对于一个新的CCA安全的密码方案的分析  被引量：2

作　　者：王欣[1,2] 薛锐[1,2] 

机构地区：[1]中国科学院信息工程研究所信息安全国家重点实验室,北京100093 [2]中国科学院大学网络空间安全学院,北京100049

出　　处：《密码学报》2017年第2期106-113,共8页Journal of Cryptologic Research

基　　金：国家自然科学基金项目(61402471;61472414)

摘　　要：CCA安全的公钥加密方案是现代密码学研究的重点.如何设计一个安全的公钥加密方案并在一定的假设下证明其安全性,尤其是CCA安全性,是公钥密码学研究的热点.迄今为止,人们广泛认可的CCA安全的公钥加密方案的安全性都是基于一些经过数学家或者密码学家长期研究并公认计算困难的数学问题.巩等提出了一种新的抗适应性选择密文攻击(Adaptive Chosen-Ciphertext Attack)的公钥加密方案,并给出证明过程,说明该方案在标准模型下对适应性选择密文攻击具有不可区分加密(IND-CCA2).文中还提出一种新的安全性假设,该假设欲表明,即使攻击者能够得到一种特殊的RSA型加密模数的因子分解,求解模合数的六次方根问题仍然是计算困难的.本文通过观察和分析该方案中存在的各种设计缺陷,自然地给出对该方案的两种攻击方式,我们的攻击是高效的,即可以在多项式时间内完成,说明了文中提出的安全性假设并不成立.随即证明了该方案不具有IND-CPA安全性,更不是IND-CCA2安全的,同时指出巩等证明中存在的错误.最后,本文探讨了构建CCA安全的公钥加密方案的一般思路.CCA-secure public key encryption has attracted much attention in modern cryptography. It is a hot topic in public key cryptography to design a secure scheme with provable security, especially security against CCA under some reasonable assumptions. So far, the security of widely convincing CCA-secure public key encryption schemes are based on some mathematical problems which have been studied for a long time and are universally believed to be computationally hard by mathematicians and cryptographers. Gong et al. proposed a new public key cryptosystem. It was claimed and proved that the proposed encryption scheme provides indistinguishable encryption under adaptive chosen-ciphertext attack in the standard model. A novel securityassumption was presented, namely, to compute the sixth root modulo a composite number is difficult, even when an adversary is able to factor a special RSA-type modulus. In this paper we point out the flaws exposed in the scheme and naturally show some succinct attacks, which can be efficiently accomplished in polynomial time. We demonstrate that the security assumption in the paper does not hold. Then we prove that the encryption scheme is not secure in the sense of IND-CPA, not mentioning IND-CCA2. We also point out the mistakes in the proof of the claims in Gong's paper. Eventually, we discuss the general idea to construct a CCA-secure public key encryption cryptosystem.

关 键 词：适应性选择密文攻击 公钥加密方案 标准模型 因子分解 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]