期刊文献+

ElGamal加密方案的KDM安全性 被引量:1

KDM Security of ElGamal Encryption Scheme
下载PDF
导出
摘要 一个公钥加密方案的KDM(Key-Dependent Message)安全性要求:即使敌手可以得到一些可能依赖于私钥的消息加密后的密文,它仍然是安全的.这一场景经常会出现在如:硬盘加密、形式化密码学或者一些特殊的协议中.迄今为止,已经有一些具体的方法可以达到这类安全性.但是,大多数情形中,都限制消息作为用户私钥的函数为仿射函数.本文定义了一类新的函数族,并且证明了在公钥密码学中起着非常重要作用的ElGamal加密方案关于这类函数族具有相应的KDM安全性.从技术角度来说,由于ElGamal加密方案的明文空间与私钥空间不太"匹配",因此,我们需要将原始的ElGamal加密方案进行适当的"裁剪"以证明它的KDM安全性.更为重要的是,本文定义的新的函数族自然地包含一些不属于仿射函数族的函数.另外,也证明了该方案关于Qin等人在2013年ACISP上提出的函数族也满足相应的KDM安全性.最后,我们指出,在这两种情形下,都可以将本文所得到的"裁剪的"ElGamal加密方案应用到匿名证书系统中. The KDM(key-dependent message) security of a public key encryption scheme requires that it remains secure, even if an adversary has access to encryptions of messages that depend on the secret key. Such situations naturally occur in scenarios such as hard disk encryption, formal cryptography, or some specific protocols. To date, KDM security can be achieved by a few constructions. But most of them are limited to affine functions of the secret keys. In this paper, we define a new function ensemble, and show that the ElGamal-scheme, which plays an important role in public key encryption, achieves KDM security with respect to this new ensemble. From a technical point of view, we have to 'tailor' the original ElGamal-scheme so that it is 'compatible' with the message space and the secret key space. Most importantly, the new ensemble we propose naturally contains some functions that do not belong to affine function family. Moreover, we also show that this scheme achieves KDM security with respect to the ensemble proposed by Qin et.al. at ACISP 2013. Finally, we point out that, in two cases, one can find immediate application of the 'tailored' ElGamal-scheme to anonymous credential systems.
出处 《密码学报》 2014年第3期235-243,共9页 Journal of Cryptologic Research
基金 国家重点基础研究发展项目(973计划)(2013CB338003) 中国科学院战略性科技先导专项(XDA06010701) 国家自然科学基金项目(61170280)
关键词 KDM安全性 ElGamal方案 选择明文攻击 判定性Diffie-Hellman假设 key-dependent message(KDM) security ElGamal-scheme chosen-plaintext attack(CPA) decisional Diffie-Hellman(DDH) assumption
  • 相关文献

参考文献2

二级参考文献13

  • 1Camenisch J and Lysyanskaya A. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In EUROCRYPT 01, 2001, Vol. 2045: 93-118.
  • 2Black J, Rogaway P, and Shrimption T. Encryption-scheme security in the presence of key-dependent message. In SAC 2002, 2002, Vol. 2595: 62-75.
  • 3Adao P, Bana G, Herzog J, and Scedro A. Soundness of formal eneryption in the presence of key-cycle. In ESORICS 2005, 2005, LNCS 3679: 374-396.
  • 4Halevi S and Krawczyk H. Security under key-dependent inputs. In ACM CCS '07, 2007: 466-475.
  • 5Back M, Durmuth M, and Unruh D. OAEP is secure under key-dependent messages. In ASIACRYPTO2008, Josef Pieprzyk, 2008, Vol. 5350: 506-523.
  • 6Backes M, Pfitzmann B, and Scedrov A. Key-dependent messages security under active attacks-BRSIM/UC- soundness of symbolic encryption with key cycles. In 20th IEEE Computer Security Foundations Symposium, Proceedings of CSF 2007, Venice, Italy, 2007: 112-124.
  • 7Haitner I and Holenstein T. On the (im)possibility of key-dependent encryption. In TCC T09, 2009, Vol. 5444: 202-219.
  • 8Boneh D, Halevi S, Hamburg M, and Ostrovsky R. Circular- secure encryption from decision Diffie-Hellamn. In CRYPTO 08, California, USA, 2008: 108-125.
  • 9Brakerski Z and Goldwasser S. Circular and leakage resilient publicqkey encryption under subgroup indistinguishability. In CRYPT '10, California, USA, 2010: 1-20.
  • 10Hofheinz D and Unruh D. Towards key-dependent message security in the standard model. In EUROCRYPT '08, 2008, Vol. 4965: 108-126.

共引文献3

同被引文献1

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部