计算机工程与应用 ›› 2024, Vol. 60 ›› Issue (19): 268-277.DOI: 10.3778/j.issn.1002-8331.2311-0339

• 网络、通信与安全 • 上一篇    下一篇

带抵抗解密密钥暴露的可撤销身份基加密

王晓毅,陈虎,赵姜冬   

  1. 江苏师范大学  数学与统计学院,江苏  徐州  221116
  • 出版日期:2024-10-01 发布日期:2024-09-30

Revocable Identity-Based Encryption with Decryption Key Exposure Resistance

WANG Xiaoyi, CHEN Hu, ZHAO Jiangdong   

  1. School of Mathematics and Statistics,Jiangsu Normal University,Xuzhou,Jiangsu 221116,China
  • Online:2024-10-01 Published:2024-09-30

摘要: 在可撤销加密方案中,如果解密密钥暴露,那么会导致用户私钥的泄露。因此,构造一个基于格的带抵抗加密密钥暴露(decryption key exposure resistance,DKER)的可撤销身份基加密方案很有意义。不同于现有的通过改变用户私钥实现DKER特性的方案,该方案针对更新密钥进行改造,利用比特分解函数,将经过用户公钥加密后的更新密钥广播出去。这就使得解密密钥即便暴露,也不会对用户私钥造成任何影响,从而实现DKER。同时,该方案在标准模型下基于判定性带误差学习困难问题(decision learning with error,DLWE)给出抵抗选择时间和自适应选择身份攻击的形式化安全证明。结果表明,与现存的一些方案相比,该方案提高了用户的私钥和解密密钥生成效率,并且降低了用户的密钥存储空间和密文长度。

关键词: 格密码, 可撤销身份基加密, 抵抗解密密钥暴露, 高斯抽样

Abstract: In revocable encryption schemes,a user’s private key may be exposed if the decryption key is exposed. Therefore,constructing a lattice-based revocable encryption scheme with DKER is significant.Different from these schemes available,which implement the features of DKER by changing the user’s private key,this scheme modifies the update key by using a bit decomposition function to broadcast the updated key encrypted by the user’s public key. This ensures that even if the decryption key is exposed,it will not have any impact on the user’s private key,thus achieving DKER.At the same time,this scheme provides formal security proof against selection time and adaptive selection identity attacks based on the DLWE hardness problem in the standard model. The results indicate that compared with some existing schemes,this scheme improves the efficiency of generating user private keys and decryption keys,and reduces the user’s key storage space and ciphertext length.

Key words: lattice-based cryptography, revocable identity-based encryption, decryption key exposure resistance, Gaussian sampling