Baocang Wang

• Xidian University

Secure Multi-party Computation (MPC) is a highly active research field, with Private Set Intersection (PSI) being a classic subtopic within it. However, simple intersection computation is insufficient for many real-world scenarios, leading to the development of various PSI variant protocols. In this context, we propose a cloud-based multi-party pri...

Universal composability (UC) is a primary security flavor for designing oblivious transfer (OT) due to its advantage of arbitrary composition. However, the study of UC-secure OT over lattices is still far behind compared with constructions over prequantum assumptions. Relying on the learning with errors (LWE) assumption, Quach proposes a dual-mode...

Lattice-based cryptographic regimes are the most promising quantum-resistant cryptographic algorithms, whose security depends on the difficulty of the SVP. Enumeration algorithms are the most basic and hopeful algorithms instantiated for solving SVPs, and are often used in public key cryptanalysis or as subroutines of lattice reduction algorithms....

Convolutional Neural Networks (CNNs) possess extensive applicability across diverse domains, particularly in the realm of image recognition. In light of the advent of machine learning as a service, the utilization of a well-trained CNN model by servers to execute image classification based on user queries has become a significant service, catering...

Most of the current federated learning schemes aimed at safeguarding privacy exhibit vulnerability to collusion attacks and lack a verification mechanism for participants to consolidate the aggregation results of the parameter server, leading to privacy breaches for users and inaccurate model training outcomes. In order to address these issues, we...

In the past few years, online taxi-hailing services have gained acceptance as a convenient way to travel and are becoming increasing popular. However, privacy concerns come into being along with the online taxi-hailing service. Most of the existing privacy-preserving online taxi-hailing systems rely on a central third party to manage the whole syst...

Public-key encryption with equality test (PKEET) provides cloud servers with an effective way to check the equality of outsourced encrypted data without decryption. This enables PKEET to attract much attention and be widely researched in cloud computing. However, we claim that the existing PKEET schemes suffer from an inherited problem, called mess...

Since traditional federated learning algorithms cannot provide sufficient privacy guarantees, an increasing number of approaches apply local differential privacy (LDP) techniques to federated learning to provide strict privacy guarantees. However, the privacy budget heavily increases proportionally with the dimension of the parameters, and the larg...

The unique characteristics of frescoes on overseas Chinese buildings can attest to the integration and historical background of Chinese and Western cultures. Reasonable analysis and preservation of overseas Chinese frescoes can provide sustainable development for culture and history. This research adopts image analysis technology based on artificia...

Federated learning is a distributed machine learning framework, which allows users to save data locally for training without sharing data. Users send the trained local model to the server for aggregation. However, untrusted servers may infer users’ private information from the provided data and mistakenly execute aggregation protocols to forge aggr...

Ateniese et al. (PKC 2011) introduced the concept of size-hiding private set intersection (SHI-PSI) and proposed a construction for two parties. The SHI-PSI protocol protects the privacy of input set content and better guarantees the privacy of the client set size. However, more practical protocols in multi-party scenarios have remained a research...

In the data era, to simultaneously relieve the heavy computational burden of mining data information from data owners and protecting data privacy, privacy-preserving frequent itemset mining (PPFIM) is presented and has attracted much attention. In PPFIM, data owners and miners outsource the complex task of data mining to the cloud server, which sup...

As a popular machine learning method, federated learning (FL) can effectively solve the issues of data silos and data privacy. However, traditional federated learning schemes cannot provide sufficient privacy protection. Furthermore, most secure federated learning schemes based on local differential privacy (LDP) ignore an important issue: they do...

In Addition-Rotation-Xor (ARX) ciphers, the large domain size obstructs the application of the boomerang connectivity table. In this paper, we explore the problem of computing this table for a modular addition and the automatic search of boomerang characteristics for ARX ciphers. We provide dynamic programming algorithms to efficiently compute this...

Federated learning is a distributed learning helpful approach for resolving data privacy concerns and eliminating data silos. Homomorphic encryption is a vital technology for preserving user privacy in Federated learning, and current studies are mainly concentrated on a single key environment. However, if one user key is exposed in a single key env...

Confronted with severe challenges from quantum computers on public-key cryptography based on traditional number theory, post-quantum cryptography (PQC) has received a substantial amount of attentions. However, suffering from time-consuming polynomial operations, most post-quantum schemes cannot be really applied in practice, especially in high-conc...

The collection of users’ near-real-time electricity consumption data brings advantages to the operation of smart grids, while raising some security and privacy issues. Multiple privacy preserving data aggregation schemes have been proposed to address these problems. However, most schemes only focus on the aggregation of electricity consumption data...

As a classifier, support vector machine (SVM) explains a core problem of machine learning, namely sample classification in statistical terms. It has been widely used in machine learning, data mining, pattern recognition, and other fields. With the wide applications of SVMs in machine learning and big data, privacy protection of sensitive data in SV...

In a traditional health system, it merely depends on doctors’ initiative reports to discover infectious diseases, which causes late responses from the Center for Disease Control (CDC) and therefore may result in snowballed loss of lives and economy. Sometimes, the disease has spread when doctors realize it is infectious, and the CDC has to invest m...

Industrial Internet of Things (IIoT) is gradually changing the mode of traditional industries with the rapid development of big data. Besides, thanks to the development of deep learning, it can be used to extract useful knowledge from the large amount of data in the IIoT to help improve production and service quality. However, the lack of large-sca...

Proposed in CT-RSA’2017, WEM is a family of white-box block ciphers based on the Even-Mansour structure and AES. Due to its elegant structure and impressive performance, WEM is a prominent primitive in white-box cryptography-oriented scenarios like digital rights management (DRM) and mobile payment. In this paper, we focus on the black-box key-reco...

As an access control technology of digital material, digital rights management systems have a profound effect on the copyright protection of digital content. To address the threat of key exposure, applying white‐box ciphers is effective to provide a security guarantee for digital rights management systems. SPNbox, proposed at Asiacrypt’16 is such a...

Multi-key fully homomorphic encryption (MFHE) supports arbitrary meaningful computations on encrypted data under different public keys even without access to the secret key, which is well tailored for the secure multiparty computation scenarios. Based on the Gentry–Sahai–Waters scheme (a single-key FHE in Crypto 2013) with the underlying learning w...

As an emerging joint learning model, federated learning is a promising way to combine model parameters of different users for training and inference without collecting users’ original data. However, a practical and efficient solution has not been established in previous work due to the absence of efficient matrix computation and cryptography scheme...

In cloud computing scenarios, it is a common approach to encrypt the data before uploading in order to maintain the privacy. Public key encryption with equality test (PKEET) provides a generic solution to equality comparisons on encrypted data. Considering the practical requirements of PKEET in group user scenarios, Ling et al. presented a group pu...

The COVID-19 pandemic has severely affected daily life and caused a great loss to the global economy. Due to the very urgent need for identifying close contacts of confirmed patients in the current situation, the development of automated contact tracing app for smart devices has attracted more attention all over the world. Compared with expensive m...

As one of the important ways in data mining, the association rule mining is to analyze the correlation of transactions based on massive data and mine the hidden valuable information. However, excessive data collection and analysis might lead to the privacy leakage of user data and the damage of data integrity. Meanwhile, in the existing privacy-pre...

With the rapid development of machine learning in the medical cloud system, cloud-assisted medical computing provides a concrete platform for remote rapid medical diagnosis services. Support vector machine (SVM), as one of the important algorithms of machine learning, has been widely used in the field of medical diagnosis for its high classificatio...

Nowadays, tremendous information technology industries resort to cloud servers to store data with an outsourcing approach to extend their storage and computation power. This, however, also leads to privacy and security issues of unprotected data against curious cloud servers. The most common solution currently is to encrypt the data before uploadin...

Linear regression is an ordinary machine learning algorithm that models the relation between the input values and the output ones with underlying linear functions. Giacomelli et al. (ACNS 2018) proposed the first system training the linear regression model over the rational numbers using only linearly homomorphic encryption. However, we find their...

Lattice-based key exchange protocols have attracted tremendous attention for its post-quantum security. In this work, we construct a Module-LWE-based key exchange protocol using Peikert’s error reconciliation mechanism. Compared with Kyber.KE, our key exchange protocol reduces the total communication cost by 96-byte, i.e., 3.2%∼6.1%, under the diff...

The \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\textit{K}$$\end{document}-nearest neighbor (\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym}...

Based on the ElGamal cryptosystem, Bae et al. (J. Netw. Comput. Appl., vol. 59, pp. 333–344, 2016) proposed a new homomorphic encryption algorithm to reduce the network traffic and data processing time brought by their data communication and aggregation scheme. However, there is no security analysis of this encryption algorithm in their scheme. In...

Privacy protection during collaborative distributed association rule mining is an important research, which has been widely used in market prediction, medical research and other fields. In medical research, Domadiya et al. (Sadhana 43(8):127, 2018) focused on mining association rules from horizontally distributed healthcare data to diagnose heart d...

Fully homomorphic encryption (FHE) allows direct computations over the encrypted data without access to the decryption. Hence multi-key FHE is well suitable for secure multiparty computation. Recently, Brakerski et al. (TCC 2019 and EUROCRYPT 2020) utilized additively homomorphic encryption to construct FHE schemes with different properties. Motiva...

Attribute-based encryption (ABE) is a promising management method that enables fine-grained access control in large-scale systems. Revocable ABE (RABE) can support a key revocation mechanism in an ABE system. With the advent of the Internet of Things, users may need to delegate their decryption capacity to other devices, which requires that RABE me...

Identity-based revocation system (IBRS) generates the ciphertext with a revoked identity list such that only the non-revoked identities can use their private keys to decrypt this ciphertext. IBRS can be efficiently applied in some practical applications, such as the pay-TV systems when the number of revoked identities are much less than the non-rev...

Attribute-based encryption (ABE) can support a fine-grained access control to encrypted data. When the user’s secret-key is compromised, the ABE system has to revoke its decryption privileges to prevent the leakage of encrypted data. Although there are many constructions about revocable ABE from bilinear maps, the situation with lattice-based const...

Attribute‐based encryption (ABE) supports fine‐grained sharing of encrypted data so that it can be used in a plenty of application scenarios, and many constructions of ABE scheme have been presented. The first arithmetic circuit ABE system was proposed by Boneh, Gentry, Gorbunov et al. (BGG⁺ 14) in Eurocrypt 2014. It is one of the major candidates...

Identity-based broadcast encryption (IBBE) enables a sender to broadcast a message to multiple identities efficiently. Nevertheless, since IBBE is based on identity-based cryptography (IBC), it suffers from the inherent key escrow problem. As a consequence, not only the user knows its private key, but also the private key generator (PKG). This prop...

Distributed private key generators (PKGs) in identity-based encryption (IBE) is a viable approach to mitigate the inherent key escrow problem, where the user’s private key is generated by multiple PKGs, and hence, there is no single PKG can impersonate the user. Nevertheless, these PKGs can still collude to generate a user’s private key and auction...

Attribute-based encryption (ABE) is an active research area in the public-key cryptography. Among large amount of ABE schemes, the scheme GVW’13 (STOC13) is an well-known candidate for realizing ABE via lattice mechanism, whose security relies on learning with errors (LWE). This ABE scheme has very exquisite structure, and its crucial component lie...

Accountable authority identity-based encryption (A-IBE), as an attractive way to guarantee the user privacy security, enables a malicious private key generator (PKG) to be traced if it generates and re-distributes a user private key. Particularly, an A-IBE scheme achieves full black-box security if it can further trace a decoder box and is secure a...

For the decryption of the fully homomorphic encryption (FHE) over the integers with the message space ZQ , Nuida and Kurosawa proposed a Q4λ -multiplicative-degree circuit to compute it at Eurocrypt 2015, where λ is the security parameter and the message size Q is a constant. Since the degree of the decryption circuit is polynomial in Q , the range...

NTRU is a fast public key cryptosystem remaining unbroken. However, there is no known worst-to-average reduction for the original NTRU cryptosystem. Several provably secure NTRU modifications such as NAEP, pNE and NTRUCCA were proposed in the literature at the cost of inefficiency in encryption/decryption and enlarged ciphertext expansion. NAEP com...

Public key cryptography is an important technique to resolve the security issues in computer communication networks. In some scenarios, a public key cryptosystem with double trapdoor decryption mechanism is desired. Previous known public key cryptosystems with double trapdoor decryption mechanism achieve no standard semantic security goals against...

Key-dependent message (KDM) security should be considered in the design of security protocols, especially for complicated ones, where the messages related to the secret key might be encrypted. In this paper, we present a new method of constructing a KDM secure asymmetric encryption scheme with the notation of hybrid encryption in the standard model...

Certificateless public key cryptography (CL-PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL-PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be certificated by certif...

Key-dependent message (KDM) security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal cipher model (ICM); we prove that our scheme is KDM secure against active attacks with respect to arbitrary polynomialtime challenge fu...

The F5 algorithm [8] is generally believed as one of the fastest algorithms for computing Gröbner bases. However, its termination problem is still unclear. The crux lies in the non-determinacy of the F5 in selecting which from the critical pairs of the same degree. In this paper, we construct a generalized algorithm F5GEN which contain the F5 as it...

A certificateless public key cryptosystem can make a special contribution to building key distribution and management architecture in resource-constrained mobile ad hoc networks (MANETs) because it has no separate certificate and no complex certificate management problems. In this paper, we present a virtual private key generator (VPKG)-based escro...

To design an efficient post-quantum linearly homomorphic signature scheme, using the pre-image sampling function, a lattice-based linearly homomorphic signature scheme over a binary field is proposed in this paper. Linear homomorphism is achieved through the homomorphism of the lattice-based hash function used in the proposed signature scheme. It i...

Self-organizing group key agreement protocols without a centralized administrator are essential to secure group communication in dynamic peer systems. In this paper, we propose a generic construction of a one-round self-organizing group key agreement protocol based on the Chinese Remainder Theorem. In the proposed construction, all group members co...

The F5 algorithm is generally believed as one of the fastest algorithms for computing Gr\"{o}bner bases. However, its termination problem is still unclear. Recently, an algorithm GVW and its variant GVWHS have been proposed, and their efficiency are comparable to the F5 algorithm. In the paper, we clarify the concept of an admissible module order....

An identity-based cryptosystem can make a special contribution to building key distribution and management architectures in resource-constrained mobile ad hoc networks since it does not suffer from certificate management problems. In this paper, based on a lightweight cryptosystem, elliptic curve cryptography (ECC), we propose an identity-based dis...

Knapsack-type cryptosystems were among the first public-key cryptographic schemes to be invented. Their NP-completeness nature and the high speed in encryption/decryption made them very attractive. However, these cryptosystems were shown to be vulnerable to the low-density subset-sum attacks or some key-recovery attacks. In this paper, additive kna...

Combinatorial problems serve as an important resource for developing practical public key cryptosystems and several combinatorial cryptosystems have been proposed in the cryptographic community. In this paper, a combinatorial public key cryptosystem is proposed. The security of the proposed cryptosystem is dependent on a combinatorial problem invol...

Murakami and Nasako proposed a knapsack public key cryptosystem in 2008. They claimed that their proposal is secure against some known attacks. In this paper, we propose a cryptanalytic attack on the cryptosystem. We use a heuristic method to show that the secret key can be recovered with lattice reduction algorithms. Hence, their construction is i...

Traditional public-key cryptosystems suffer from a relatively low encryption/decryption speed, which hampers their applications in resource-constrained environments. A fast public-key cryptosystem is proposed to remedy this drawback. The new algorithm uses Chinese remainder theorem to hide the trapdoor information. The encryption of the system only...

A new knapsack type public key cryptosystem is proposed by constructing an easy knapsack problem. The cryptosystem is shown to be secure against Shamir's key recovery attack in that it does not use a super-increasing knapsack sequence in the construction process. The cryptosystem is also invulnerable to low density attack in that it obtains a relat...

NTRUSign, a digital signature scheme, is suffering an effective attack. In this correspondence, we insert a new perturbation into NTRUSign primitive. With the new perturbation, each signature value is a linear combination of the private keys, and the combination coefficients have a hidden distribution. By a large number of signatures, the attacker...

Knapsack-based cryptosystems had been viewed as the most attractive and the most promising asymmetric cryptographic algorithms for a long time due to their NP-completeness nature and high speed in encryption/decryption. Unfortunately, most of them are broken for the low-density feature of the underlying knapsack problems. In this paper, we investig...

The security of the RSA system with the prime pairs of some special form is investigated. A new special-purpose algorithm for factoring RSA numbers is proposed. The basic idea of the method is to factor RSA numbers by factoring a well-chosen quadratic polynomial with integral coefficients. When viewed as a general-purpose algorithm, the new algorit...

This paper presents a new method for resynchronization attack, which is the combination of the differential cryptanalysis and algebraic attack. By using the new method one gets a system of linear equations or low-degree equations about initial keys, and the solution of the system of equations results in the recovery of the initial keys. This method...

At ACISP 2000, H. Yoo etc. proposed a public key cryptosystem using matrices over a ring, which was analyzed using lattice basis reduction algorithms by Youssef etc. at ACISP 2001. In this paper, another attack, namely Diophantine approximation attack, is presented. It is shown that the decryption of the cryptosystem can be transformed into solvin...

A new fast public key cryptosystem is proposed, which is based on two dissimilar number-theoretic hard problems, namely the simultaneous Diophantine approximation problem and integer factorisation problem. The adversary has to solve the two hard problems simultaneously to recover the plaintext according to their knowledge about the public keys and...