高效弹性泄漏下CCA2安全公钥加密体制  被引量：8

作　　者：张明武[1,2] 陈泌文 何德彪[2,3] 杨波[4] 

机构地区：[1]湖北工业大学计算机学院,武汉430068 [2]中国科学院信息工程研究所信息安全国家重点实验室,北京100093 [3]武汉大学软件工程国家重点实验室,武汉430072 [4]陕西师范大学计算机学院,西安710072

出　　处：《计算机学报》2016年第3期492-502,共11页Chinese Journal of Computers

基　　金：国家自然科学基金(61370224,61272436);湖北省自然科学基金(2013CFA046);信息安全国家重点实验室开放基金(2014-04,2013-3-3);湖北工业大学高层次人才项目资助~~

摘　　要：公钥密码体制中要求算法和公钥是公开的而密钥必须是严格保密的,但在实际应用系统中,攻击者可以从保密密钥和加密系统内部通过侧信道攻击等手段获得部分密钥.一旦密钥被泄漏,传统的可证明安全将无法归约.弹性泄漏密码体制用于解决密钥、随机数或内部中间状态等存在泄漏情况下的可证明安全问题.该文提出一种应对密钥弹性泄漏的公钥加密方案,达到抗泄漏条件下的自适应选择密文安全性.在Naor-Segev方案的基础上,利用密钥衍射和消息认证码,提高系统计算效率同时有效降低密钥长度,并通过随机提取器达到密钥的弹性泄漏容忍.在保持提取器性能不变的条件下,降低密钥的长度提高了密钥允许的泄漏率.分析显示本方案能容忍25%的密钥泄漏率,密钥生成、加密和解密分别相当于2.4、3.2和2.2个单指数计算量,和其他方案比较,泄漏率、密钥长度和计算量等效率都有一定改善.In traditional public-key cryptography, it is required that secret keys must be safely stored, in which the provable security will lose even if a single bit of a secret key is leaked. That is, it is commonly assumed that the secret keys, internal computations and randomness are opaque to external adversaries, and only the cryptographic algorithms and the public keys are public and can be revealed to the possible attackers. However, in practical systems, many attacks from side-channel such as cold-boot attacks, time attacks and power dissipations, can obtain some information from the secret keys or the states of cryptosystem. Leakage-Resilient Crypto-system （LRC） provides an approach to obtain the provable security in the presence of leakage of secret key, randomness and even internal state. In this paper, we propose a CCA-secure leakage- resilient public-key encryption, in which a key derivation function and a message authentication code are used to improve the efficiency. Besides, a strong randomness extractor is also used to tolerate the leakage. Under the feature of extractor, the size of secret key is reduced and the leakage rate is enhanced. to that of 2 Compared wi Keywords function The computation costs of key generation, encryption and decryption are equivalent 2. 4, 3.2 and 2.2 single exponent operations of the finite group, respectively. th related schemes, leakage rate, key size and computation cost are improved.

关 键 词：密钥弹性泄漏 公钥加密 选择密文攻击 密钥衍射函数 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]