机构地区:[1]Department of Computer Science and Engineering, Shanghai Jiao Tong University [2]Department of Network Engineering, Anhui Science and Technology University [3]Department of Mathematics, Hangzhou Normal University [4]Department of Computer Science and Engineering, Southwest University of Science and Technology
出 处:《Science China(Information Sciences)》2017年第5期61-79,共19页中国科学(信息科学)(英文版)
基 金:supported by National Natural Science Foundation of China (Grant Nos. NSFC61133014, NSFC61472114, NSFC61572318, NSFC61272440, NSFC61472251, U1536101, NSFC61502400);Foundation of Sichuan Educational Committee (Grant No. 16ZB0140);Natural Science Foundation of Anhui Science and Technology University (Grant No. ZRC2013380)
摘 要:We present a new primitive of randomized message-locked encryption(MLE) in this paper and define a new security model for it. The new primitive, named message-locked encryption3(hereafter referred as MLE3),is actually a variant of randomized message-locked encryption(Bellare et al. Eurocrypt'13). In order to prevent trivial attacks, our primitive admits a semi-trusted server, which is allowed to hold a secret key of public key encryption(PKE), to verify the correctness of a tag. The new security notion, called privacy chosen-distribution attacks3(PRV-CDA3), requires that a ciphertext generated by encrypting an unpredictable message and another ciphertext(possible invalid) chosen randomly from a ciphertext space are indistinguishable. Compared with the priori proposed security notion, privacy chosen-distribution attacks(PRV-CDA)(Bellare et al. Eurocrypt'13),which requires that two ciphertexts generated by encrypting two unpredictable messages are indistinguishable,the security notion we propose is much stronger. Based on the new primitive, under the blackbox reductions,we put forward a novel construction which achieves both privacy chosen-distribution attacks3(PRV-CDA3) and strong tag consistency(STC) securities in the standard model via universal computational extractors(UCEs)(Bellare et al. Crypto'13). In addition, our scheme also provides the validity-testing for ciphertext.We present a new primitive of randomized message-locked encryption(MLE) in this paper and define a new security model for it. The new primitive, named message-locked encryption3(hereafter referred as MLE3),is actually a variant of randomized message-locked encryption(Bellare et al. Eurocrypt'13). In order to prevent trivial attacks, our primitive admits a semi-trusted server, which is allowed to hold a secret key of public key encryption(PKE), to verify the correctness of a tag. The new security notion, called privacy chosen-distribution attacks3(PRV-CDA3), requires that a ciphertext generated by encrypting an unpredictable message and another ciphertext(possible invalid) chosen randomly from a ciphertext space are indistinguishable. Compared with the priori proposed security notion, privacy chosen-distribution attacks(PRV-CDA)(Bellare et al. Eurocrypt'13),which requires that two ciphertexts generated by encrypting two unpredictable messages are indistinguishable,the security notion we propose is much stronger. Based on the new primitive, under the blackbox reductions,we put forward a novel construction which achieves both privacy chosen-distribution attacks3(PRV-CDA3) and strong tag consistency(STC) securities in the standard model via universal computational extractors(UCEs)(Bellare et al. Crypto'13). In addition, our scheme also provides the validity-testing for ciphertext.
关 键 词:message-locked encryption3 (MLE3) universal computational extractors (UCEs) privacy chosen-distribution attacks3 (PRV-CDA3) strong tag consistency (STC) standard model
分 类 号:TP309.7[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
