身份基加密机制的挑战后泄露容忍性  

作　　者：周彦伟[1,2,3,4] 王兆隆 乔子芮 杨波[1] 顾纯祥[3] 夏喆 张明武 Yanwei ZHOU;Zhaolong WANG;Zirui QIAO;Bo YANG;Chunxiang GU;Zhe XIA;Mingwu ZHANG(School of Computer Science,Shaanci Normal University,Xi'an 710062,China;State Key Laboratory of Cryptography,Beijing 100878,China;Henan Key Laboratory of Network Cryptography Technology,Zhengzhou 450040,China;Guangci Key Laboratory of Cryptography and Information Security,Guilin 541004,China;School of Computer Science and Technology,Wuhan University of Technology,Wuhan 430070,China;School of Computer,Hubei University of Technology,Wuhan 430068,China)

机构地区：[1]陕西师范大学计算机科学学院,西安710062 [2]密码科学技术全国重点实验室,北京100878 [3]河南省网络密码技术重点实验室,郑州450040 [4]广西密码学与信息安全重点实验室,桂林541004 [5]武汉理工大学计算机科学与技术学院,武汉430070 [6]湖北工业大学计算机学院,武汉430068

出　　处：《中国科学：信息科学》2023年第3期454-469,共16页Scientia Sinica(Informationis)

基　　金：国家重点研发计划(批准号:2017YFB0802000);国家自然科学基金(批准号:U2001205,62272287);广西密码学与信息安全重点实验室开放课题(批准号:GCIS202108);河南省网络密码技术重点实验室开放课题(批准号:LNCT2021 A04)资助项目。

摘　　要：现有的多数抗泄露加密机制的研究均假设敌手的泄露是来自收到挑战密文之前,并禁止敌手在挑战后进行泄露操作.然而,在现实中敌手往往是接触到密文数据后会通过各种手段获取相应密钥的泄露信息,因此挑战后的泄露容忍性更符合实际环境的真实应用需求.针对上述不足,本文将对身份基加密(identity-based encryption,IBE)机制的挑战后泄露容忍性展开研究,提出IBE机制熵泄露容忍性的属性要求和安全性定义;并在状态分离模型中联合熵泄露容忍的IBE机制和二源提取器设计抗挑战后泄露攻击的IBE机制,对上述构造在选择明文攻击下的安全性进行了形式化证明.此外,为了获得具有更优安全性的IBE机制,在上述构造的基础上,通过增加消息验证码设计选择密文攻击安全的挑战后泄露容忍的IBE机制.In encryption scheme research,we always assume that leakage is achieved by the adversary before the challenge stage and that the leakage query cannot be submitted after seeing the challenge ciphertext.The above constraints seem necessary but limit the effectiveness of the results because,in an actual scenario,the adversary usually tries to obtain the corresponding key information through various methods after accessing the ciphertext;therefore,after-the-fact leakage is closer to the actual situation.In this paper,the requirements and security definition of an entropic leakage-resilient identity-based encryption(IBE)scheme are proposed.Thereafter,an IBE scheme with after-the-fact leakage resilience and chosen-plaintext attack(CPA)security is created using an entropic leakage-resilient IBE scheme and two-source extractor;the after-the-fact leakage-resilient CPA security of the proposed scheme can be proved from the corresponding security of the underlying cryptographic tools.To further obtain an IBE scheme with better security,based on the aforementioned generic construction of afterthe-fact leakage-resilient IBE,we take message authentication codes as another basic tool to create the generic construction of a chosen-ciphertext attack secure IBE scheme with after-the-fact leakage resilience.

关 键 词：挑战后泄露容忍性 身份基哈希证明系统 身份基加密机制 熵泄露容忍性 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]