公钥加密系统的可证明安全——新挑战新方法  被引量：2

作　　者：刘胜利[1] 

机构地区：[1]上海交通大学计算机科学与工程系,上海200240

出　　处：《密码学报》2014年第6期537-550,共14页Journal of Cryptologic Research

基　　金：国家自然科学基金(61170229;61373153;61133014);高等学校博士学科点专项科研基金(20110073110016);上海市教委科研创新项目(12ZZ021)

摘　　要：密码界对公钥加密所广泛接受的安全标准是IND-CCA2安全.但是近年来各种新的攻击手段层出不穷,IND-CCA2安全已不能应付这些攻击.本文将对近年来出现的"选择打开攻击","密钥泄漏攻击"、"密钥相关信息安全"、"密钥相关攻击"、及"随机数相关攻击"进行阐述,并介绍如何对这些攻击进行形式化,如何定义能够抵御这些攻击的更高的安全标准,包括:针对"选择打开攻击"的"基于仿真的选择打开CCA2安全"(SIM-SO-CCA2)及"基于不可区分的选择打开CCA2安全"(IND-SO-CCA2);针对"密钥泄漏攻击"的"容忍密钥泄漏CCA2安全"(LR-CCA2);依赖密钥的消息的CCA2安全(KDM-CCA2);针对"密钥相关攻击"的"密钥相关CCA2安全"(KR-CCA2);针对"随机数相关攻击"的"随机数相关CCA2安全"(RR-CCA2).此外,我们还简要介绍了目前达到新标准所使用的技术和方法,包括交叉认证码技术、Hash Proof System技术,One-Time Lossy Filter技术等,同时指出了目前公钥加密可证明安全所面临的挑战.The widely acceptable standard security notion for public key encryption is IND-CCA2 security. Many new attacking techniques are proposed in recent years, which impose new security requirements beyond IND-CCA2. In this survey, we describe some recent appeared attacks, i.e., the Selective-Opening Attacks, Key-Leakage Attacks, Key-Dependent Security, Key-Related Attacks and Randomness-Related Attacks. We show how to formalize those attacks to get new security models and set up new security notions resisting those attacks. The formalization of 'Selective-Opening Attacks' gives the notion of 'Simulation-based Selective Opening CCA2'(SIM-SO-CCA2) Security and 'Indistinguishable-based Selective Opening CCA2'(IND-SO-CCA2); The formalization of 'Key-Leakage Attacks' gives the notion of 'leakage-resilient CCA2'(LR-CCA2) Security; The encryption of Key-dependent messages arouses the notion of 'Key-Dependent Message CCA2'(KDM-CCA2) security; The formalization of Key-Related Attacks gives the notion of 'Key-Related CCA2'(KR-CCA2) security; The 'Randomness-Related Attacks' gives the notion of 'Randomness-Related CCA2'(RR-CCA2) security. In addition, we introduce the cryptographic primitives to achieve those security notions, and the primitives include Cross-Authentication Codes, Hash Proof System, One-Time Lossy Filter, etc. We also point out the challenges for the provable security of public-key encryption.

关 键 词：公钥加密 可证明安全 CCA2安全 

分 类 号：TN918.4[电子电信—通信与信息系统]