华东师范大学学报(自然科学版)

• 计算机科学 • 上一篇    下一篇

更高效的选择密文安全基于身份的双接收者加密方案

陈 文, 张  凯,  钱海峰   

  1. 华东师范大学 计算机科学技术系, 上海  200062
  • 收稿日期:2015-11-04 出版日期:2016-11-25 发布日期:2017-01-13
  • 通讯作者: 钱海峰,男,研究员,博士生导师,研究方向为信息安全与密码学.E-mail: hfqian@cs.ecnu.edu.cn.
  • 基金资助:

    国家自然科学基金(61571191, 61572192, 61472142);上海市科委基金(13JC1403502, 14YF1404200)

More efficient CCA-secure identity-based dual receiver encryption

CHEN Wen, ZHANG Kai, QIAN Hai-feng   

  1. Department of Computer Science and Technology, East China Normal University, Shanghai 200062, China
  • Received:2015-11-04 Online:2016-11-25 Published:2017-01-13

摘要:

双接收者加密(Dual Receiver Encryption, DRE)是一种特殊的公钥加密(Public Key Encryption, PKE)体制, 它允许两个独立的接收者分别解密同一密文得到相应的正确明文信息. 双接收者加密非常适用于敏感信息需要被监督方或者第三方解密的应用场景. 基于传统公钥加密方案构造的双接收者加密方案需要额外的开销来进行公钥证书的发放和管理;  而基于身份的双接收者加密(Identity-Based Dual Receiver Encryption, ID-DRE)可以避免公钥证书的问题. 第一个基于身份的双接收者加密方案是通过一个高效的基于身份的加密方案(Identity-Based Encryption, IBE)构造而得. 本文首先利用从 IBE 构造可抵抗选择密文攻击(Chosen-Ciphertext Attack, CCA)的 PKE 的通用技术对上述方案进行扩展,得到了不可区分选择身份和选择密文攻击安全(Indistinguishability Against Adaptively Chosen Identity and Chosen-Ciphertext Attack, IND-ID-CCA)的加密方案. 并通过基于双线性判定 Diffie-Hellman (Bilinear Decision Diffie-Hellman, BDDH) 假设(BDDH 假设),对此方案的安全性进行了证明. 最后,将此加密方案扩展成一个非交互式公开可认证的双接收者加密方案,该方案是目前已知的第一个非交互式公开可认证的基于身份的双接收者加密方案.

关键词: 双接收者加密, 基于身份的加密,  选择密文攻击; 非交互式公开可认证

Abstract:

Dual receiver encryption (DRE) is a special kind of public key encryption (PKE), which allows a ciphertext to be decrypted into the same plaintext by two inde-
pendent receivers. Though DRE is widely used in scenarios where sensitive information should be potentially decrypted by a supervisor or a third party, the most known DRE constructions in the literatures are obtained from traditional PKE settings. As a result, they have extra overhead for distributions and managements of public key certificates, the identity-based dual receiver encryption (ID-DRE) can reduce overhead. The first identity-based DRE scheme is constructed by an efficient identity-based encryption (IBE). First, we use the CCA-secure (secure against chosen-ciphertext attack) PKE from identity-based techniques to construct a new identity-based DRE scheme with the IND-ID-CCA (indistinguishability against adaptively chosen identity and chosen-ciphertext attack) security, which relies on the bilinear decisional Diffie-Hellman assumption. Then, we extend our scheme to obtain an identity-based dual receiver encryption (ID-DRE) scheme with non-interactive opening, which is the first known identity-based dual receiver encryption (ID-DRE) scheme with non-interactive opening.

Key words: dual receiver encryption, identity-based encryption, chosen-ciphertext attack, non-interactive opening