期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

标准模型下可证明安全的入侵容忍公钥加密方案 被引量:13

Provably Secure Intrusion-Resilient Public-Key Encryption Scheme in the Standard Model
下载PDF
导出
摘要 在传统的公钥加密方案中,一旦解密密钥泄漏,系统的安全性将完全丧失.特别是随着越来越多的加密系统被应用到移动的、安全性低的设备中,密钥泄漏显得难以避免.入侵容忍公钥加密的提出就是为了减小密钥泄漏对加密系统的危害,具有比前向安全加密、密钥隔离加密更强的安全性.在这种体制下,整个生命周期被分割成离散的时间阶段,公钥固定不变,密钥信息分享在解密者和基地中,前者独立完成解密操作,而后者则在每个时间周期中提供一个更新信息来帮助演化解密密钥.此外,每个时间段内有多次密钥刷新的操作,可以刷新解密者的密钥和基密钥.当解密者和基地被入侵时,只要不是同时被入侵,安全性就可以得到保证.即使入侵者同时入侵解密者和基地,也不会影响以前时间段密文的安全性.提出了一个入侵容忍公钥加密方案,所有费用参数关于总共时间段数的复杂性均不超过对数的平方.证明了该方案是标准模型下安全的.这是一个不需要随机预言的可证明安全的入侵容忍公钥加密方案. In traditional public-key encryption schemes, security guarantees will be fully lost once decryption secret keys are exposed. With the ever-increase in encryption systems used in mobile and low secuirity devices, key exposure seems unavoidable. An intrusionresilient public-key encryption is proposed to mitigate the damage for the encryption systems brought by key exposure, which provides more security than the forward-secure encryption and key-insulated encryption. In its primitive, the whole lifetime is divided into discrete periods where the public key is fixed. Secret keys are shared in a decrypter and a base. The former performs the decrypting operations on his own while the latter provides an updated message to help evolve secret keys in each period. Furthermore, multiple operations of refresh secret keys are performed to refresh decrypter and base secrets periodically. The security can be preserved when both the user and base are compromised, as long as they are not compromised simultaneously. In addition, the simultaneous compromise doesn't affect the security of the ciphertext generated in previous periods. This paper proposes an intrusion-resilient public-key encryption scheme. All the parameters in this scheme have at most a log-squared complexity in terms of the total number of time periods. The proposed scheme is proven to be secure in the standard model and is a provably secure intrusion-resilient public-key encryption scheme without random oracles.
作者 于佳 程相国 李发根 潘振宽 孔凡玉 郝蓉
机构地区 青岛大学信息工程学院 信息安全国家重点实验室(中国科学院信息工程研究所) 电子科技大学计算机科学与工程学院 Faculty of Mathematics 山东大学网络信息安全研究所 密码技术与信息安全教育部重点实验室(山东大学)
出处 《软件学报》 EI CSCD 北大核心 2013年第2期266-278,共13页 Journal of Software
基金 国家自然科学基金(61272425,60703089,61073176,61202475) 山东省自然科学基金(ZR2010FQ019,ZR2009GQ008,ZR2010FQ015) 青岛市科技计划(12-1-4-2-(16)-jch) 华为科技基金 信息安全国家重点实验室开放课题
关键词 密钥泄漏 前向安全加密 密钥隔离加密 入侵容忍加密 标准模型 key exposure forward secure encryption key-insulated encryption intrusion-resilient encryption standard model
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献2

二级参考文献23

  • 1李如鹏,于佳,李国文,李大兴.高效撤消成员的前向安全群签名方案[J].计算机研究与发展,2007,44(7):1219-1226. 被引量:13
  • 2Shamir A. Identity-Based cryptosystems and signature schemes. In: Blakley GR, Chaum D, eds. Proc. of the Crypto'84. LNCS 196, Berlin: Springer-Verlag, 1984.47-53.
  • 3Anderson R. Two remarks on public-key cryptology. Invited lecture. In: Proc. of the CCCS'97. 1997. http://www.cl.cam.ac.uk/ users/rjal4/
  • 4Bellare M, Miner S. A forward-secure digital signature scheme. In: Wiener M, ed. Proc. of the CRYPTO'99. LNCS 1666, Berlin: Springer-Verlag, 1999.431-448.
  • 5Itkis G, Reyzin L. SiBIR: Signer-base intrusion-resilient signatures. In: Yung M, ed. Proc. of the Crypto 2002. LNCS 2442, Berlin: Springer-Verlag, 2002.499-514.
  • 6Dodis Y, Katz J, Xu S, Yung M. Key-Insulated public-key cryptosystems. In: Knudsen LR, ed. Proc. of the Eurocrypt 2002. LNCS 2332, Berlin: Springer-Verlag, 2002.65-82.
  • 7Bellare M, Palacio A. Protecting against key exposure: Strongly key-insulated encryption with optimal threshold. 2002. http://eprint. iacr.org/2002/064
  • 8Hanaoka Y, Hanaoka G, Shikata J, Imai H. Unconditionally secure key insulated cryptosystems: Models, bounds and constructions. In: Deng R, Qing S, Bao F, Zhou J, eds. Proc. of the ICICS 2002. LNCS 2513, Berlin: Springer-Verlag, 2002.85-96.
  • 9Dodis Y, Yung M. Exposure-Resilience for free: The hierarchical ID-based encryption case. In: Proc. of the IEEE SISW 2002. 2002.45-52.
  • 10Cheon JH, Hopper N, Kim Y, Osipkov I. Authenticated key-insulated public key encryption and timed release cryptography. 2004. http://eprint.iacr.org/2004/231

共引文献14

同被引文献107

  • 1殷丽华,何松.一种入侵容忍系统的研究与实现[J].通信学报,2006,27(2):131-136. 被引量:12
  • 2赵永哲,姜占华,黄声烈.基于F_2上遍历矩阵的Shamir三次传递协议的实现[J].小型微型计算机系统,2006,27(6):986-991. 被引量:11
  • 3殷丽华,方滨兴.入侵容忍系统安全属性分析[J].计算机学报,2006,29(8):1505-1512. 被引量:27
  • 4孙永雄,赵永哲,杨永健,李荣.基于遍历矩阵的单向(陷门)函数的构造方案[J].吉林大学学报(信息科学版),2006,24(5):555-560. 被引量:7
  • 5赵永哲,裴士辉,王洪军,杨晓林.利用有限域上的遍历矩阵构造动态加密器[J].小型微型计算机系统,2007,28(11):2010-2014. 被引量:8
  • 6Shamir A. Identity based cryptosystems and signature schemes[C]. Advances in Cryptology proceeding of Crypto 1984, Lecture Notes in Computer Science, volume 196. Berlin: Springer-Verlag, 1984: 47- 53.
  • 7Boneh D, Gentry C, I.ynn B, and Shacham H. Aggregate and verifiably encrypted signatures from bilinear maps[C]. Advances in Cryp tology EUROCRYPT 2003, Lecture Notes in Computer Science, volume 2656. Berlin: Springer Verlag, 2003: 416 -432.
  • 8Kyung Ah Shim. An ID-based aggregate signature scheme with constant pairing computations[J]. Journal of Systems and Software, 2010, 83(10) : 1873 - 1880.
  • 9JiaLun Tsai, NaiWei Lo, TzongChen Wu. New identity-based sequential aggregate signature scheme from RSA[J]. Biometrics and Security Technologies, 2013 : 136 - 140.
  • 10Craig Gentry, Zulfikar Ramzan. Identity-based aggregate signatures[C]. Advances in Public Key Cryptography2006, Lecture Notes in Computer Science, volume 3058, Berlin: Springer-Verlag, 2006:257-273.

引证文献13

二级引证文献133

软件学报
2013年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部