摘要
泄露攻击的出现,导致在传统理想安全模型下已证明安全的密码机制在实际应用中不再保持其所声称的安全性;并且现有基于双线性映射构造的抗泄露无证书密钥封装机制(certificateless keyencapsulation mechanism,CL-KEM)的计算效率较低.针对上述不足,在不使用双线性映射的前提下本文设计了抗连续泄露的CL-KEM,并基于经典的判定性Diffie-Hellman假设对构造的安全性进行形式化证明.在我们的CL-KEM实例中,封装密文的所有元素对敌手而言是随机的,确保任意敌手均无法从封装密文中获知关于用户私钥的泄露信息;并且泄露参数是固定的常数,不受封装密钥空间大小的限制.为了进一步增强CL-KEM的抗泄露攻击的能力,本文构造了一个泄露量达到l_(sk)(1-O(1))的新颖抗泄露CL-KEM,其中l_(sk)表示私钥的长度,分析表明该机制在具有上述优势的同时,将抵抗泄露攻击的能力提升到最佳.最后,基于抗泄露CL-KEM提出抗泄露无证书混合加密机制和抗泄露无证书密钥协商协议的通用构造方法.
Certificateless public key cryptography which has attracted great interest can solve the certificate management issue of the traditional public-key cryptography system,at the same time,can also avoid the key escrow in identity-based cryptography.We assume that the adversary cannot obtain the leakage information of the internal secret states of the participants in the traditional security model.However,in the actual application,a certain amount of leakage on the secret key can be captured by an adversary through performing various leakage attacks,such as a side-channel attack,a cold-boot attack.Thus,the previous cryptography schemes proved in the ideal security model cannot keep their claimed security in the leakage setting.The computational efficiency of the previous leakage-resilient certificateless key encapsulation mechanism(CL-KEM)is low due to a large amount of bilinear mapping.To improve the shortcoming,in this paper,a new leakage-resilient CL-KEM is proposed without using bilinear mapping,and the security of the proposed scheme is proved based on the classic decisional Diffie-Hellman assumption.In addition,all elements in the encapsulated ciphertext are random from the viewpoint of the adversary,which can make sure that any adversary cannot learn the leakage about the user’s secret key from the corresponding given encapsulated ciphertext,and the leakage parameters are fixed constants,which is not limited by the size of encapsulation key space.In order to further enhance the leakage resilience,this paper constructs a novel leakage-resilient CL-KEM,in which the length of leakage can achieve l_(sk)(1-O(1)),where l_(sk) denotes the length of secret key.This scheme has the above advantages and the ability to resist leakage attack.In addition,we propose the generic constructions of leakage-resilient certificateless hybrid encryption and the leakage-resilient certificateless authenticated key exchange protocol based on the leakage-resilient CL-KEM.
作者
周彦伟
杨波
乔子芮
夏喆
张明武
Yanwei ZHOU;Bo YANG;Zirui QIAO;Zhe XIA;Mingwu ZHANG(School of Computer Science,Shaanxi Normal University,Xi’an 710062,China;Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;State Key Laboratory of Cryptology,Wuhan 430070,China;School of Computer Science and Technology,Wuhan University of Technology,Beijing 100878,China)
出处
《中国科学:信息科学》
CSCD
北大核心
2021年第12期2119-2133,共15页
Scientia Sinica(Informationis)
基金
国家重点研发计划(批准号:2017YFB0802000)
国家自然科学基金(批准号:U2001205,61802242,61772326,61802241)
广西密码学与信息安全重点实验室研究课题(批准号:GCIS202108)
中央高校基本科研业务费(批准号:GK202003079,GK202007033)资助项目。
关键词
无证书公钥密码
密钥封装机制
泄露容忍
连续泄露容忍
DDH安全性假设
certificateless public-key cryptography
key-encapsulation mechanism
leakage resilience
continuous leakage resilience
DDH security assumption
