| 一种基于商密SM9的高效标识广播加密方案 |
| |
| 引用本文: | 赖建昌,黄欣沂,何德彪.一种基于商密SM9的高效标识广播加密方案[J].计算机学报,2021,44(5):897-907. |
| |
| 作者姓名: | 赖建昌 黄欣沂 何德彪 |
| |
| 作者单位: | 福建师范大学数学与信息学院福建省网络安全与密码技术重点实验室福建省应用数学中心 福州 350007;武汉大学网络安全学院空天信息安全与可信计算教育部重点实验室 武汉 430072 |
| |
| 基金项目: | 国家自然科学基金(61902191,62032005,61872089,61972294,61932016);江苏省自然科学基金青年基金(BK20190696);福建省自然科学基金(2020J02016)资助. |
| |
| 摘 要: | 广播加密允许发送者为一组指定的用户同时加密数据,并通过公开信道传输密文.只有加密时指定的授权用户才能正确解密,非授权用户即使合谋也无法获得明文数据.得益于这些优点,广播加密被广泛用在云计算、物联网等应用中,实现多用户数据共享和秘密分享.SM9标识加密算法是我国自主设计的商用密码,用于数据加密,保护数据隐私,但只适用于单用户的情形.本文结合我国商密SM9标识加密算法和广播加密,利用双线性对技术设计了第一个基于SM9的标识广播加密方案.方案的构造思想借鉴Delerablée标识广播加密方案(Asiacrypt 2007).所提方案中密文和用户私钥的长度是固定的,与接收者数量无关.密文由三个元素构成,用户私钥只包含一个群元素.与SM9标识加密算法相比,密文长度只增加了一个群元素.本文给出了标识广播加密的形式化定义和安全模型,并在随机谕言模型中证明了方案能够抵抗静态选择明文攻击.方案的安全性分析基于q-type的GDDHE困难问题假设.理论分析和实验仿真显示,方案的计算开销和通信开销与目前国际主流的标识广播加密方案相当.
|
| 关 键 词: | 广播加密 固定密文长度 SM9 标识密码 选择明文安全 |
An Efficient Identity-Based Broadcast Encryption Scheme Based on SM9 |
| |
| LAI Jian-Chang,HUANG Xin-Yi,HE De-Biao.An Efficient Identity-Based Broadcast Encryption Scheme Based on SM9[J].Chinese Journal of Computers,2021,44(5):897-907. |
| |
| Authors: | LAI Jian-Chang HUANG Xin-Yi HE De-Biao |
| |
| Affiliation: | (Fujian Provincial Key Lab of Network Security and Cryptology,Center for Applied Mathematics of Fujian Province,College of Mathematics and Informatics,Fujian Normal University,Fuzhou 350007;Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072) |
| |
| Abstract: | Broadcast encryption allows a data sender to encrypt data to a group of specified users via a public channel.Only those authorized users can decrypt the ciphertext.Unauthorized users learn nothing about the encrypted data even they collude.Broadcast encryption has been widely used in real-world applications for multi-user data sharing or secret sharing due to its merits,such as cloud computing and Internet of things.While the SM9 identity-based encryption algorithm designed by China is a Chinese encryption standard for protecting data privacy.Nevertheless,SM9 encryption algorithm is designed for the scenarios where the receiver is one only.In this paper,we fuse SM9 identity-based encryption algorithm and broadcast encryption,and propose the first identity-based broadcast encryption(IBBE)scheme based on SM9 under pairings.The construction idea is derived from Delerablée’s IBBE scheme(Asiacrypt 2007).The proposed scheme features constant-size ciphertexts and private keys,which is independent of the number of receivers.More precisely,the ciphertext consists of three elements and user private key has one group element only.Compared to SM9 identity-based encryption algorithm,the ciphertext contains one additional group element.We give the definition of IBBE and corresponding security models,and formally analyze the security of the proposed scheme.The proposed scheme has been proved to be IND-sID-CPA secure in the random oracle model under a q-type GDDHE assumption.The theoretical analysis and demonstration show that the proposed scheme is comparable to the existing optimal IBBE schemes in terms of computational overheads and communication overheads. |
| |
| Keywords: | broadcast encryption constant-size ciphertexts SM9 identity-based cryptosystem CPA security |
| 本文献已被 维普 万方数据 等数据库收录! |
|
