可否认加密技术研究与进展  

作　　者：郝学轩 曹艳梅 张方国[2,3] 陈晓峰 HAO Xue-Xuan;CAO Yan-Mei;ZHANG Fang-Guo;CHEN Xiao-Feng(School of Cyber Engineering,Xidian University,Xi’an 710071,China;School of Computer Science and Engineering,Sun Yat-sen University,Guangzhou 510006,China;Guangdong Key Laboratory of Information Security,Guangzhou 510006,China)

机构地区：[1]西安电子科技大学网络与信息安全学院,西安710071 [2]中山大学计算机学院,广州510006 [3]广东省信息安全技术重点实验室,广州510006

出　　处：《密码学报》2022年第4期579-595,共17页Journal of Cryptologic Research

基　　金：国家重点研发计划(2018YFB0804105)。

摘　　要：可否认加密技术由Canetti等人在1997年引入,它允许发送方和(或)接收方,对已经执行了的一些加密通信,产生“伪造的”随机值,打开密文到另一条明文消息.这样,即使存在一个胁迫性敌手,迫使通信双方暴露他们的整个内部状态,通信的机密性也能够得到保护.因此可否认加密技术相比于传统的加密技术可以提供更强的安全保障.可否认加密在安全多方计算、电子投票、电子拍卖、云存储等场景有着实际的应用价值.目前,可否认加密技术的研究仍处于理论研究阶段,主要表现在大部分方案效率较低,基于标准假设的方案的可否认性较弱,或是方案本身难以实现.本文给出了可否认加密技术研究与进展.分别介绍了各种不同类型的可否认加密方案的基本概念、形式化定义和安全性要求,系统地介绍了可否认公钥加密、可否认对称加密和其他密码原语中的可否认技术的研究进展,阐述了可否认加密的应用研究和相似工作,对关键的研究工作和技术进行了总结和展望.Deniable encryption was first introduced in 1997 by Canetti et al.It allows a sender and/or receiver,having already performed some encrypted communication,to produce“fake”random coins that open the ciphertext to another message.In this way,the confidentiality of communications can also be protected even if there exists a coercive adversary who can demand that both parties disclose their entire internal state.Therefore,deniable encryption provides additional security compared to ordinary encryption.Deniable encryption has practical application value in secure multi-party computation,electronic voting,electronic auction,cloud storage,and other scenarios.At present,the research on deniable encryption is still at the theoretical stage,which is mainly manifested in the low efficiency for most schemes and low deniability for schemes with standard assumption,or the scheme itself is difficult to realize.A survey on deniable encryption is given in this paper.Firstly,some basic concepts,formal definitions and security requirements of different types of deniable encryption schemes are introduced.Then the research progress of deniable public-key encryption,deniable symmetric encryption and deniability for other cryptographic primitives are systematically discussed.The applications and other similar work of deniable encryptions are described.Finally,the key research work and technologies of deniable encryptions are summarized with some prospection.

关 键 词：可否认加密 公钥加密 胁迫性敌手 隐私保护 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]