Open Access Issue
tsrCert: Traceable Self-Randomization Certificate and Its Application to Blockchain Supervision
Tsinghua Science and Technology 2023, 28 (6): 1128-1147
Published: 28 July 2023

Traditional public key infrastructure (PKI) only provides authentication for network communication, and the standard X.509 certificate used in this architecture reveals the user’s identity. This lack of privacy protection no longer satisfies the increasing demands for personal privacy. Though an optimized anonymous PKI certificate realizes anonymity, it has the potential to be abused due to the lack of identity tracking. Therefore, maintaining a balance between user anonymity and traceability has become an increasing requirement for current PKI. This paper introduces a novel traceable self-randomization certificate authentication scheme based on PKI architecture that achieves both anonymity and traceability. We propose a traceable self-randomization certificate authentication scheme based on the short randomizable signature. Specifically, certificate users can randomize the initial certificate and public key into multiple anonymous certificates and public keys by themselves under the premise of traceability, which possesses lower computational complexity and fewer interactive operations. Users can exhibit different attributes of themselves in different scenarios, randomizing the attributes that do not necessarily need to be displayed. Through security and performance analysis, we demonstrate the suitability of the improved PKI architecture for practical applications. Additionally, we provide an application of the proposed scheme to the permissioned blockchain for supervision.

Open Access Issue
Revocable Hierarchical Identity-Based Broadcast Encryption
Tsinghua Science and Technology 2018, 23 (5): 539-549
Published: 17 September 2018

Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.

Regular Paper Issue
Lightweight and Manageable Digital Evidence Preservation System on Bitcoin
Journal of Computer Science and Technology 2018, 33 (3): 568-586
Published: 11 May 2018

An effective and secure system used for evidence preservation is essential to possess the properties of anti-loss, anti-forgery, anti-tamper and perfect verifiability. Traditional architecture which relies on centralized cloud storage is depressingly beset by the security problems such as incomplete confidence and unreliable regulation. Moreover, an expensive, inefficient and incompatible design impedes the effort of evidence preservation. In contrast, the decentralized blockchain network is qualified as a perfect replacement for its secure anonymity, irrevocable commitment, and transparent traceability. Combining with subliminal channels in blockchain, we have weaved the transaction network with newly designed evidence audit network. In this paper, we have presented and implemented a lightweight digital evidence-preservation architecture which possesses the features of privacy-anonymity, audit-transparency, function-scalability and operation-lightweight. The anonymity is naturally formed from the cryptographic design, since the cipher evidence under encrypted cryptosystem and hash-based functions leakages nothing to the public. Covert channels are efficiently excavated to optimize the cost, connectivity and security of the framework, transforming the great computation power of Bitcoin network to the value of credit. The transparency used for audit, which relates to the proof of existence, comes from instant timestamps and irreversible hash functions in mature blockchain network. The scalability is represented by the evidence chain interacted with the original blockchain, and the extended chains on top of mainchain will cover the most of auditors in different institutions. And the lightweight, which is equal to low-cost, is derived from our fine-grained hierarchical services. At last, analyses of efficiency, security, and availability have shown the complete accomplishment of our system.

total 3