基于双管道结构的在线加密方案  

作　　者：眭晗 吴文玲[1] 张立廷[1] SUI Han ;WU Wen-Ling;ZHANG Li-Ting(Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190)

机构地区：[1]中国科学院软件研究所可信计算与信息保障实验室,北京100190

出　　处：《计算机学报》2018年第5期1143-1156,共14页Chinese Journal of Computers

基　　金：国家自然科学基金(61672509;61572484);国家密码发展基金(MMJJ20170101)资助~~

摘　　要：在线加密以串行的方式逐块处理输入,为数据提供安全性保护.近年来,设计具有在线性的认证加密方案成为研究热点,大量基于分组密码或固定置换设计的在线认证加密方案被提出.压缩函数和杂凑函数在信息安全领域具有广泛的应用基础,目前却少有方案基于此进行构建.该文选取压缩函数作为底层模块,通过对杂凑函数基本结构之一的双管道结构进行适应性的修改,解决了加密过程中状态链值泄露与安全性需求之间的矛盾,提出了一族基于压缩函数与双管道结构构建的具有在线性的加密方案,称为DPE.DPE族方案适用于具有压缩函数或基于压缩函数构建的杂凑函数的应用背景的环境,为数据提供机密性和完整性的保护.具体地,我们提出三个方案,分别是DPE、DPAE和DPAE-I.DPE方案是在线加密方案,可以提供在线加密和在线解密的功能,利用底层压缩函数的迭代更新状态链值,并截取部分状态链值作为密钥流进行加密和解密操作;DPAE方案是在线认证加密方案(OAE1方案),在DPE方案的基础上添加了认证操作,使得消息的接收方可以利用标签验证消息的完整性;DPAE-I方案是在线的分块认证加密方案(OAE2方案),利用DPAE方案支持使用中间标签的性质,将长消息划分为若干个短消息调用DPAE进行加密,将每一个短消息视为一个分块.前一个分块加密得到的状态将作为加密下一个分块的初始状态,当工作存储足够大时,DPAE-I方案可以在加密和解密方向同时具有在线性.为降低软硬件实现代价,当压缩函数满足输出长度是输入长度一半时,可以使用一个底层压缩函数以及一个密钥实现该族方案.该族方案继承了压缩函数与基于压缩函数构造的专用杂凑函数单向性好、运行速度快等特点,同时具有在线性、灵活性、适应性以及安全性强4个主要特点:(1)当工作存储足够大时,DPE族方案可以在读取输�An online cipher supplies data incrementally in a serial fashion,and ensures data security.In recent years,designing authenticated encryption schemes with online property has become popular,and many online authenticated encryption schemes based on blockciphers and permutations have been proposed.Compression functions and hash functions are applied widely in information security,while few of schemes are built with them.In this paper,the authors take compression functions as the underlying primitive,a family of online scheme to be given.By modifying the double pipe construction which is one of basic constructions of hash functions,this paper solves the contradiction between state leakage and security requirement in encryption,and proposes a family of online ciphers,called DPE,based on compression function and double pipe construction.The DPE family is dedicated to applying conveniently in environments which already have components such as compression function-based hash functions or compression functions,and is shown to preserve privacy and integrity of data.Practically,we present three family members,i.e.,DPE,DPAE,and DPAE-I.DPE is an online cipher,providing online encryption and online decryption.States update with calling for underlying compression functions,and parts of the states are used as a key stream which will be exclusive-or with plaintext to generate ciphertext in enciphering,and exclusive-or with ciphertext to generate plaintext in deciphering.DPAE is an online authenticated encryption scheme(an OAE1 scheme),based on DPE,which adds an extra authenticating process and in which a receiver could ensure integrity of a message by verifying its tag.DPAE-I is a segment online authenticated encryption scheme(an OAE2 scheme).With respect to DPAE’s property of incremental tags acceptable,DPAE-I partitions long messages into several short messages,which can be seen as segments and encrypted with DPAE.The internal state after encrypting a former segment will be used as the initial state for encrypting a latter m

关 键 词：在线加密 认证加密 在线认证加密 双管道结构 压缩函数 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]