基于MLWE的双向可否认加密方案  被引量：1

作　　者：郑嘉彤 吴文渊[1] ZHENG Jia-tong;WU Wen-yuan(Chongqing Key Lab.of Auotomated Resoning&Cognition,Chongqing Inst.of Green Intelligent Technol.,Chinese Academy of Sciences,Chongqing 400714,China;University of Chinese Academy of Sciences,Beijing 101408,China)

机构地区：[1]中国科学院重庆绿色智能技术研究院自动推理与认知重庆市重点实验室,重庆400714 [2]中国科学院大学,北京101408

出　　处：《计算机科学》2021年第3期307-312,共6页Computer Science

基　　金：重庆市科委项目(cstc2018jcyj-yszxX0002,cstc2019yszx-jcyjX0003,cstc2017zdcy-yszxX0011);中科院前沿科学重点项目(QYZDB-SSW-SYS026);贵州省科技计划项目([2020]4Y056)。

摘　　要：传统的加密方案没有考虑到敌手窃听密文后胁迫发送方或接收方交代加密时使用的公钥、随机数、明文或解密密钥的情况,因此可否认加密的概念在1997年被提出,以解决胁迫问题所带来的信息泄露。目前国内外学者仅提出了几种可否认加密方案,但是普遍存在加密效率过低和膨胀率过高的问题,因此并不实用。文中通过构造“模糊集”的方式来构造一种可抵抗量子攻击的实用双向可否认加密方案。该方案基于多项式环上的模容错学习(Module Learning With Errors,MLWE)困难问题来构造两个敌手无法进行区分的密文分布,并通过卡方统计实验验证了两个密文分布的不可区分性,其安全性可规约到格上的最短独立向量问题(Shortest Independent Vectors Problem,SIVP)。文中对方案的正确性、安全性、可否认性、膨胀率和复杂度等进行了分析,并且通过C++实现的实验结果与理论分析相一致。实验结果表明,该可否认加密方案的误码率约为1×10^(-23),密文膨胀率为5.0,加密速度约为670 KB/s,因此该方案在电子选举和电子竞标等场景具有实用价值。The traditional encryption scheme does not take into account the situation in which the adversary eavesdrops on the ciphertext to force the sender or receiver to hand over the public key,random number,plaintext,or secret key used in the encryption.Therefore,the concept of deniable encryption was proposed in 1997 to solve the information leakage caused by the coercion problem.At present,only several complete deniable encryption schemes have been proposed and implemented.However,the schemes are not practical due to the problems of low encryption efficiency and high expansion rate.By constructing a“translucent set”,a practical bi-deniable anti-quantum encryption scheme is proposed in this paper.The scheme uses the difficult problem of Module Learning With Errors(MLWE)based on polynomial ring to construct two ciphertext distributions that adversaries can’t distinguish.The indistinguishability of two ciphertext distributions is verified by chi-square statistical experiments.The schemes’security can be reduced to the Shortest Independent Vectors Problem(SIVP).Meanwhile,the correctness,security,deniable,expansion rate and complexity of the scheme are theoretically analyzed.And the experimental results obtained through C++are consistent with the theoretical analysis.Experimental results show that the bit error rate is about 1×10-23,the ciphertext expansion rate 5.0,and the encryption efficiency is about 670 KB/s.Therefore,it has practical application prospects in many scena-rios,such as electronic election and electronic bidding.

关 键 词：可否认加密 抗量子攻击 格密码 对称加密 模糊集 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]