标准模型下适应性安全的BF-IBE方案  被引量：2

作　　者：王学庆[1,2] 薛锐[1,2] 

机构地区：[1]中国科学院信息工程研究所信息安全国家重点实验室,北京100093 [2]中国科学院大学网络空间安全学院,北京100049

出　　处：《密码学报》2017年第1期38-48,共11页Journal of Cryptologic Research

基　　金：国家自然科学基金项目(61402471;61472414);中国科学院战略性先导科技专项(XDA06010701)

摘　　要：1984年,Shamir首次创造性地提出了基于身份加密(简称IBE)的概念,但未给出具体方案,直到2001年,Boneh和Franklin才构造出第一个IBE方案(简称BF-IBE方案),并且给出了IBE方案IND-aID-CPA安全性(简称适应性安全性)的形式化定义.然而,该方案的安全性仅仅在Random Oracle(以下简称RO)模型中得到证明.继BF-IBE方案之后,虽然Boneh和Boyen与Waters分别于2004年、2005年构造出了两个具有代表性的、基于数论问题的、标准模型下适应性安全的IBE方案,但是Boneh和Boyen方案的解密密钥和密文规模较大、Waters方案的安全性证明比较复杂.相比于这两个典型方案,由于BF-IBE方案具有解密密钥和密文规模较小的优点,故将BF-IBE方案进行适当的改进,使其在标准模型中安全,是一个具有实际意义的问题.本文的主要贡献在于:在保持解密密钥和密文规模相对较小的同时,将BF-IBE方案改造成标准模型下具有同等安全性的方案,并且该方案的安全性证明简洁易懂.本文采用类似于Hohenberger,Sahai和Waters在2014年提出的、对Full Domain Hash构造中的RO进行实例化的方法,使得改造后的IBE方案除了实例化原方案中的哈希函数,基本上保持了原来构造,从而保持了原方案解密密钥和密文规模相对较小的优点,并且安全性证明相比于原方案和Waters方案的证明更简洁易懂.In 1984, Shamir first proposed the notion of identity-based encryption without giving a concrete construction. In 2001, the first IBE scheme was constructed by Boneh and Franklin, who also formally defined IND-aID-CPA security for IBE constructions. However, the security proof of their scheme was in the random oracle model. After the BF-IBE scheme, Boneh, Boyen and Waters constructed two typical IBE schemes with adaptive security based on number theory in the standard model in 2004 and 2005, respectively. However, in the former IBE scheme, the sizes of the decryption key and the ciphertext are both quite large, while the security proof of the latter IBE scheme is very complicated. In contrast to the above two schemes, the BF-IBE scheme has smaller size of secret key and ciphertext, it has practical significance as how to initiate RO in the BF-IBE scheme. The main contribution of this paper is to transform the original BF-IBE scheme in the random oracle model into one in the standard model, while maintaining smaller size of secret key and ciphertext and with more compact security proof. Specifically, we study and employ the method proposed by Hohenberger, Sahai and Waters in 2014, that initiates the random oracle with a concrete hash function in full domain hash applications, to transform the BF-IBE scheme with adaptive security in the random oracle model to that with the same security in the standard model.

关 键 词：IBE方案 标准模型 适应性安全 admissible哈希函数 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]