摘要
当密码系统被部署到不安全环境或者遇到木马攻击时,密钥泄漏问题将不可避免.为减少密钥泄漏带来的损失,基于密钥进化思想的前向安全、密钥隔离以及入侵容忍等密码体制被陆续提出.其中,由Dodis于2002年提出的能够同时达到前向安全和后向安全的密钥隔离密码系统(Key-Insulated Cryptosystem)已成为信息安全界及密码学界的研究热点.鉴于该系统在抵御密钥泄漏中的重要性,文中对密钥隔离密码系统的研究进展进行了综述.不仅对密钥隔离系统的基本概念、形式化定义、安全模型以及安全要求进行了阐述,同时对密钥隔离方案的设计原理进行了深入分析.最后对目前已有的密钥隔离加密、签名以及密钥协商方案进行了分析,并对当前的方案从性能、安全模型及安全性等方面进行了比较.
When the cryptosystem is deployed into the hostile environment, the secret key leakage seems to be inevitable. In order to ease the destructive result incurred by key compromise, forward security, intrusion tolerance and key-insulated cryptosystem has been proposed based on the idea of key evolution respectively. The key-insulated cryptosystem, which was initially introduced in 2002 by Dodis, has attracted extensive concern from the information security and cryptology community since this mechanism can simultaneously achieve forward security and backward security. Due to the significance of key-insulated cryptosystem, this paper offers a solid survey of key-insulated cryptosystem. This paper not only describes the basic concepts, formal definition, security models and security requirements of key-insulated system, but also analyzes design philosophy. Finally, this paper reviews the existing key-insulated cryptosystems in view of the public-key certificate authentication approach, efficiency and formal security proof.
出处
《计算机学报》
EI
CSCD
北大核心
2015年第4期759-774,共16页
Chinese Journal of Computers
基金
国家自然科学基金(61003230
61370026)
广东省产学研重点项目(2012B091000054)
四川省应用基础研究计划项目(2014JY0041)资助~~
关键词
密码系统
密钥泄漏
密钥隔离
加密
签名
密钥协商
密码学
cryptosystem
key-insulated
key compromise
encryption
signature
key agreement
cryptography
