更高效的选择密文安全基于身份的双接收者加密方案  

作　　者：陈文[1] 张凯[1] 钱海峰[1] 

机构地区：[1]华东师范大学计算机科学技术系,上海200062

出　　处：《华东师范大学学报（自然科学版）》2016年第6期145-156,共12页Journal of East China Normal University(Natural Science)

基　　金：国家自然科学基金(61571191;61572192;61472142);上海市科委基金(13JC1403502;14YF1404200)

摘　　要：双接收者加密(Dual Receiver Encryption,DRE)是一种特殊的公钥加密(Public Key Encryption,PKE)体制,它允许两个独立的接收者分别解密同一密文得到相应的正确明文信息.双接收者加密非常适用于敏感信息需要被监督方或者第三方解密的应用场景.基于传统公钥加密方案构造的双接收者加密方案需要额外的开销来进行公钥证书的发放和管理;而基于身份的双接收者加密(Identity-Based Dual Receiver Encryption,ID-DRE)可以避免公钥证书的问题.第一个基于身份的双接收者加密方案是通过一个高效的基于身份的加密方案(Identity-Based Encryption,IBE)构造而得.本文首先利用从IBE构造可抵抗选择密文攻击(Chosen-Ciphertext Attack,CCA)的PKE的通用技术对上述方案进行扩展,得到了不可区分选择身份和选择密文攻击安全(Indistinguishability Against Adaptively Chosen Identity and Chosen-Ciphertext Attack,IND-ID-CCA)的加密方案.并通过基于双线性判定Diffie-Hellman(Bilinear Decision Diffie-Hellman,BDDH)假设(BDDH假设),对此方案的安全性进行了证明.最后,将此加密方案扩展成一个非交互式公开可认证的双接收者加密方案,该方案是目前已知的第一个非交互式公开可认证的基于身份的双接收者加密方案.Dual receiver encryption （DRE） is a special kind of public key encryption （PKE）, which allows a ciphertext to be decrypted into the same plaintext by two independent receivers. Though DRE is widely used in scenarios where sensitive information should be potentially decrypted by a supervisor or a third party, the most known DREconstructions in the literatures are obtained from traditional PKE settings. As a result, they have extra overhead for distributions and managements of public key certificates, the identity-based dual receiver encryption （ID-DRE） can reduce overhead. The first identity-based DRE scheme is constructed by an ef^cient identity-based encryption （IBE）. First, we use the CCA-secure （secure against chosen-ciphertext attack） PKE from identity-based techniques to construct a new identity-based DRE scheme with the IND-ID-CCA （indistinguishability against adaptively chosen identity and chosen-ciphertext attack） security, which relies on the bilinear decisional Diffie-Hellman assumption. Then, we extend our scheme to obtain an identity-based dual receiver encryption （ID-DRE） scheme with non-interactive opening, which is the first known identity-based dual receiver encryption （ID-DRE） scheme with non-interactive opening. K

关 键 词：双接收者加密 基于身份的加密 选择密文攻击 非交互式公开可认证 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]