多属性交集的秘密握手方案设计  

作　　者：温雅敏 张方国[2,3] 龚征[4] WEN Ya-Min;ZHANG Fang-Guo;GONG Zheng(School of Statistics and Mathematics,Guangdong University of Finance and Economics,Guangzhou 510320;School of Data and Computer Science,Sun Yat-sen University,Guangzhou 510006;Guangdong Key Laboratory of Information Security,Guangzhou 510006;School of Computer Science,South China Normal University,Guangzhou 510631)

机构地区：[1]广东财经大学统计与数学学院,广州510320 [2]中山大学数据科学与计算机学院,广州510006 [3]广东省信息安全技术重点实验室,广州510006 [4]华南师范大学计算机学院,广州510631

出　　处：《计算机学报》2020年第8期1433-1447,共15页Chinese Journal of Computers

基　　金：国家自然科学基金(61672550,61572028,61300204);国家社会科学基金(14BXW031);国家重点研发计划(2017YFB0802503);国家密码管理局“十三五”国家密码发展基金密码理论课题(MMJJ20180206);广东省基础与应用基础研究基金项目(2019A1515011797,2016A030310027,2018A030313954,2014A030313609);广州市科技计划项目(201802010044);国家留学基金委项目(201808440097);广东财经大学大数据审计团队项目资助.

摘　　要：秘密握手方案是保证组织信息隐藏的双向匿名认证协议,仅允许同一个组织的合法群成员实现匿名地双向认证且协商出秘密的会话密钥,组织外部的用户或敌手无法识别或成功执行一次秘密握手协议.Ateniese等人2007年首次建立了秘密握手的模糊匹配模型,从单个属性推广到允许用户持有多个属性的认证策略.然而,大多数已提出的多属性匹配的秘密握手方案所需的计算或通信性能和属性个数呈平方数量级关系,并不适用于属性个数递增和资源受限的应用环境.因此,如何设计并线性优化多个属性认证策略的秘密握手方案且使之运用于资源受限的移动社交网络等环境中仍值得进一步研究.为了更有效地实现多属性交集的双向认证策略,本文借鉴授权秘密集合交集协议的思路,基于RSA签名构造多个属性证书,可实现通过聚合的方法线性优化秘密握手协议中参与方的计算和通信开销.把授权秘密集合交集协议和秘密握手协议融合到一个三轮交互协议中,不需要单独执行秘密集合交集协议,使得方案的性能得到了进一步优化.基于RSA问题的困难性假设,给出了新型秘密握手方案在随机预言机模型下的安全分析.通过与相关方案的比较,文中给出各方案所需的计算时间开销及性能变化趋势图.最后,理论和实验数据分析显示本文设计的方案在性能优化和多属性匹配的认证功能上达到了平衡.Based on anonymous credentials,unidirectional anonymous authentication protocols enable the verifier only to identify the prover to be a legitimate member certified by an organization.For applications with higher levels of privacy,it is also desirable to protect the affiliations of users.A secret handshake scheme is an anonymous bi-directional authentication protocol which achieves affiliation-hiding and user privacy protection.It allows legitimate members of the same organization to achieve private mutual authentication and negotiate a session key,while ensuring that the affiliation is not disclosed to external users and attackers.Ateniese et al.first established the fuzzy matching model for secret handshakes in 2007.The fuzzy matching model provides an extension of secret handshakes which allows users to hold multiple attributes and achieves approximate matching.However,most of the proposed secret handshake schemes with multi-attribute matching is not very efficient as their computational or communication performance is quadratic with the number of attributes.And thus such schemes are not suitable for the resource-constrained applications with increasing number of attributes.Therefore,how to design and linearly optimize the secret handshake scheme with multi-attribute authentication policies and apply it to resource-constrained mobile social networks is still worth to further research and generalize.Inspired by Ateniese et al.’s fuzzy-matching model,we presented an authentication policy with supporting multi-attribute intersection,which enables the multiple attributes of users to be represented as the set.Specifically,on the condition that their attributes set intersection is not empty set or its cardinality is not less than a threshold value,two anonymous participants can execute a successful secret mutual authentication.The Authorized Private Set Intersection(APSI)protocol is the authorized version of PSI protocol,which demands the elements of the client to be authorized by a trusted third party and only al

关 键 词：组织隐藏 秘密握手 模糊匹配 多属性交集 授权秘密集合交集 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]