明文编码随机化加密方案

Randomized Coding of Plaintext Encryption Scheme

对著名的最优非对称填充加密方案(RSA-OAEP)及其改进方案进行分析发现:(1)这些方案的明文填充机制均采用Hash函数来隐藏明文统计特性,然而Hash函数特有的属性导致RSA-OAEP及其改进方案的安全性证明难以在标准模型下进行.很多研究工作表明,在标准模型下假定RSA(或者其变形)是困难的,无法证明RSA-OAEP及其改进方案对自适应性选择密文攻击是安全性的;(2)这些方案加密的消息是明文填充随机化处理后的信息,因此被加密信息比实际明文多出k位(设用于填充的随机数为k位).针对这两个问题,构造了一个基于配对函数编码的RSA型加密方案.该方案具有如下属性:(1)无需Hash运算就可以隐藏明文统计特性,同时使得被加密消息的长度短于实际明文的长度;(2)在标准模型下对自适应选择密文攻击是安全的;(3)该方案应用于签密时不需要额外协商签名模与加密模的大小顺序.

The analysis on the well-known optimal asymmetric encryption and its improved schemes reveal some drawbacks. For one, these schemes use plaintext padding mechanism and hash functions to hide the statistic property of plaintext, and the property of Hash function makes it difficult to prove that these schemes or their variants are secure in the standard model. Many research works show that, assuming that RSA problem and their variants are difficult, it is difficult to prove the RSA-OAEP schemes or their improvements secure against adaptive chosen cipher-text attack in the standard model. In addition, because these schemes encrypt randomized message using padding mechanism, the randomized message is k-bit longer than the plain-text. This increases the computational complexity of these schemes. To address the problem, this paper proposes an RSA-type encryption scheme based pairing functions. This scheme has the following advantages. First, the scheme does not use hash function to hide the statistical property of plain-text, which makes it possible to prove its security in the standard model. In this scheme, the randomized message can be shorter than the plain-text. Second, it is proved in the standard model that the scheme is secure against adaptive chosen cipher-text attacks. Third, when used in sign-encryption, it is not necessary for the users to negotiate the order of signature modulus or the encryption modulus.