微信服务号

微信订阅号

2025年6月1日 15:32 星期日
首页 > 过刊浏览>2023年第34卷第7期 >3354-3364. DOI:10.13328/j.cnki.jos.006531
PDF HTML阅读 XML下载 导出引用 引用提醒
基于SM9的CCA安全广播加密方案
作者:
作者简介:

赖建昌(1988-),男,博士,副教授,主要研究领域为公钥密码学,信息安全;黄欣沂(1981-),男,博士,教授,博士生导师,CCF专业会员,主要研究领域为公钥密码学,信息安全;何德彪(1980-),男,博士,教授,博士生导师,CCF高级会员,主要研究领域为密码学,信息安全.;宁建廷(1988-),男,博士,教授,主要研究领域为密码学,信息安全

通讯作者:

黄欣沂,E-mail:xyhuang@fjnu.edu.cn

中图分类号:

TP309

基金项目:

国家自然科学基金(61902191,62032005,61972294,61972094,61932016);江苏省自然科学基金(BK20190696);福建省科技厅科学基金(2020J02016);山东省重点研发计划(2020CXGC010115)


CCA Secure Broadcast Encryption Based on SM9
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [34]
    • |
  • 相似文献 [20]
    • | | |
  • 文章评论
    摘要:

    选择密文安全模型能有效刻画主动攻击,更接近现实环境.现有抵抗选择密文攻击的密码算法以国外算法为主,缺乏我国自主设计且能抵抗选择密文攻击的密码算法.虽然实现选择密文安全存在通用转化方法,代价是同时增加计算开销和通信开销.基于国密SM9标识加密算法,提出一种具有选择密文安全的标识广播加密方案.方案的设计继承了SM9标识加密算法结构,用户密钥和密文的大小都是固定的,其中用户密钥由一个群元素组成,密文由3个元素组成,与实际参与加密的接收者数量无关.借助随机谕言器,基于GDDHE困难问题可证明方案满足CCA安全.加密算法的设计引入虚设标识,通过该标识可成功回复密文解密询问,实现CCA的安全性.分析表明,所提方案与现有高效标识广播加密方案在计算效率和存储效率上相当.

    Abstract:

    The chosen-ciphertext attack (CCA) security model can effectively figure active attacks in reality. The existing cryptosystems against CCA are mainly designed by foreign countries, and China is lack of its CCA secure cryptosystems. Although there are general transformation approaches to achieving CCA security, they lead to an increase in both computational overhead and communication overhead. Based on the SM9 encryption algorithm, this study proposes an identity-based broadcast encryption scheme with CCA security. The design is derived from the SM9, and the size of the private key and ciphertext is constant and independent of the number of receivers chosen in the data encryption phase. Specifically, the private key includes one element, and the ciphertext is composed of three elements. If the GDDHE assumption holds, the study proves that the proposed scheme has selective CCA security under the random oracle model. In order to achieve CCA security, a dummy identity is introduced in designing the encryption algorithm, and the identity can be used to answer the decryption query successfully. Analysis shows that the proposed scheme is comparable to the existing efficient identity-based broadcast encryption schemes in terms of computational efficiency and storage efficiency.

    参考文献
    [1] Fujisaki E, Okamoto T. Secure integration of asymmetric and symmetric encryption schemes. In: Proc. of the 19th Annual Int’l Cryptology Conf. on Advances in Cryptology. Santa Barbara: Springer, 1999. 537–554.
    [2] Canetti R, Halevi S, Katz J. Chosen-ciphertext security from identity-based encryption. In: Proc. of the Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Interlaken: Springer, 2004. 207–222.
    [3] Gentry C. Practical identity-based encryption without random oracles. In: Proc. of the 25th Int’l Conf. on the Theory and Applications of Cryptographic Techniques. St. Petersburg: Springer, 2006. 445–464.
    [4] Ge AJ, Zhang R, Chen C, Ma CG, Zhang ZF. Threshold ciphertext policy attribute-based encryption with constant size ciphertexts. In: Proc. of the 17th Australasian Conf. on Information Security and Privacy. Wollongong: Springer, 2012. 336–349.
    [5] 刘潇, 刘魏然, 伍前红, 刘建伟. 选择密文安全的基于身份的广播加密方案. 密码学报, 2015, 2(1): 66–76. [doi: 10.13868/j.cnki.jcr.000061]
    Liu X, Liu WR, Wu QH, Liu JW. Chosen ciphertext secure identity-based broadcast encryption. Journal of Cryptologic Research, 2015, 2(1): 66–76 (in Chinese with English abstract). [doi: 10.13868/j.cnki.jcr.000061]
    [6] Shamir A. Identity-based cryptosystems and signature schemes. In: Blakley GR, Chaum D, eds. Advances in Cryptology. Berlin: Springer, 1985. 47–53.
    [7] Boneh D, Franklin M. Identity-based encryption from the weil pairing. In: Proc. of the 21st Annual Int’l Cryptology Conf. Santa Barbara: Springer, 2001. 213–229.
    [8] 赖建昌, 黄欣沂, 何德彪. 一种基于商密SM9的高效标识广播加密方案. 计算机学报, 2021, 44(5): 897–907. [doi: 10.11897/SP.J.1016.2021.00897]
    Lai JC, Huang XY, He DB. An efficient identity-based broadcast encryption scheme based on SM9. Chinese Journal of Computers, 2021, 44(5): 897–907 (in Chinese with English abstract). [doi: 10.11897/SP.J.1016.2021.00897]
    [9] Delerablée C. Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Proc. of the 13th Int’l Conf. on the Theory and Application of Cryptology and Information Security. Kuching: Springer, 2007. 200–215.
    [10] Boneh D, Boyen X. Efficient selective-ID secure identity-based encryption without random oracles. In: Proc. of the Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Interlaken: Springer, 2004. 223–238.
    [11] Waters B. Efficient identity-based encryption without random oracles. In: Proc. of the 24th Annual Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Aarhus: Springer, 2005. 114–127.
    [12] Kim J, Susilo W, Au MH, Seberry J. Adaptively secure identity-based broadcast encryption with a constant-sized ciphertext. IEEE Transactions on Information Forensics and Security, 2015, 10(3): 679–693. [doi: 10.1109/TIFS.2014.2388156]
    [13] Waters B. Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In: Proc. of the 29th Annual Int’l Cryptology Conf. on Advances in Cryptology. Santa Barbara: Springer, 2009. 619–636.
    [14] Susilo W, Chen RM, Guo FC, Yang GM, Mu Y, Chow YW. Recipient revocable identity-based broadcast encryption: How to revoke some recipients in IBBE without knowledge of the plaintext. In: Proc. of the 11th ACM on Asia Conf. on Computer and Communications Security. Xi’an: ACM, 2016. 201–210.
    [15] He K, Weng J, Liu JN, Liu JK, Liu W, Deng RH. Anonymous identity-based broadcast encryption with chosen-ciphertext security. In: Proc. of the 11th ACM on Asia Conf. on Computer and Communications Security. Xi’an: ACM, 2016. 247–255.
    [16] Liu WR, Liu JW, Wu QH, Qin B, Li Y. Practical chosen-ciphertext secure hierarchical identity-based broadcast encryption. Int’l Journal of Information Security, 2016, 15(1): 35–50. [doi: 10.1007/s10207-015-0287-8]
    [17] Ge AJ, Wei PW. Identity-based broadcast encryption with efficient revocation. In: Proc. of the 22nd IACR Int’l Conf. on Practice and Theory of Public-Key Cryptography. Beijing: Springer, 2019. 405–435.
    [18] Lai JC, Mu Y, Guo FC, Jiang P, Ma S. Identity-based broadcast encryption for inner products. The Computer Journal, 2018, 61(8): 1240–1251. [doi: 10.1093/comjnl/bxy062]
    [19] Xu P, Jiao TF, Wu QH, Wang W, Jin H. Conditional identity-based broadcast proxy re-encryption and its application to cloud email. IEEE Transactions on Computers, 2016, 65(1): 66–79. [doi: 10.1109/TC.2015.2417544]
    [20] Lai JC, Mu Y, Guo FC, Susilo W, Chen RM. Anonymous identity-based broadcast encryption with revocation for file sharing. In: Proc. of the 21st Australasian Conf. on Information Security and Privacy. Melbourne: Springer, 2016. 223–239.
    [21] Kim J, Camtepe S, Susilo W, Nepal S, Baek J. Identity-based broadcast encryption with outsourced partial decryption for hybrid security models in edge computing. In: Proc. of the 2019 ACM Asia Conf. on Computer and Communications Security. Auckland: ACM, 2019. 55–66.
    [22] 张雪锋, 彭华. 一种基于SM9算法的盲签名方案研究. 信息网络安全, 2019, 19(8): 61–67. [doi: 10.3969/j.issn.1671-1122.2019.08.009]
    Zhang XF, Peng H. Blind signature scheme based on SM9 algorithm. Netinfo Security, 2019, 19(8): 61–67 (in Chinese with English abstract). [doi: 10.3969/j.issn.1671-1122.2019.08.009]
    [23] 杨亚涛, 蔡居良, 张筱薇, 袁征. 基于SM9算法可证明安全的区块链隐私保护方案. 软件学报, 2019, 30(6): 1692–1704. http://www.jos.org.cn/1000-9825/5745.htm
    Yang YT, Cai JL, Zhang XW, Yuan Z. Privacy preserving scheme in block chain with provably secure based on SM9 algorithm. Ruan Jian Xue Bao/Journal of Software, 2019, 30(6): 1692–1704 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5745.htm
    [24] 王松, 房利国, 韩炼冰, 刘鸿博. 一种SM9数字签名及验证算法的快速实现方法. 通信技术, 2019, 52(10): 2524–2527. [doi: 10.3969/j.issn.1002-0802.2019.10.035]
    Wang S, Fang LG, Han LB, Liu HB. Fast implementation of SM9 digital signature and verification algorithms. Communications Technology, 2019, 52(10): 2524–2527 (in Chinese with English abstract). [doi: 10.3969/j.issn.1002-0802.2019.10.035]
    [25] 王明东, 何卫国, 李军, 梅瑞. 国密SM9算法R-ate对计算的优化设计. 通信技术, 2020, 53(9): 2241–2244. [doi: 10.3969/j.issn.1002-0802.2020.09.025]
    Wang MD, He WG, Li J, Mei R. Optimal design of R-ate pair in SM9 algorithm. Communications Technology, 2020, 53(9): 2241–2244 (in Chinese with English abstract). [doi: 10.3969/j.issn.1002-0802.2020.09.025]
    [26] 许盛伟, 任雄鹏, 袁峰, 郭春锐, 杨森. 一种关于SM9的安全密钥分发方案. 计算机应用与软件, 2020, 37(1): 314–319.
    Xu SW, Ren XP, Yuan F, Guo CR, Yang S. A secure key issuing scheme of SM9. Computer Applications and Software, 2020, 37(1): 314–319 (in Chinese with English abstract).
    [27] Zhang LY, Wu Q, Hu YP. Direct CCA secure identity-based broadcast encryption. In: Proc. of the 6th Int’l Conf. on Network and System Security. Wuyishan: Springer, 2012. 348–360.
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

赖建昌,黄欣沂,何德彪,宁建廷.基于SM9的CCA安全广播加密方案.软件学报,2023,34(7):3354-3364

复制
分享
文章指标
  • 点击次数:1039
  • 下载次数: 3019
  • HTML阅读次数: 1243
  • 引用次数: 0
历史
  • 收稿日期:2021-06-21
  • 最后修改日期:2021-10-01
  • 在线发布日期: 2022-09-20
  • 出版日期: 2023-07-06
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19987078位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号