| 基于SM9的CCA安全广播加密方案 |
| |
| 引用本文: | 赖建昌,黄欣沂,何德彪,宁建廷.基于SM9的CCA安全广播加密方案[J].软件学报,2023,34(7):3354-3364. |
| |
| 作者姓名: | 赖建昌 黄欣沂 何德彪 宁建廷 |
| |
| 作者单位: | 福建省网络安全与密码技术重点实验室 (福建师范大学), 福建 福州 350007;空天信息安全与可信计算教育部重点实验室 (武汉大学), 湖北 武汉 430072;福建省网络安全与密码技术重点实验室 (福建师范大学), 福建 福州 350007;信息安全国家重点实验室 (中国科学院 信息工程研究所), 北京 100093 |
| |
| 基金项目: | 国家自然科学基金(61902191,62032005,61972294,61972094,61932016);江苏省自然科学基金(BK20190696);福建省科技厅科学基金(2020J02016);山东省重点研发计划(2020CXGC010115) |
| |
| 摘 要: | 选择密文安全模型能有效刻画主动攻击,更接近现实环境.现有抵抗选择密文攻击的密码算法以国外算法为主,缺乏我国自主设计且能抵抗选择密文攻击的密码算法.虽然实现选择密文安全存在通用转化方法,代价是同时增加计算开销和通信开销.基于国密SM9标识加密算法,提出一种具有选择密文安全的标识广播加密方案.方案的设计继承了SM9标识加密算法结构,用户密钥和密文的大小都是固定的,其中用户密钥由一个群元素组成,密文由3个元素组成,与实际参与加密的接收者数量无关.借助随机谕言器,基于GDDHE困难问题可证明方案满足CCA安全.加密算法的设计引入虚设标识,通过该标识可成功回复密文解密询问,实现CCA的安全性.分析表明,所提方案与现有高效标识广播加密方案在计算效率和存储效率上相当.
|
| 关 键 词: | SM9 广播加密 CCA安全 定长密文 |
| 收稿时间: | 2021/6/21 0:00:00 |
| 修稿时间: | 2021/10/1 0:00:00 |
CCA Secure Broadcast Encryption Based on SM9 |
| |
| LAI Jian-Chang,HUANG Xin-Yi,HE De-Biao,NING Jian-Ting.CCA Secure Broadcast Encryption Based on SM9[J].Journal of Software,2023,34(7):3354-3364. |
| |
| Authors: | LAI Jian-Chang HUANG Xin-Yi HE De-Biao NING Jian-Ting |
| |
| Affiliation: | Fujian Provincial Key Lab of Network Security and Cryptology (Fujian Normal University), Fuzhou 350007, China;Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education (Wuhan University), Wuhan 430072, China; Fujian Provincial Key Lab of Network Security and Cryptology (Fujian Normal University), Fuzhou 350007, China;State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093, China |
| |
| Abstract: | The chosen-ciphertext attack (CCA) security model can effectively figure active attacks in reality. The existing cryptosystems against CCA are mainly designed by foreign countries, and China is lack of its CCA secure cryptosystems. Although there are general transformation approaches to achieving CCA security, they lead to an increase in both computational overhead and communication overhead. Based on the SM9 encryption algorithm, this study proposes an identity-based broadcast encryption scheme with CCA security. The design is derived from the SM9, and the size of the private key and ciphertext is constant and independent of the number of receivers chosen in the data encryption phase. Specifically, the private key includes one element, and the ciphertext is composed of three elements. If the GDDHE assumption holds, the study proves that the proposed scheme has selective CCA security under the random oracle model. In order to achieve CCA security, a dummy identity is introduced in designing the encryption algorithm, and the identity can be used to answer the decryption query successfully. Analysis shows that the proposed scheme is comparable to the existing efficient identity-based broadcast encryption schemes in terms of computational efficiency and storage efficiency. |
| |
| Keywords: | SM9 broadcast encryption CCA security constant size ciphertexts |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
