华东师范大学学报(自然科学版) >

2016 , Vol. 2016 >Issue 6: 145 - 156

DOI: https://doi.org/10.3969/j.issn.1000-5641.2016.06.016

计算机科学

更高效的选择密文安全基于身份的双接收者加密方案

  • 陈 文 ,
  • 张 凯 ,
  • 钱海峰
展开
  • 华东师范大学 计算机科学技术系, 上海  200062

收稿日期: 2015-11-04

  网络出版日期: 2017-01-13

基金资助

国家自然科学基金(61571191, 61572192, 61472142);上海市科委基金(13JC1403502, 14YF1404200)

收起

More efficient CCA-secure identity-based dual receiver encryption

  • CHEN Wen ,
  • ZHANG Kai ,
  • QIAN Hai-feng
Expand
  • Department of Computer Science and Technology, East China Normal University, Shanghai 200062, China

Received date: 2015-11-04

  Online published: 2017-01-13

Fold

摘要

双接收者加密(Dual Receiver Encryption, DRE)是一种特殊的公钥加密(Public Key Encryption, PKE)体制, 它允许两个独立的接收者分别解密同一密文得到相应的正确明文信息. 双接收者加密非常适用于敏感信息需要被监督方或者第三方解密的应用场景. 基于传统公钥加密方案构造的双接收者加密方案需要额外的开销来进行公钥证书的发放和管理;  而基于身份的双接收者加密(Identity-Based Dual Receiver Encryption, ID-DRE)可以避免公钥证书的问题. 第一个基于身份的双接收者加密方案是通过一个高效的基于身份的加密方案(Identity-Based Encryption, IBE)构造而得. 本文首先利用从 IBE 构造可抵抗选择密文攻击(Chosen-Ciphertext Attack, CCA)的 PKE 的通用技术对上述方案进行扩展,得到了不可区分选择身份和选择密文攻击安全(Indistinguishability Against Adaptively Chosen Identity and Chosen-Ciphertext Attack, IND-ID-CCA)的加密方案. 并通过基于双线性判定 Diffie-Hellman (Bilinear Decision Diffie-Hellman, BDDH) 假设(BDDH 假设),对此方案的安全性进行了证明. 最后,将此加密方案扩展成一个非交互式公开可认证的双接收者加密方案,该方案是目前已知的第一个非交互式公开可认证的基于身份的双接收者加密方案.

关键词: 双接收者加密; 基于身份的加密;  选择密文攻击; 非交互式公开可认证

本文引用格式

陈 文 , 张 凯 , 钱海峰 . 更高效的选择密文安全基于身份的双接收者加密方案[J]. 华东师范大学学报(自然科学版), 2016 , 2016(6) : 145 -156 . DOI: 10.3969/j.issn.1000-5641.2016.06.016

Abstract

Dual receiver encryption (DRE) is a special kind of public key encryption (PKE), which allows a ciphertext to be decrypted into the same plaintext by two inde-
pendent receivers. Though DRE is widely used in scenarios where sensitive information should be potentially decrypted by a supervisor or a third party, the most known DRE constructions in the literatures are obtained from traditional PKE settings. As a result, they have extra overhead for distributions and managements of public key certificates, the identity-based dual receiver encryption (ID-DRE) can reduce overhead. The first identity-based DRE scheme is constructed by an efficient identity-based encryption (IBE). First, we use the CCA-secure (secure against chosen-ciphertext attack) PKE from identity-based techniques to construct a new identity-based DRE scheme with the IND-ID-CCA (indistinguishability against adaptively chosen identity and chosen-ciphertext attack) security, which relies on the bilinear decisional Diffie-Hellman assumption. Then, we extend our scheme to obtain an identity-based dual receiver encryption (ID-DRE) scheme with non-interactive opening, which is the first known identity-based dual receiver encryption (ID-DRE) scheme with non-interactive opening.

Key words: dual receiver encryption; identity-based encryption; chosen-ciphertext attack; non-interactive opening

参考文献

[ 1 ] DIAMENT T, LEE H K, KEROMYTIS A D, et al. The dual receiver cryptosystem and its applications[C]//Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM, 2004: 330-343.
[ 2 ] CHOW S SM, FRANKLIN M, ZHANG H. Practical dual-receiver encryption[J]. Lecture Notes in Computer Science, 2014, 8366: 85-105.
[ 3 ] VENTRE C, VISCONTI I. Completely non-malleable encryption revisited[J]. Lecture Notes in Computer Science, 2008, 4939: 65-84.
[ 4 ] FISCHLIN M. Completely non-malleable schemes[J]. Lecture Notes in Computer Science, 2005, 3580: 779-790.
[ 5 ] HERZOG J, LISKOV M, MICALI S. Plaintext awareness via key registration[J]. Lecture Notes in Computer Science, 2003, 2729: 548-564.
[ 6 ] DEAN D, STUBBLEFIELD A. Using client puzzles to protect TLS[C]//Proceedings of 10th Conference on USENIX Security Symposium. 2001, No 1.
[ 7 ] WANG X F, REITER M K. Defending against denial-of-service attacks with puzzle auctions[C]//Proceedings of the Symposium on Security and Privacy IEEE. 2003: 78-92.
[ 8 ] DODIS Y, KATZ J, SMITH A, et al. Composability and on-line deniability of authentication[J]. Theory of Cryptography, 2009, 5444: 146-162.
[ 9 ] CAO Z. A threshold key escrow scheme based on public key cryptosystem[J]. Science in China Series E: Technological Sciences, 2001, 44(4): 441-448.
[10] WATERS B. Efficient identity-based encryption without random oracles[J]. Lecture Notes in Computer Science, 2005, 3494: 114-127. 
[11] BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[J]. Lecture Notes in Computer Science, 2001, 2139: 213-229.
[12] BONEH D, BOYEN X. Efficient selective-ID secure identity-based encryption without random oracles[J]. Lecture Notes in Computer Science, 2004, 3027: 223-238.
[13] DAMGARD I, THORBEK R. Non-interactive proofs for integer multiplication[J]. Lecture Notes in Computer Science, 2007, 4515: 412-429.
[14] DAMGARD I, HOFHEINZ D, KILTZ E, et al. Public-key encryption with non-interactive opening[C]//Proceedings of the Cryptopgraphers’ Track at the RSA Conference on Topics in Cryptology. 2008: 239-255.
[15] ZHANG K, CHEN W, LI X X, et al. New application of partitioning methodology: Identity-based dual receiver encryption. [J/OL]. Research Gate, [2015-10-01]. https://www.researchgate.net/publicantion/308716571. DOI: 10.13140/RG.2.2.11606.45120.
[16] LAI J Z, DENG R H, LIU S L, et al. Efficient CCA-secure PKE from identity-based techniques[J]. Lecture Notes in Computer Science, 2010, 5985: 132-147.

Options
文章导航

/