes face significant limitations: they either rely on an honest-but-curious server, assuming it always returns correct search results without providing verification functionality, or they lack support for fine-grained attribute-based searches and access control. As a result, these schemes cannot be directly applied to attribute-based databases. In this paper, we propose the first verifiable forward-private DSSE scheme suitable for attribute-based databases. Specifically, we construct a secure index based on attribute elements to realize fine-grained searches on attribute-value type databases while ensuring the forward privacy of the scheme. We also design a novel verification tag using symmetric homomorphic encryption to verify the correctness of search results. In addition, our scheme achieves access control functionality to ensure that different users can only access authorized files. Experimental evaluations show that our scheme has advantage in the update, search and verification processes. And the security analysis proves our scheme is secure.

Keyword ：

Attribute-value type databases Forward privacy Verification Dynamic symmetric searchable encryption

Cite：

Copy from the list or Export to your reference management。

Abstract ：

Public key encryption with keyword search (PEKS) is able to enhance cloud data security. On the other hand, the existence of malicious cloud servers and untrusted central authorities, in addition the keyword space faces a low entropy, attackers often launch keyword guessing attacks (KGA), thereby leaking data privacy. Therefore, we use certificateless authentication and proxy re-encryption technology to construct a lattice-based verifiable PEKS scheme for Multi-Data Users (MDU). Certificateless authentication can ensure that our scheme does not require key escrow, and proxy re-encryption technology allows us to perform multi-user authorization and use the verification block for data users to ensure the integrity of search results. Security research proves that, under the assumption that the learning with errors (LWE) problem is hard, the ciphertext is indistinguishable and resistant to KGA. Results from experiments show that our scheme is significantly more effective than current schemes. Our scheme is based on proxy re-encryption concept, proposes a lattice-based verifiable public key encryption with keyword search that supports multi-user authorization in a certificateless environment. The scheme satisfies the ciphertext is indistinguishable and resists keyword guessing attacks under the assumption of the hardness of the learning with errors problem. image

Cite：

Copy from the list or Export to your reference management。

Abstract ：

Cloud services have attracted numerous enterprises, organizations, and individual users due to their exceptional computing power and almost limitless storage capacity. A vast amount of business data and private data are continuously uploaded to the cloud platform, driven by a series of attractive services offered by the cloud. Unfortunately, once data is uploaded to the cloud, its owner has no way of ensuring that it is actually deleted as intended. This obviously increases the concerns of data owners about the security of their data, because it is related to the privacy of users. Therefore, there must be a reliable solution to prove that data is deleted as requested by users, to prevent data leakage or abuse. In existing data deletion schemes, most are designed based on cryptographic knowledge rather than erasure or overwrite techniques, in order not to cause incalculable damage to the storage medium. However, most cryptographic-based data deletion schemes, particularly attribute-based encryption, involve numerous complex bilinear mapping operations, which are expensive for most devices. To address this issue, the paper proposes an Efficient and Verifiable Scheme for Secure Data Deletion (EVSD). Firstly, Elliptic Curve Cryptography (ECC) is introduced to achieve efficient encryption of data. Then, leveraging Linear Secret Sharing Scheme (LSSS), fine-grained data deletion policies supporting logical operations are implemented. Finally, the deletion of the data is efficiently verified using the root of the Merkle Hash Tree (MHT) generated by the defined illegal and legal attributes, while the deletion proof is also generated. Satisfactorily, security analysis shows that the EVSD scheme is much more advantageous compared to existing schemes, and a trait likewise is also observed in the performance evaluation.

Keyword ：

Attribute-based encryption Proof Cloud service Data delete

Cite：

Copy from the list or Export to your reference management。

Abstract ：

Secret sharing schemes are used as a tool in many cryptographic protocols including revocable electronic cash, electronic voting, cloud computing and key management in sensor networks. But the existing post-quantum secret sharing schemes are all based on Shamir’s (t, n) threshold scheme, there is currently no post-quantum secret sharing scheme based on the Chinese Remainder Theorem (CRT), so we construct a verifiable lattice-based secret sharing scheme using some number theory methods and interaction methods. Furthermore, we prove our scheme is safe in the post-quantum era. Finally, we compare our scheme with other schemes. And the comparison shows that our scheme is more efficient and occupies less memory. © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2024.

Keyword ：

lattice secret sharing post-quantum verifiable Chinese remainder theorem

Cite：

Copy from the list or Export to your reference management。

Abstract ：

As many countries have promulgated laws to protect users' data privacy, how to legally use users' data has become a hot topic. With the emergence of federated learning (FL) (also known as collaborative learning), multiple participants can create a common, robust, and secure machine learning model while addressing key issues in data sharing, such as privacy, security, accessibility, etc. Unfortunately, existing research shows that FL is not as secure as it claims, gradient leakage and the correctness of aggregation results are still key problems. Recently, some scholars try to address these security problems in FL by cryptography and verification techniques. However, there are some issues in this scheme that remain unsolved. First, some solutions cannot guarantee the correctness of the aggregation results. Second, existing state-of-the-art FL schemes have a costly computational and communication overhead. In this article, we propose SVFLC, a secure and verifiable FL scheme with chain aggregation to solve these problems. We first design a privacy-preserving method that can solve the problem of gradient leakage and defend against collusion attacks by semi-honest users. Then, we create a verifiable method based on a homomorphic hash function, which can ensure the correctness of the weighted aggregation results. Besides, the SVFLC can also track users who encounter calculation errors during the aggregation process. Additionally, the extensive experiment results on real-world data sets demonstrate that the SVFLC is efficient, compared with other solutions. © 2014 IEEE.

Keyword ：

privacy-preserving Federated learning (FL) verifiable chain aggregation homomorphic hash function

Cite：

Copy from the list or Export to your reference management。

Abstract ：

With the rapid advancement of edge computing technology and the widespread application of artificial intelligence, the deployment of neural network inference at the edge has garnered increasing significance. However, constrained by limitations in computational resources and security considerations, effectively verifying the correctness of neural network inference at the edge poses a formidable challenge. To address this challenge, this paper proposes a neural network inference verification framework based on the generalized GKR protocol, specifically tailored for edge deployment. Leveraging the bidirectional efficiency inherent in the generalized GKR protocol, this framework enables rapid and precise validation of neural network inference, thereby enhancing the reliability and security of edge-based neural network inference. Additionally, this paper tackles challenges encountered in designing the verification framework, such as handling model parameters and transforming non-linear functions, utilizing pertinent techniques. Finally, the effectiveness and performance of the framework are validated and analyzed through experimental verification.

Keyword ：

Machine learning Neural network Edge computing Verifiable computation

Cite：

Copy from the list or Export to your reference management。

Abstract ：

The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT's security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie-Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes.

Keyword ：

ciphertext-policy attribute-based encryption pairing-free access control Internet of Things

Cite：

Copy from the list or Export to your reference management。

Abstract ：

In the era emphasizing the privacy of personal data, verifiable federated learning has garnered significant attention as a machine learning approach to safeguard user privacy while simultaneously validating aggregated result. However, there are some unresolved issues when deploying verifiable federated learning in edge computing. Due to the constraint resources, edge computing demands cost saving measurements in model training such as model pruning. Unfortunately, there is currently no protocol capable of enabling users to verify pruning results. Therefore, in this paper, we introduce PrVFL, a verifiable federated learning framework that supports model pruning verification and heterogeneous edge computing. In this scheme, we innovatively utilize zero-knowledge range proof protocol to achieve pruning result verification. Additionally, we first propose a heterogeneous delayed verification scheme supporting the validation of aggregated result for pruned heterogeneous edge models. Addressing the prevalent scenario of performance-heterogeneous edge clients, our scheme empowers each edge user to autonomously choose the desired pruning ratio for each training round based on their specific performance. By employing a global residual model, we ensure that every parameter has an opportunity for training. The extensive experimental results demonstrate the practical performance of our proposed scheme. IEEE

Keyword ：

Federated learning zero-knowledge proof Privacy Computational modeling Edge computing Servers Training Protocols verification model pruning heterogeneous edge

Cite：

Copy from the list or Export to your reference management。

Abstract ：

To solve the problems of vote forgery and malicious election of candidate nodes in the Raft consensus algorithm, we combine zero trust with the Raft consensus algorithm and propose a secure and efficient consensus algorithm -Verifiable Secret Sharing Byzantine Fault Tolerance Raft Consensus Algorithm (VSSB-Raft). The VSSB-Raft consensus algorithm realizes zero trust through the supervisor node and secret sharing algorithm without the invisible trust between nodes required by the algorithm. Meanwhile, the VSSB-Raft consensus algorithm uses the SM2 signature algorithm to realize the characteristics of zero trust requiring authentication before data use. In addition, by introducing the NDN network, we redesign the communication between nodes and guarantee the communication quality among nodes. The VSSB-Raft consensus algorithm proposed in this paper can make the algorithm Byzantine fault tolerant by setting a threshold for secret sharing while maintaining the algorithm ' s complexity to be O(n). Experiments show that the VSSB-Raft consensus algorithm is secure and efficient with high throughput and low consensus latency.

Keyword ：

Blockchain secret sharing Byzantine fault tolerance zero trust consensus algorithm

Cite：

Copy from the list or Export to your reference management。

Abstract ：

A verifiable visually meaningful image encryption algorithm based on compressive sensing and (t, n)-threshold secret sharing is proposed. Firstly, the plain image is compressed and encrypted by 2D block compressive sensing to obtain the pre-encrypted image. During this process, the enhanced logistic map and the enhanced tent map are used to generate the measurement matrix and the permutation sequence, respectively. Secondly, multiple shadow images of the pre-encrypted image are generated by using the (t, n)-threshold secret sharing scheme, and then each shadow image is further encrypted by using the encryption matrix generated by the chaotic system. Meanwhile, the signatures of the shadow images are obtained by using RSA signature algorithm. Finally, the shadow images and their corresponding signatures are embedded into the carrier image to generate the cipher image with high visual quality by using the LSB method. Additionally, the present algorithm can resist known-plaintext and chosen-plaintext attacks by incorporating the hash value of the plain image as part of the key. Meanwhile, the use of 2D block compressive sensing significantly reduces the reconstruction time. Simulation results demonstrate that the proposed algorithm achieves excellent decryption quality and operational efficiency. © 2024 IOP Publishing Ltd.

Keyword ：

visually meaningful image encryption RSA compressive sensing (t, n)-threshold secret sharing

Cite：

Copy from the list or Export to your reference management。