适应性安全的离线证据加密
作者:
作者单位:

作者简介:

通讯作者:

吴庆涛,wqt8921@haust.edu.cn

中图分类号:

基金项目:

国家自然科学基金(61871430, 61971458); 中原科技创新领军人才(214200510012); 河南省高校科技创新团队(20IRTSTHN018, 21IRTSTHN015) ; 河南省高校基础研究专项(19zx010)


Offline Witness Encryption with Fully Adaptive Security
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    离线证据加密通过将复杂的计算移到初始化算法提升加密算法的效率, 相比证据加密具有更广泛的应用. 然而, 已有的离线证据加密方案大多满足选择安全性, 即敌手在得到公共参数之前必须输出一对挑战明文$ \left( {{m_0}, {m_1}} \right) $和一个命题实例x. Chvojka等人通过引入可穿孔加密构造了半适应安全的离线证据加密方案, 该安全性允许敌手适应性选择挑战密文, 但是敌手得到公共参数$ \left( {p{p_e}, p{p_d}} \right) $之前需要输出挑战密文对应的命题实例x, 将构造完全适应安全的离线证据加密方案作为“Open Problem”提了出来. 首次构造了满足完全适应安全的离线证据加密方案. 初始化算法输出一对公共参数$ \left( {p{p_e}, p{p_d}} \right) $, 其中加密密钥$ p{p_e} $包含两个公钥, 一个公共参考串和一个承诺, 解密密钥$ p{p_d} $是一个混淆电路. 该算法只需运行一次, 公共参数可以使用任意多次. 加密算法利用密钥封装机制和证据不可区分证明系统构造一个Naor-Yung形式的密文. 通过提前选定封装的密钥解决在选择安全性中敌手需要提前输出挑战明文的问题. 另外, 我们的构造可以直接转化为适应性安全的离线函数证据加密, 密钥生成阶段将函数f嵌入到解密私钥中, 可以实现针对函数f解密私钥的可重复使用.

    Abstract:

    Compared with witness encryption, offline witness encryption is more extensive in the practical applications because of its high-efficiency by transferring the hard computation work to setup phase. However, most of the current offline witness encryption schemes only satisfy the selective security, that is, the adversary must commit a pair of challenge messages (m0, m1) and an instance x before obtaining the public parameters. Chvojka et al. proposed an offline witness encryption construction that achieves semi-adaptive security by introducing the puncturable encryption. The semi-adaptive security permits the adversary to choose challenge messages adaptively. However, the instance of the considered NP language that is used to create the challenge ciphertext must be fixed before the adversary gets the public parameters (ppe, ppd). Therefore, they leave it as an open problem to construct offline witness encryption schemes with fully adaptive security. This study firstly proposes an offline witness encryption scheme that achieves the fully adaptive security. The setup algorithm outputs public parameters (ppe, ppd), where ppe, the encryption key, contains two public keys, a common reference, and a commitment, and the decryption key ppd is an obfuscated circuit. This algorithm needs to be run only once, and the parameters can be used for arbitrary many encryptions. The encryption algorithm outputs a Naor-Yung’s ciphertext by using key encapsulation mechanism and non-interactive witness indistinguishable proofs system. The problem of outputting the challenge plaintext in advance during the proving process of selective security have solved by selecting the encapsulation key in advance. In addition, the proposed scheme can also be turned into a functional offline witness encryption scheme directly to realize the reuse of the decryption key for the function f by embedding f into the decryption key in the key generation phase.

    参考文献
    相似文献
    引证文献
引用本文

刘牧华,王琳,朱军龙,邢玲,张明川,吴庆涛.适应性安全的离线证据加密.软件学报,,33():1-15

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2021-04-27
  • 最后修改日期:2021-06-27
  • 录用日期:
  • 在线发布日期: 2022-03-24
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号