Big Data and Security: First International Conference, ICBDS 2019, Nanjing, China, December 20–22, 2019, Revised Selected Papers [1st ed.] 9789811575297, 9789811575303

Citation preview

Yuan Tian Tinghuai Ma Muhammad Khurram Khan (Eds.)

Communications in Computer and Information Science

1210

Big Data and Security First International Conference, ICBDS 2019 Nanjing, China, December 20–22, 2019 Revised Selected Papers

Communications in Computer and Information Science Commenced Publication in 2007 Founding and Former Series Editors: Simone Diniz Junqueira Barbosa, Phoebe Chen, Alfredo Cuzzocrea, Xiaoyong Du, Orhun Kara, Ting Liu, Krishna M. Sivalingam, Dominik Ślęzak, Takashi Washio, Xiaokang Yang, and Junsong Yuan

Editorial Board Members Joaquim Filipe Polytechnic Institute of Setúbal, Setúbal, Portugal Ashish Ghosh Indian Statistical Institute, Kolkata, India Igor Kotenko St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia Raquel Oliveira Prates Federal University of Minas Gerais (UFMG), Belo Horizonte, Brazil Lizhu Zhou Tsinghua University, Beijing, China

1210

More information about this series at http://www.springer.com/series/7899

Yuan Tian Tinghuai Ma Muhammad Khurram Khan (Eds.) •

•

Big Data and Security First International Conference, ICBDS 2019 Nanjing, China, December 20–22, 2019 Revised Selected Papers

123

Editors Yuan Tian Nanjing Institute of Technology Nanjing, China Muhammad Khurram Khan King Saud University Riyadh, Saudi Arabia

Tinghuai Ma Nanjing University of Information Science and Technology Nanjing, China

ISSN 1865-0929 ISSN 1865-0937 (electronic) Communications in Computer and Information Science ISBN 978-981-15-7529-7 ISBN 978-981-15-7530-3 (eBook) https://doi.org/10.1007/978-981-15-7530-3 © Springer Nature Singapore Pte Ltd. 2020 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd. The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore

Preface

This volume contains the papers from the First International Conference on Big Data and Security (ICBDS 2019). The event was held in Nanjing, China, and was organized by Nanjing Institute of Technology, Oulu University, King Saud University, Curtin University, JiangSu Computer Society, Nanjing University of Posts and Telecommunications, and IEEE Broadcast Technology Society. ICBDS 2019 brings experts and researchers together from all over the world to discuss the current status and potential ways to address security and privacy regarding the use of Big Data systems. Big Data systems are complex and heterogeneous. Due to its extraordinary scale and the integration of different technologies, new security and privacy issues are introduced and must be properly addressed. The ongoing digitalization of the business world is putting companies and users at risk of cyber attacks more than ever before. Big Data analysis has the potential to offer protection against these attacks. Participation in workshops on specific topics of the conference is expected to achieve progress, global networking in transferring, and exchanging ideas. The selected papers come from researchers based in several countries including China, Australia, Finland, Saudi Arabia, the UAE, and Pakistan. The highly diversified audience gave us the opportunity to achieve a good level of understanding of the mutual needs, requirements, and technical means available in this field of research. The topics presented in the first edition of this event include the following fields connected to Big Data: Security in Blockchain, IoT Security, Security in Cloud and Fog Computing, Artificial Intelligence/Machine Learning Security, Cybersecurity, and Privacy. We received 251 submissions and accepted 49 papers. All the accepted papers were peer reviewed by three qualified reviewers chosen from our Technical Program Committee based on their qualifications and experience. The proceedings editors wish to thank the dedicated Scientific Committee members and all the other reviewers for their efforts and contributions. We also thank Springer for their trust and for publishing the proceedings of ICBDS 2019. May 2020

Tinghuai Ma Çetin Kaya Koç Yi Pan Muhammad Khurram Khan Markku Oivo Yuan Tian

Organization

Honorary Chairs Guojun Shi Jinfei Shi

Nanjing Institute of Technology, China Nanjing Institute of Technology, China

General Chairs Tinghuai Ma Yi Pan Muhammad Khurram Khan Markku Oivo Yuan Tian

Nanjing University of Information Science and Technology, China Georgia State University, USA King Saud University, Saudi Arabia University of Oulu, Finland Nanjing Institute of Technology, China

Technical Program Chairs Victor S. Sheng Zhaoqing Pan

University of Central Arkansas, USA Nanjing University of Information Science and Technology, China

Technical Program Committee Members Eui-Nam Huh Teemu Karvonen Heba Abdullataif Kurdi Omar Alfandi Dongxue Liang Mohammed Al-Dhelaan Päivi Raulamo-Jurvanen Zeeshan Pervez Adil Mehmood Khan Wajahat Ali Khan Qiaolin Ye Pertti Karhapää Farkhund Iqbal Muhammad Ovais Ahmad Lejun Zhang Linshan Shen Ghada Al-Hudhud Lei Han Tang Xin

Kyung Hee University, South Korea University of Oulu, Finland Massachusetts Institute of Technology, USA Zayed University, UAE Tsing Hua University, China King Saud University, Saudi Arabia University of Oulu, Finland University of the West of Scotland, UK Innopolis University, Russia Kyung Hee University, South Korea Nanjing Forestry University, China University of Oulu, Finland Zayed University, UAE Karlstad University, Sweden Yangzhou University, China Harbin Engineering University, China King Saud University, Saudi Arabia Nanjing Institute of Technology, China University of International Relations, China

viii

Organization

Zeeshan Pervez Mznah Al Rodhaan Zhenjian Yao Thant Zin Oo Mohammad Rawashdeh Alia Alabdulkarim Elina Annanperä Soha Zaghloul Mekki Basmah Alotibi Mariya Muneeb Maryam hajakbari Miada Murad Pilar Rodríguez Zhiwei Wang Rand. J Jiagao Wu Mohammad Mehedi Hassan Weipeng Jing Yu Zhang Nguyen H. Tran Hang Chen Sarah alkharji Chunguo Li Xiaohua Huang Babar Shah Tianyang Zhou Manal Hazazi Jiagao Wu Markus Kelanti Amiya Kumar Tripathy Shaoyong Guo Shadan AlHamed Cunjie Cao Linfeng Liu Chunliang Yang Patrick Hung Xinjian Zhao Sungyoung Lee Zhengyu Chen

University of West of Scotland, UK King Saud University, Saudi Arabia Huazhong University of Science and Technology, China Kyung Hee University, South Korea University of Central Missouri, USA King Saud University, Saudi Arabia University of Oulu, Finland King Saud University, Saudi Arabia King Saud University, Saudi Arabia King Saud University, Saudi Arabia Islamic Azad University, Iran King Saud University, Saudi Arabia Technical University of Madrid, Spain Hebei Normal University, China Shaqra University, Saudi Arabia Nanjing University of Posts and Telecommunications, China King Saud University, Saudi Arabia Northeast Forestry University, China Harbin Institute of Technology, China The University of Sydney, Australia Nanjing Institute of Technology, China King Saud University, Saudi Arabia Southeast University, China University of Oulu, Finland Zayed University, UAE State Key Laboratory of Mathematical Engineering and Advanced Computing, China King Saud University, Saudi Arabia Nanjing University of Posts and Telecommunications, China University of Oulu, Finland Edith Cowan University, Australia Beijing University of Posts and Telecommunications, China King Saud University, Saudi Arabia Hainan University, China Nanjing University of Posts and Telecommunications, China China Mobile IoT Company Limited, China University of Ontario Institute of Technology, Canada State Grid Nanjing Power Supply Company, China Kyung Hee University, South Korea Jinling Institute of Technology, China

Organization

Jian Zhou Pasi Kuvaja Xiao Xue Jianguo Sun Farkhund Iqbal Zilong Jin Susheela Dahiya Ming Pang Yuanfeng Jin Maram Al-Shablan Kejia Chen Valentina Lenarduzzi Davide Taibi Jinghua Ding Xuesong Yin Qiang Ma Tero Päivärinta Shiwen Hu Manar Hosny Lei Cui Yonghua Gong Kashif Saleem Xiaojian Ding Irfan Mohiuddin Ming Su Yunyun Wang Abdullah Al-Dhelaan

Nanjing University of Posts and Telecommunications, China University of Oulu, Finland Tianjin University, China Harbin Engineering University, China Zayed University, UAE Nanjing University of Information Science and Technology, China University of Petroleum & Energy Studies, India Harbin Engineering University, China Yanbian University, China King Saud University, Saudi Arabia Nanjing University of Posts and Telecommunications, China University of Tampere, Finland University of Tampere, Finland Sungkyunkwan University, South Korea Nanjing Institute of Technology, China King Saud University, Saudi Arabia University of Oulu, Finland Accelor Ltd., USA King Saud University, Saudi Arabia Chinese Academy of Sciences, China Nanjing University of Posts and Telecommunications, China King Saud University, Saudi Arabia Nanjing University of Finance and Economics, China King Saud University, Saudi Arabia Beijing University of Posts and Telecommunications, China Nanjing University of Posts and Telecommunications, China King Saud University, Saudi Arabia

Workshop Chairs Jiande Zhang Ning Ye Asad Masood Khattak

Nanjing Institute of Technology, China Nanjing Forestry University, China Zayed University, UAE

Publication Chair Vidyasagar Potdar

ix

Curtin University, Australia

x

Organization

Organization Chairs Chenrong Huang Bangjun Nie Xianyun Li Jianhua Chen Wenlong Shao Kari Liukkunen

Nanjing Institute of Nanjing Institute of Nanjing Institute of Nanjing Institute of Nanjing Institute of University of Oulu,

Technology, Technology, Technology, Technology, Technology, Finland

China China China China China

Organization Committee Members Wei Huang Pilar Rodriguez Gonzalez Jalal Al Muhtadi Geng Yang Qiaolin Ye Pertti Karhapää Lei Han Yong Zhu Päivi Raulamo-Jurvanen Bin Xie Dawei Li Jingrong Chen Thant Zin Oo Shoubao Su Alia Alabdulkarim Juanjuan Cheng Xiao Wu Rand. J Hang Chen Jiagao Wu

Nanjing Institute of Technology, China University of Oulu, Finland King Saud University, Saudi Arabia Nanjing University of Posts and Telecommunications, China Nanjing Forestry University, China University of Oulu, Finland Nanjing Institute of Technology, China Jingling Institute of Technology, China University of Oulu, Finland Hebei Normal University, China Nanjing Institute of Technology, China Nanjing Institute of Technology, China Kyung Hee University, South Korea Jiangsu Key Laboratory of Data Science and Smart Software, China King Saud University, Saudi Arabia Nanjing Institute of Technology, China White Matrix Co, Ltd., China Shaqra University, Saudi Arabia Nanjing Institute of Technology, China Nanjing University of Posts and Telecommunications, China

Contents

Cybersecurity and Privacy An Efficient Lattice-Based IBE Scheme Using Combined Public Key . . . . . . Yanfeng Shi, Shuo Qiu, and Jiqiang Liu A Novel Location Privacy Protection Scheme with Generative Adversarial Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wenxi Wang, Weilong Zhang, Zhang Jin, Keyan Sun, Runlin Zou, Chenrong Huang, and Yuan Tian Security, Safety and Privacy Issues of Unmanned Aerial Vehicle Systems . . . Najla Al-nabhan

3

17

28

A Trust Model for Evaluating Trust and Centrality Based on Entropy Weight Method in Social Commerce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Yonghua Gong and Lei Chen

40

Digital Twins as Software and Service Development Ecosystems in Industry 4.0: Towards a Research Agenda . . . . . . . . . . . . . . . . . . . . . . . Yueqiang Xu, Tero Päivärinta, and Pasi Kuvaja

51

A Click Fraud Detection Scheme Based on Cost-Sensitive CNN and Feature Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Xinyu Liu, Xin Zhang, and Qianyun Miao

65

Research on Table Overflow Ldos Attack Detection and Defense Method in Software Defined Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shengxu Xie, Changyou Xing, Guomin Zhang, and Jinlong Zhao

80

Human Factors Affecting XBRL Adoption Success in Lebanese Small to Medium-Sized Enterprises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A. Ayoub, Vidyasagar Potdar, A. Rudra, and H. Luong

98

Impact of Nepotism on the Human Resources Component of ERP Systems Implementation in Lebanon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A. Ayoub, Vidyasagar Potdar, A. Rudra, and H. Luong

116

Computationally Efficient Fine-Grain Cube CP-ABE Scheme with Partially Hidden Access Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Miada Murad, Yuan Tian, and Mznah A. Rodhaan

135

xii

Contents

The Impact of Organizational Culture on the Internal Controls Components of Accounting Information Systems in the City of Beirut, Lebanon . . . . . . . . A. Ayoub, Vidyasagar Potdar, A. Rudra, and H. Luong

157

A Security Vehicle Network Organization Method for Railway Freight Train Based on Lightweight Authentication and Property Verification . . . . . . Congdong Lv and Yucai Li

178

Lightweight Identity Authentication Scheme Based on IBC Identity Cryptograph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Yongbing Lian and Xiaogang Wei

190

Security Analysis and Improvement on Kerberos Authentication Protocol . . . Guangyao Yuan, Lihong Guo, and Gang Wang Distributed Differential Privacy Protection System for Personalized Recommendation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Zongsheng Lv, Kaiwen Huang, Yuanzhi Wang, Ruikang Tao, Guanghan Wu, Jiande Zhang, and Yuan Tian

199

211

An Improved Dynamic Certificateless Authenticated Asymmetric Group Key Agreement Protocol with Trusted KGC . . . . . . . . . . . . . . . . . . . . . . . . Haiyan Sun, Lingling Li, Jianwei Zhang, and Wanwei Huang

223

Research on Medical Image Encryption Method Based on Chaotic Scrambling and Compressed Sensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Yubin Liu and Ming Pang

238

Design and Optimization of Evaluation Metrics in Object Detection and Tracking for Low-Altitude Aerial Video . . . . . . . . . . . . . . . . . . . . . . . Li Wang, Xin Shu, Wei Zhang, and Yunfang Chen

247

People Flow Analysis Based on Anonymous OD Trip Data . . . . . . . . . . . . . Tianxu Sun, Yunlong Zhao, and Zuowei Lian

263

Agile Methods and Cyber-Physical Systems Development—A Review with Preliminary Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Muhammad Ovais Ahmad

274

Optimizing the Reservoir Connection Structure Using Binary Symbiotic Organisms Search Algorithm: A Case Study on Electric Load Forecasting . . . Lina Pan and Bo Zhang

286

On the Character Relations Between Nodes for Data Forwarding in Mobile Opportunistic Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Runtong Zou, Xuecheng Zhang, Wei Jiang, and Linfeng Liu

298

Contents

xiii

Research on Interference of LTE Wireless Network in Electric Power System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shanyu Bi, Junyao Zhang, Weiwei Kong, Long Liu, and Pengpeng Lv

309

Research on High Reliability Planning Method in Electric Wireless Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Zewei Tang and Chengzhi Jiang

319

Research on Service Support Ability of Power Wireless Private Network . . . . Yu Chen, Kun Liu, and Ziqian Zhang A Method of UML Sequence Diagram Verification Based on a Graph Grammar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Zhan Shi, Chenrong Huang, Xiaoqin Zeng, Jiande Zhang, Lei Han, and Ying Qian A Bus Passenger Flow Estimation Method Based on POI Data and AFC Data Fusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Yuexiao Cai, Yunlong Zhao, Jinqian Yang, and Changxin Wang

330

340

352

Big Data Research Character Analyzation of Urban Security Based on Urban Resilience Using Big Data Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Yi Chen, Zhuoran Yang, Zhicong Ye, and Hui Liu Privacy Issues in Big Data from Collection to Use . . . . . . . . . . . . . . . . . . . Alaa A. Alwabel Trusted Query Method Based on Authorization Index and Triangular Matrix in Big Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lihong Guo, Haitao Wu, and Jie Yang Microservice Architecture Design for Big Data in Tactical Cloud . . . . . . . . . Liyuan Tang, Haoren Hu, Zhonghua Wang, Jiansheng Wang, and Yahui Li Using GitHub Open Sources and Database Methods Designed to Auto-Generate Chinese Tang Dynasty Poetry . . . . . . . . . . . . . . . . . . . . . Hai Yu, Zi-Xuan Li, and Yu-Yan Jiang Distributed Image Retrieval Base on LSH Indexing on Spark . . . . . . . . . . . . Zelei Hou, Chao Huang, Jiagao Wu, and Linfeng Liu

371 382

392 402

417 429

xiv

Contents

Blockchain and Internet of Things A Blockchain Based Terminal Security of IoT . . . . . . . . . . . . . . . . . . . . . . Dawei Li and Xue Gao

445

Key Factors Affecting Blockchain Adoption in Organizations . . . . . . . . . . . . Abubakar Mohammed, Vidyasagar Potdar, and Li Yang

455

An IoT-Based Congestion-Aware Emergency Evacuation Approach . . . . . . . Najla Al-nabhan

468

Directional Virtual Coordinate Approach for 3-D IoT Systems in Smart Cities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Najla Al-nabhan, Aseel Bin Othman, Anura Jayasumana, and Mahindre Gunjan

479

Security in Cloud and Fog Computing Privacy Preservation of Future Trajectory Using Dummy Rotation Algorithm in Fog Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shadan AlHamed, Mznah AlRodhaan, and Yuan Tian

501

Enabling Secure and Efficient Data Sharing and Integrity Auditing for Cloud-Assisted Industrial Control System . . . . . . . . . . . . . . . . . . . . . . . Yuanfei Tu, Qingjian Su, and Yang Geng

514

An Evolutionary Task Offloading Schema for Edge Computing . . . . . . . . . . Pei Sun, Baojing Chen, Shaocong Han, Huizhong Shi, Zhenwei Yang, and Xing Li

529

Data Leakage Prevention System for Smart Grid. . . . . . . . . . . . . . . . . . . . . Chengzhi Jiang and Song Deng

541

Artificial Intelligence/Machine Learning Security Optimizing the Efficiency of Machine Learning Techniques . . . . . . . . . . . . . Anwar Ullah, Muhammad Zubair Asghar, Anam Habib, Saiqa Aleem, Fazal Masud Kundi, and Asad Masood Khattak

553

Community Detection Based on DeepWalk in Large Scale Networks . . . . . . Yunfang Chen, Li Wang, Dehao Qi, and Wei Zhang

568

A Systematic Review of Artificial Intelligence and Machine Learning Techniques for Cyber Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rahman Ali, Asmat Ali, Farkhund Iqbal, Asad Masood Khattak, and Saiqa Aleem

584

Contents

xv

Study on Indicator Recognition Method of Water Meter Based on Convolution Neural Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shuaicheng Pan, Lei Han, Yi Tao, and Qingyu Liu

594

A Deep Learning Approach for Anomaly-Based Network Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Najwa Altwaijry, Ameerah ALQahtani, and Isra AlTuraiki

603

Over-Sampling Multi-classification Method Based on Centroid Space . . . . . . Haiyong Wang, Weizheng Guan, and Kaixin Zhang

616

A Blockchain-Based IoT Workflow Management Approach . . . . . . . . . . . . . Ming Jin, Chenchen Dou, Peichun Pan, Ming Wan, Biying Sun, and Wenxuan Zhang

633

Research on Identity-Based Cryptograph and Its Application in Power IoT. . . Xiaogang Wei and Yongbing Lian

645

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

655

Cybersecurity and Privacy

An Efficient Lattice-Based IBE Scheme Using Combined Public Key Yanfeng Shi1(B) , Shuo Qiu2 , and Jiqiang Liu3 1

School of Computer Engineering, Nanjing Institute of Technology, Nanjing, China [email protected] 2 Jinling Institute of Technology, Nanjing, China [email protected] 3 Beijing Jiaotong University, Beijing, China [email protected]

Abstract. Lattice-based Identity-based encryption (IBE) can both simplify certificate management and resist quantum attack in the real world. Combined Public Key (CPK) technology can be used to enhance the efficiency of IBE schemes. In this paper, we use CPK to construct a more efficient lattice-based IBE scheme based on a variant of learning with errors (LWE) problem, by avoiding complex trapdoor generation algorithm and preimage sampling algorithm required by the existing latticebased IBE schemes from LWE. Its storage cost is also lower. We show that our IBE scheme is semantically secure against an adaptive chosen plaintext attack (CPA) from all probabilistic polynomial time adversaries in the random oracle model. Keywords: Identity-based encryption · Discrete Gaussian distribution · Learning with errors · Combined public key

1

Introduction

Compared with regular public key cryptosystems, identity-based encryption (IBE) which is proposed by Shamir simplifies certificate management [13]. In an IBE scheme, the sender can encrypt messages using the identity of the receiver as the public key. So the receiver don’t require to show his/her public key certification to the sender. The first efficient IBE scheme is presented by Boneh and Franklin. It is based on bilinear maps [3]. However, traditional IBE based on IFP, DLP, ECDLP and their derivants such as CDH and BDH, will face on the threat of quantum computing. Latticebased cryptography is one of the most important Post-quantum cryptography. Firstly, as Daniele Micciancio and Oded Regev’s show, there is no polynomial time quantum algorithm that approximates lattice problems to within polynomial factors [11]. So lattice problems are even hard for quantum and subexponential-time adversary. Secondly, compared with modular exponentiation, lattice operations are more efficient. c Springer Nature Singapore Pte Ltd. 2020  Y. Tian et al. (Eds.): ICBDS 2019, CCIS 1210, pp. 3–16, 2020. https://doi.org/10.1007/978-981-15-7530-3_1

4

Y. Shi et al.

In 2008, Craig Gentry et al., proposed an IBE scheme based on a lattice problem-learning with errors (LWE) problem and proved its security against IND-ID-CPA in the random oracle model [5]. Also, more constructions for latticebased IBE have been put forward [1,2,14,16–18]. But the existing lattice-based ibe schemes from LWE are not efficient enough, especially in Setup and Extract phase. Because these schemes require trapdoor generation algorithm and preimage sampling algorithm. The most efficient trapdoor generation and preimage sampling algorithms are present by Micciancio et al. [10] and improved by Ye et al. with the implicit extension method [17]. However, their solutions need O(n3 ) times of multiplication and addition, which are still not practical enough. In this paper, we take advantage of combined public keys (CPK) to present a more efficient lattice-based IBE. In our IBE scheme, Setup and Extract is much more efficient than the existing lattice-based IBE constructions by avoiding the complex trapdoor generation and preimage sampling algorithm. It only needs O(n3 / log n) additions of vectors, which is parallelizable. Moreover, the storage cost is much lower because the Private Key Generator (PKG) doesn’t require to storage large-scale keys but only little-scale key “seeds”. For balance, the scheme sacrifices the length of public key. Then we analyze its security under a variant of LWE (learning with errors) assumption (which is Equivalent to standard LWE assumption) in the random oracle model and prove that it is semantically secure against IND-ID-CPA. The rest of paper is organized as follows. In Sect. 2, we introduce some preliminaries, such as IBE, LWE-assumption, and so on. In Sect. 3, we propose a variant of LWE-assumption. Section 4 is our construction of IND-ID-CPA secure lattice-based IBE using CPK.

2 2.1

Preliminaries Combined Public Key

Combined public key (CPK)is a new technology that can be used in key management. It is presented by Nan [15] and used in varies systems [7,8]. It can be used to enhance the efficiency of IBE scheme and retrench the storage space. In CPK technology, there are two key matrixes-a private key matrix and a public key matrix. The public key and private key for each ID can be computed through a mapping algorithm and the key matrixes [15]. In this paper, our construction takes the advantage of the combined property of key pairs in CPK technology. Supposing there is a public key matrix (y1 , y2 , ..., yn ), the corresponding private key matrix (x1 , ..., xn ), where yi = f (xi ), and a collision-resistent mapping  function h(·) : {0, 1}∗ → {0, 1}n . Therefore, the public key and private key can be calculated by mapping function and key matrixes. That is to say if a user’s identity is id, the hash value is computed by equation h(id) = h1 , ..., hn . So n n   the user’s public key is yid = yi hi and private key xid = hi xi , where i=1

yid = f (xid ).

i=1

An Efficient Lattice-Based IBE Scheme Using Combined Public Key

5

In this paper, we adapt this technology to lattice-based cryptography and use it to construct more efficient and secure lattice IBE schemes. 2.2

Identity-Based Encryption (IBE)

An identity-based encryption scheme consists of four algorithms: Setup, Extract, Encrypt, Decrypt. Setup: This non-deterministic algorithm generates system parameters denoted by PP, and a master key. The system parameter is public whereas only the Private key Generator (PKG) knows the master key. Extract: This algorithm extracts a private key corresponding to a given identity using the master key. Encrypt: It encrypts messages for a given identity with system parameters. Decrypt: It decrypts ciphertext using the private key. 2.3

IND-ID-CPA

In general, the standard IBE security model which is defined in [4]is the indistinguishability of ciphertexts under an adaptive chosen-plaintext and chosenidentity attack (IND-ID-CPA). We consider the IND-ID-CPA game played between a challenger and an adversary. Setup. The challenger runs Setup (1λ ), and generates PP (the system parameters) and the master private key. Then it gives PP to the adversary and keeps the master key secret. Phase 1. The adversary can issue queries q1 , q2 , , ..., ql with an identity . The challenger responds with the corresponding private key. Of course, each query qi may depend on the knowledge of the challenger’s responses to q1 , q2 , ..., qi−1 . Challenge. The adversary sends the challenger an identity ID which he did not request the private key in Phase 1, and two messages-M0 and M1 . The challenger picks a random bit σ ∈ {0, 1} and encrypts Mσ by computing C = Encrypt (PP, ID, Mσ ). Then it sends C as the challenge to the adversary. Phase 2. The adversary repeats the Phase 1 with the restriction that the adversary can’t request a private key for the target identity ID. Guess. Finally, the adversary outputs a guess σ  ∈ {0, 1}. The adversary wins if and only if σ  = σ. The advantage of the adversary in attacking an IBE scheme is defined as P radv = |P r[σ  = σ] − 1/2|. Definition 1 (IND-ID-CPA secure). An IBE scheme is (k, ε)-semantically secure against an adaptive chosen plaintext attack if all probabilistic polynomial time (PPT) adversaries making at most k private key queries can get at most ε advantage in breaking the scheme [3].

6

2.4

Y. Shi et al.

Statistically Distance

Suppose X and Y are two random variables are chosen from a finite set Ω. The statistical distance is defined as Δ(X; Y ) =

1 |P r[X = t] − P r[Y = t]| 2 t∈Ω

If Δ(X(λ); Y (λ)) is a negligible function of λ, then X and Y are statistically close [1]. 2.5

Lattices

An n-dimensional lattice is the set of all integer linear combinations of some linearly independent vectors b1 , ..., bm ∈ Rn . where b1 , ..., bm are called basic vectors. The n-dimensional lattice of rank m is defined as: Λ = L(B) = {y ∈ Rn s.t.∃s ∈ Zm , y = Bs =

m 

si bi }

i=1

Obviously, L is contained in Zm . In our schemes, we mainly use the special lattice Zm [5]. 2.6

Discrete Gaussians

Let L be a subset of Zm , c is a vector, and r ∈ R is a positive parameter, then we have following definitions: 2 ρr,c (x) = exp(−π x−c ), where · implicitly represent Euclidean l2 norm: r2 This is a Gaussian-shaped function on Rm whose mean is 0 and variance is r2 ;  ρr,c (L) = x∈L ρr,c (x): This function represents the sum of ρr,c over L. According to above two definitions, the discrete Gaussian distribution over L with parameter r and c is defined as follows: x) = ∀˜ x ∈ L, DL,r,c (˜

x) ρr,c (˜ . ρr,c (L)

In the following sections, we will use a special discrete Gaussian distribution DZm ,r , i.e. L = Zm and c = 0. Now we introduce SampleD algorithm that can sample from a discrete Gaussian over any lattice. For example, taking some n-dimensional basis B ∈ Zn×m , a sufficient large Gaussian parameter r and a mean c ∈ Rn , it can output a sample from (a distribution close to)DL(B),r,c . In the following section, we can generate a value chosen from DZm ,r by running SampleD [5].

An Efficient Lattice-Based IBE Scheme Using Combined Public Key

2.7

7

Decision-LWE Hardness Assumption

Decision Learning with errors (Decision-LWE) problem is a variant of LWE problem. It is as hard as LWE problem [12]. In this section, we introduce the Decision-LWE problem and its hardness assumption. Definition 2 (Distribution Ψ¯α ). Consider a real parameter α = α(n) ∈ (0, 1) and a prime q. x ∈ R, x = x + 1/2 denotes a nearest integer to x. Denote by T = R/Z the group of reals [0, 1) with mod 1 addition. Ψα denotes a distribution √ over T of a normal variable with mean 0 and standard deviation α/ 2π then reduced modulo 1. Ψ¯α denotes the discrete distribution over Zq of the random variable qX mod q where the random variable X ∈ T is chosen from distribution Ψα [1]. We denote Ψ¯α by χα or χ. According to [6,9,12], we can redescribe the definition of Decision-LWE problem as follows. Definition 3 (Decision − LW Eq,α (DLW Eq,α ) problem). Consider a positive integer n, an arbitrary integer m ≤ poly(n), a prime modulus q ≤ poly(n), and a distribution Ψ¯α (χ) over Zq , all public. The challenger randomly chooses , a secret vector s ∈ Znq , and a bit τ ∈ {0, 1}, uniformly and a matrix A ∈ Zn×m q × Zm independently. If τ = 1 it outputs the tuple (A, AT s + x) ∈ Zn×m q q , where x m n×m × Zm is chosen from χ ; Otherwise, it outputs the tuple (A, d) ∈ Zq q , where d is uniformly and randomly chosen from Z m . Then the adversary outputs a guess τ  of τ . (all operations are performed in Zq .) The advantage of adversary in solving the DLW Eq,α problem is defined as [12] 1 P radv (DLW Eq,α ) = |P r[τ  = τ ] − | 2 DLWE Assumption: DLW Eq,α assumption holds if for any PPT adversary, the advantage of solving the DLW Eq,α problem. ¯ For the certain √ parameters q and noise distributions Ψα (denoted by χ) such that α · q > 2 n, DLW Eq,α problem is hard under a quantum reduction [12]. That is to say, DLW Eq,α assumption holds even for quantum PPT adversary. Theorem 1. Let n be a positive integer and q be a prime, and m ≥√2n lg q. and for any r ≥ ω( log m), Then for all but a 2q −n fraction of all A ∈ Zn×m q the distribution of the syndrome u = Ae mod q is statistically close to uniform over Zn , where ω(·) is a function defined as: if g(n) = ω(f (n)), then increment speed of g(n) is faster than any cf (n)(c > 1) and e ← DZm ,r [11].

3

A Variant of LWE Assumption

In Sect. 2.7, we have showed that for certain q and α, DLW Eq,α is a hard problem. For convenience to our construction, in this section, we present a variant of LW Eq,α problem and prove it is as hard as the DLW Eq,α problem.

8

Y. Shi et al.

Definition 4 (T wins−Decision−LW Eq,m,n,r,α (T DLW Eq,m,n,r,α ) problem). Consider a positive integer n, a arbitrary integer m ≤ poly(n), a prime modulus q ≤ poly(n), and a distribution Ψ¯α (χ) over Zq , all public. Then the challenger and a secret vector s ∈ Znq , randomly and uniformly chooses a matrix A ∈ Zn×m q  and randomly chooses a vector e from discrete Gaussian distribution DZm ,r . Then the challenger picks a bit τ ∈ {0, 1} uniformly and independently. If τ = 1 × Znq × Zm it outputs the tuple (A, Ae , AT s + x , eT AT s + x) ∈ Zn×m q q × Zq ,  m where x is chosen from χ and x is chosen from χ; otherwise, it outputs the  m × Znq × Zm tuple (A, Ae , AT s + x , d) ∈ Zn×m q q × Zq , where x is chosen from χ and d is randomly and uniformly chosen from Zq . Then the adversary outputs a guess τ  of τ . (all operations are performed in Zq .) We define the advantage of adversary solving the T DLW Eq,m,n,r,α as 1 P radv (T DLW Eq,m,n,r,α ) = |P r[τ  = τ ] − | 2 . TDLWE Assumption: T DLW Eq,m,n,r,α assumption holds if for any PPT adversary, the advantage of solving the T DLW Eq,m,n,r,α problem. In the following parts, we discuss the relationship between DLW Eq,α assumption and T DLW Eq,m,n,r,α assumption. Here, we adjust our parameters q, m, n, r, α so that the DLW Eq,α problem is a hard problem under a quantum reduction and Ae is statistically close to uniform over Znq , where e ← DZm ,r . √ Theorem 2. For certain q, m, n, r, α, where m ≥ 2n lg q, r ≥ ω( log m), if DLW Eq,α assumption holds, then T DLW Eq,m,n,r,α assumption holds too. √ Proof. According to Theorem 1, for certain m ≥ 2n lg q, r ≥ ω( log m), Ae is statistically close to uniform B. So TDLWE assumption tuple (A, Ae , AT s + x , eT AT s + x) is equivalent to (A, B, AT s + x , B T s + x). Also, if DLW Eq,α assumption holds, TDLWE assumption tuple (A, Ae , AT s +x , eT AT s +x) can be replaced by (A, B, C, B T s + x), with C is uniformly and randomly chosen T  from Zm q . A and C is independent with (B, B s + x), which is equal to DLWE assumption.

4

A Lattice-Based IBE Scheme Using Combined Public Key

In Sect. 3, we proposed a variant of LWE problem-TDLWE problem and analyzed its hardness. In this section, we will construct a lattice IBE scheme using CPK based on TDLWE problem and analyze its security under TDLWE assumption in the next section.

An Efficient Lattice-Based IBE Scheme Using Combined Public Key

4.1

9

Scheme Construction

Setup(1λ ) On input a security parameter λ, set the parameters q, n, m, r, α as uniformly at random. specified as Sect. 4.2. Choose a common matrix A ∈ Zn×m q All operations are performed over Zq . Then choose n secret vectors ei (i = 1, 2, ..., n ) from the discrete Gaussian at random DZm ,r . Then the master private key is E = (e1 , e2 , ..., en ), and the public key is U = (u1 , u2 , ..., un ), where ui = Aei . 

Additionally, choose a cryptographic hash function H : {0, 1}∗ → {0, 1}n . Then make P P = (A, U, n , H, q) public. Extract(P P, E, id) Suppose that hi is the ith bit of H(id), i = 1, 2, ..., n output n  eid = hi ei . i=1

Encrypt(P P, id, b) On input public parameters P P , an identity id, and a bit b ∈ {0, 1}, do: 1. Check whether this is the first time to encrypt a message under this id. If it n n   is, construct uid = hi u i = Ahi ei = Aeid ∈ Znq . i=1

i=1

2. To encrypt a bit b ∈ {0, 1}, choose s ← Znq uniformly and compute p = m AT s + x ∈ Zm q , where x ← χ . Output the ciphertext as C = (c1 , c2 ) = T m (p, uid s + x ¯ + bq/2 ) ∈ Zq × Zq , where x ¯ ← χ. Decrypt(P P, eid , C) On input public parameters PP, a private key eid and a ciphertext C = (c1 , c2 ), do: compute b = c2 − eTid c1 ∈ Zq . Output 0 if b is closer to 0 than to q/2 modulo q, otherwise output 1. 4.2

Parameters

Ref.Craig Gentry, Chris √ Perkert and VinodVaikuntanathan’s √ show about param√  (m + 1)) · ω( log n) ,q · α > 2 n, + 1), α ≤ 1/(r n eters, we let q ≥ 5r n (m √ m ≥ 2n lg q and r ≥ ω( log m) [5]. According to Theorem 1, in this case the distribution of public keys uid is statistically close to uniform over Znq and T DLW Eq,m,n,r,α assumption holds. Also, we can show that the receiver can decrypt the ciphertext correctly with private key in next section.

10

4.3

Y. Shi et al.

Completeness

The correctness is analogous to [5]. Since the linear combination of the indepenn  dent normal variables is also a normal variable, eid = hi