有效的格上无证书加密方案  被引量：4

作　　者：陈虎[1,2] 胡予濮[1] 连至助[1] 贾惠文[1] CHEN Hu HU Yu-Pu LIAN Zhi-Zhu JIA Hui-Wen(State Key Laboratory of Integrated Service Networks （Xidian University）, Xi＇an 710071, China Jiangsu Key Laboratory of Education Big Data Science and Engineering （Jiangsu Normal University）, Xuzhou 221116, China)

机构地区：[1]综合业务网理论及关键技术国家重点实验室(西安电子科技大学),陕西西安710071 [2]江苏省教育大数据科学与工程重点实验室(江苏师范大学),江苏徐州221116

出　　处：《软件学报》2016年第11期2884-2897,共14页Journal of Software

基　　金：国家自然科学基金(61472309;61672412;61373171);安徽省高校自然科学基金(KJ2016A626;KJ2016A627)~~

摘　　要：利用原像抽样算法抽取部分私钥和带误差的学习问题生成秘密值及公钥来构造格上无证书加密方案.在随机预言模型下,借助可抵抗拥有询问秘密值能力的两类攻击者形式化地证明了该方案在自适应选择身份攻击下(甚至是量子的)密文是不可区分的.通过分析方案的正确性、安全性和效率来说明如何选择参数.使用两种不同的扩大明文空间的方法来进一步提高方案的效率.这体现出该方案具有很强的灵活性.特别地,给出了逐步定比特填充法.它是一种由固定长度比特串去确定多个更长比特串的有效方法.该方法在构建多比特无证书加密过程中起到重要作用.鉴于内蕴了格和无证书密码系统的优势,该方案具有灵活、有效、抗量子攻击和不涉及证书管理等优点.A certificateless encryption scheme from lattices is put forward by using preimage sampleable algorithm to extract partial private keys and learning with errors to generate secret values and public keys. The new scheme is indistinguishably secure against adaptive chosen-identity attacks, even against quantum-computing attacks. This is achieved in the random oracle model by formally demonstrating that this construction can fight against two types of adversaries who can request secret values. Proper parameter setting for the scheme is obtained specifically by performing an analysis of its correctness, security, and efficiency. Two methods for further improving its efficiency are used by enlarging its plaintext space according to both distinct approaches, which also shows that the given scheme is flexible. Specially, an efficient method of successive padding with fixed bit is presented for obtaining multiple longer bit strings determined by a fixed-size bit string, which provides a valuable contribution towards building the multi-bit certificateless encryption scheme. Due to advantages inheriting from lattices and certificateless cryptosystem, the proposed schemes are flexible, efficient, resistant to quantum-computing attacks and free from certificate management.

关 键 词：格公钥密码 无证书密码系统 原像抽样算法 带误差的学习问题 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]