首页 | 本学科首页   官方微博 | 高级检索  
     

明文编码随机化加密方案
引用本文:巩林明,李顺东,王道顺,窦家维.明文编码随机化加密方案[J].软件学报,2017,28(2):372-383.
作者姓名:巩林明  李顺东  王道顺  窦家维
作者单位:陕西师范大学 计算机科学学院, 陕西 西安 710062,陕西师范大学 计算机科学学院, 陕西 西安 710062,清华大学 计算机科学与技术系, 北京 100084,陕西师范大学 数学与信息科学学院, 陕西 西安 710062
基金项目:国家自然科学基金(61272435,61373020)
摘    要:对著名的最优非对称填充加密方案(RSA-OAEP)及其改进方案进行分析发现:(1)这些方案的明文填充机制均采用Hash函数来隐藏明文统计特性,然而Hash函数特有的属性导致RSA-OAEP及其改进方案的安全性证明难以在标准模型下进行.很多研究工作表明,在标准模型下假定RSA(或者其变形)是困难的,无法证明RSA-OAEP及其改进方案对自适应性选择密文攻击是安全性的;(2)这些方案加密的消息是明文填充随机化处理后的信息,因此被加密信息比实际明文多出k位(设用于填充的随机数为k位).针对这两个问题,构造了一个基于配对函数编码的RSA型加密方案.该方案具有如下属性:(1)无需Hash运算就可以隐藏明文统计特性,同时使得被加密消息的长度短于实际明文的长度;(2)在标准模型下对自适应选择密文攻击是安全的;(3)该方案应用于签密时不需要额外协商签名模与加密模的大小顺序.

关 键 词:标准模型  不可区分安全  自适应选择密文攻击  编码随机化  RSA-OAEP
收稿时间:2015/4/17 0:00:00
修稿时间:2015/9/10 0:00:00

Randomized Coding of Plaintext Encryption Scheme
GONG Lin-Ming,LI Shun-Dong,WANG Dao-Shun and DOU Jia-Wei.Randomized Coding of Plaintext Encryption Scheme[J].Journal of Software,2017,28(2):372-383.
Authors:GONG Lin-Ming  LI Shun-Dong  WANG Dao-Shun and DOU Jia-Wei
Affiliation:School of Computer Science, Shaanxi Normal University, Xi''an 710062, China,School of Computer Science, Shaanxi Normal University, Xi''an 710062, China,Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China and School of Mathematics and Information Science, Shaanxi Normal University, Xi''an 710062, China
Abstract:The analysis on the well-known optimal asymmetric encryption and its improved schemes reveal some drawbacks. For one, these schemes use plaintext padding mechanism and hash functions to hide the statistic property of plaintext, and the property of Hash function makes it difficult to prove that these schemes or their variants are secure in the standard model. Many research works show that, assuming that RSA problem and their variants are difficult, it is difficult to prove the RSA-OAEP schemes or their improvements secure against adaptive chosen cipher-text attack in the standard model. In addition, because these schemes encrypt randomized message using padding mechanism, the randomized message is k-bit longer than the plain-text. This increases the computational complexity of these schemes. To address the problem, this paper proposes an RSA-type encryption scheme based pairing functions. This scheme has the following advantages. First, the scheme does not use hash function to hide the statistical property of plain-text, which makes it possible to prove its security in the standard model. In this scheme, the randomized message can be shorter than the plain-text. Second, it is proved in the standard model that the scheme is secure against adaptive chosen cipher-text attacks. Third, when used in sign-encryption, it is not necessary for the users to negotiate the order of signature modulus or the encryption modulus.
Keywords:standard model  indistinguishable security  adaptive chosen ciphertext attack  coding randomized  RSA-OAEP
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号