基于格式保留的敏感信息加密方案

格式保留加密具有加密后数据格式和数据长度不变的特点,不会破坏数据格式约束,从而降低改造数据格式的成本。分析现有敏感信息格式保留加密方案,均基于对称加密体制,存在密钥传输安全性低和密钥管理成本较高等问题。提出了身份密码环境下基于格式保留的敏感信息加密方案,与现有的格式保留加密方案相比,通信双方不需要传递密钥,通过密钥派生函数来生成加密密钥和解密密钥,利用混合加密的方式提高了敏感信息传输的安全性。并且证明了该方案满足基于身份的伪随机置换安全,在适应性选择明文攻击下具有密文不可区分性。

A format preserving encryption scheme for sensitive information

Format preserving encryption has the characteristics of unchanged data format and data length after encryption, and does not destroy the data format constraints, thereby reducing the cost of modifying the data format. The existing format preserving encryption schemes for sensitive information are based on the symmetric encryption system, which has problems such as low key transmission security and high key management cost. This paper proposes a format preserving encryption scheme for sensitive information in identity cryptosystems. Compared with the existing format preserving encryption schemes, the two parties do not need to transmit a key, and the key derivation function is used to generate an encryption key and a decryption key. The use of hybrid encryption improves the security of sensitive information transmission. It is proved that the scheme satisfies the security of identity-based pseudo-random permutation. At the same time, the scheme has cipher text indistinguishability under adaptive selective plaintext attack.