带抵抗解密密钥暴露的可撤销身份基加密

doi:10.3778/j.issn.1002-8331.2311-0339

摘要/Abstract

摘要： 在可撤销加密方案中，如果解密密钥暴露，那么会导致用户私钥的泄露。因此，构造一个基于格的带抵抗加密密钥暴露（decryption key exposure resistance，DKER）的可撤销身份基加密方案很有意义。不同于现有的通过改变用户私钥实现DKER特性的方案，该方案针对更新密钥进行改造，利用比特分解函数,将经过用户公钥加密后的更新密钥广播出去。这就使得解密密钥即便暴露,也不会对用户私钥造成任何影响，从而实现DKER。同时，该方案在标准模型下基于判定性带误差学习困难问题（decision learning with error，DLWE）给出抵抗选择时间和自适应选择身份攻击的形式化安全证明。结果表明，与现存的一些方案相比，该方案提高了用户的私钥和解密密钥生成效率，并且降低了用户的密钥存储空间和密文长度。

关键词: 格密码, 可撤销身份基加密, 抵抗解密密钥暴露, 高斯抽样

Abstract: In revocable encryption schemes，a user’s private key may be exposed if the decryption key is exposed. Therefore，constructing a lattice-based revocable encryption scheme with DKER is significant.Different from these schemes available，which implement the features of DKER by changing the user’s private key，this scheme modifies the update key by using a bit decomposition function to broadcast the updated key encrypted by the user’s public key. This ensures that even if the decryption key is exposed，it will not have any impact on the user’s private key，thus achieving DKER.At the same time，this scheme provides formal security proof against selection time and adaptive selection identity attacks based on the DLWE hardness problem in the standard model. The results indicate that compared with some existing schemes，this scheme improves the efficiency of generating user private keys and decryption keys，and reduces the user’s key storage space and ciphertext length.

Key words: lattice-based cryptography, revocable identity-based encryption, decryption key exposure resistance, Gaussian sampling

王晓毅, 陈虎, 赵姜冬. 带抵抗解密密钥暴露的可撤销身份基加密[J]. 计算机工程与应用, 2024, 60(19): 268-277.

WANG Xiaoyi, CHEN Hu, ZHAO Jiangdong. Revocable Identity-Based Encryption with Decryption Key Exposure Resistance[J]. Computer Engineering and Applications, 2024, 60(19): 268-277.

参考文献

[1] SHAMIR A. Identity-based cryptosystems and signature schemes[C]//Advances in Cryptology. Berlin, Heidelberg: Springer, 1985: 47-53.
[2] BONEH D, FRANKLIN M. Identity-based encryption from the weil pairing[J]. SIAM Journal on Computing, 2003, 32(3): 586-615.
[3] BOLDYREVA A, GOYAL V, KUMAR V. Identity-based encryption with efficient revocation[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security, 2008: 417-426.
[4] TSENG Y M, TSAI T T. Efficient revocable ID-based encryption with a public channel[J]. The Computer Journal, 2012, 55(4): 475-486.
[5] ZHANG Y H, LIU X M, HU Y P, et al. Cloud-aided scalable revocable identity-based encryption with ciphertext update from lattices[C]//Proceedings of the International Conference on Frontiers in Cyber Security. Singapore: Springer, 2021: 269-287.
[6] OKANO Y, TOMIDA J, NAGAI A, et al. Revocable hierarchical identity based authenticated key exchange[C]//Proceedings of the Interntional Conference on Information Security and Cryptology. Cham: Springer, 2021: 3-27.
[7] WANG X L, WANG Y, WANG M Q. Lattice-based revocable identity-based proxy re-encryption with re-encryption verifiability[C]//Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Cham: Springer, 2022: 535-544.
[8] CHEN J, LIM H W, LING S, et al. Revocable identity-based encryption from lattices[C]//Proceedings of the 17th Australasian Conference on Information Security and Privacy, Wollongong, NSW, Australia, Jul 9-11, 2012. Berlin, Heidelberg: Springer, 2012: 390-403.
[9] SEO J H, EMURA K. REVOCABLE identity-based cryptosystem revisited: security models and constructions[J]. IEEE Transactions on Information Forensics and Security, 2014, 9(7): 1193-1205.
[10] TAKAYASU A, WATANABE Y. Lattice-based revocable identity-based encryption with bounded decryption key exposure resistance[C]//Proceedings of the 22nd Australasian Conference on Information Security and Privacy, Auckland, New Zealand, Jul 3-5, 2017. Cham: Springer, 2017: 184-204.
[11] KATSUMATA S, MATSUDA T, TAKAYASU A. Lattice-based revocable (hierarchical) IBE with decryption key exposure resistance[J]. Theoretical Computer Science, 2020, 809: 103-136.
[12] WANG Q, HUANG H, LI J, et al. Revocable IBE with En-DKER from lattices: a novel approach for lattice basis de-legation[C]//Proceedings of the European Symposium on Research in Computer Security, 2023.
[13] TAKAYASU A. Adaptively secure lattice-based revocable IBE in the QROM: compact parameters, tight security, and anonymity[J]. Designs, Codes and Cryptography, 2021, 89(8): 1965-1992.
[14] GENTRY C, PEIKERT C, VAIKUNTANATHAN V. Trapdoors for hard lattices and new cryptographic constructions[C]//Proceeings of the 40th Annual ACM Symposium on Theory of Computing. Victoria, British Columbia, Canada, 2008: 197-206.
[15] AGRAWAL S, BONEH D, BOYEN X. Efficient lattice (h) IBE in the standard model[C]//Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30-Jun 3, 2010. Berlin, Heidelberg: Springer, 2010: 553-572.
[16] ZHANG Y, LIU X, HU Y. Simplified server-aided revocable identity-based encryption from lattices[C]//Proceedings of the International Conference on Provable Security. Cham: Springer, 2022: 71-87.
[17] MICCIANCIO D, PEIKERT C. Trapdoors for lattices: simpler, tighter, faster, smaller[C]//Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg: Springer, 2012: 700-718.
[18] LUO F, AL-KUWARI S, WANG H, et al. Revocable attribute-based encryption from standard lattices[J]. Computer Standards & Interfaces, 2023, 84: 103698.
[19] REGEV O. On lattices, learning with errors, random linear codes, and cryptography[J]. Journal of the ACM, 2009, 56(6): 1-40.
[20] CRAMER R, DAMGARD I, KELLER M. On the amortized complexity of zero-knowledge protocols[J]. Journal of Cryptology, 2014, 27(2): 284-316.
[21] BRAKERSKI Z, GENTRY C, VAIKUNTANATHAN V. (Leveled) fully homomorphic encryption without bootstrapping[C]//Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, 2012: 309-325.