摘要
为进一步提升密码原语的安全性,近年来抵抗泄露攻击的密码机制相继被研究者提出.基于证书的密码体制在解决传统公钥基础设施中证书复杂管理问题的同时,也避免了身份基密码机制的密钥托管不足,上述优势使得该体制在实际环境中具有广泛的应用前景,然而由于缺乏对该体制泄露容忍性的研究,制约了该机制在安全协议设计方面的应用推广.针对上述不足,为满足基于证书签名机制的抗泄露性需求,本文提出了基于证书的抗泄露签名机制的具体构造,并基于离散对数的困难性,在随机谕言机模型下使用分叉引理对本文方案的不可伪造性进行了形式化证明;由于未使用双线性映射运算,确保本文构造具有较高的计算效率.与现有相关机制的比较可知,在保持安全性可证明的基础上,本文构造为签名机制提供抵抗泄露攻击能力的同时,提升了相应的计算效率.此外,在上述基础方案之上,本文设计了基于证书的抗泄露聚合签名机制的具体构造,实现了同时完成多个签名的合法性验证目标,进一步提升了签名的合法性验证效率,上述优势确保本文构造能在实际应用中广泛使用,例如无线传感器网络等.
To further improve the security of cryptographic primitives,the leakage resilience has become a necessary security,and leakage-resilient cryptography has been proposed in recent years.The certificate-based cryptography solved the certificate management problem of the traditional public key infrastructure and avoided the key escrow shortcoming of the identity-based cryptography,which was widely employed in the practical applications to design security protocol,and there is a lack of research for the leakage resilience of certificate-based cryptographic primitives,which restricts its application in the design of security protocol.In order to address the above problems,a leakage-resilient certificate-based signature(CBS)scheme will be created in this paper,and the security of our proposal is proved based on the hardness of discrete logarithm problem by using Forking lemma under the random oracle model.Also,our CBS scheme is created without using bilinear mapping,and provides the high computation efficiency.Compared with the previous constructions,our CLS scheme has provable security while the continuous leakage resilience is provided,and the corresponding computation efficiency is improved.Furthermore,a certificate-based aggregate signature scheme with leakage resilience is created from the above basic CBS scheme,which realizes the validity verification of multiple signatures at the same time and can further improve the validity verification efficiency of signatures.These advantages ensure that our proposal can be used in the actual applications,such as wireless sensor networks,etc.
作者
周彦伟
马岿
乔子芮
杨波
顾纯祥
ZHOU Yan-Wei;MA Kui;QIAO Zi-Rui;YANG Bo;GU Chun-Xiang(School of Computer Science,Shaanxi Normal University,Xi’an 710062;Henan Key Laboratory of Network Cryptography Technology,Zhengzhou 450052;Guangxi Key Laboratory of Cryptography and Information Security,Guilin,Guangxi 541004)
出处
《计算机学报》
EI
CAS
CSCD
北大核心
2022年第11期2363-2376,共14页
Chinese Journal of Computers
基金
国家重点研发计划(2017YFB0802000)
国家自然科学基金(62272287,61802242,U2001205)
四川省科技计划项目(2020JDJQ0076)
广西密码学与信息安全重点实验室研究课题(GCIS202108)
河南省网络密码技术重点实验室研究课题(LNCT2021-A04)资助.
关键词
泄露容忍性
基于证书的密码学
基于证书的签名
分叉引理
leakage resilience
certificate-based cryptography
certificate-based signature
forking lemma
