摘要
传统的密码方案假定密钥对可能的攻击者来说是完全隐藏的(只有算法是公开的),敌手无法获得有关密钥的任何信息.但在实际系统中,攻击者可在噪声信道或由侧信道攻击获得有关密钥的部分信息.密钥弹性泄漏安全的加密方案通过改进密码算法达到在密钥存在可能部分泄漏情况下的语义安全性.设计了一个抗密钥弹性泄漏的可委托层次模板加密方案.在该方案中,用户身份关联到含有通配符的身份模板,并可以实现再次密钥委托.该方案是抗泄漏的层次身份加密方案(hierarchical identity-based encryption,简称HIBE)和隐藏向量加密方案(hidden vector encryption,简称HVE)的一般扩展,可有效地抵抗密钥弹性泄漏,并达到自适应语义安全性.同时给出该方案的安全性证明和系统抗泄漏性能,分析显示,该方案具有较好的密钥泄漏容忍性.
In the traditional cryptosystems, secret keys are perfectly hidden for any possible attackers and only the cryptographic algorithms and public parameters are public. However, in practical applications, the attacker can obtain partial information about the matched decryption key from the noise channels or by the side-channel attacks. This study proposes a leakage-resilient hierarchical wildcard pattern encryption in which a user is associated with a wildcard identity pattern. A secret key is derived for a vector of identity strings where entries can be left blank using a wildcard, and this key can then be used to derive keys for any pattern that replaces wildcards with concrete identities. The scheme supports the wildcard pattern key delegation, which is considered as a general extension of leakage-resilient hierarchical IBE (identity-based encryption) and HVE (hidden vector encryption). Moreover, the proposed scheme can tolerate partial key leakage, and the scheme is proven to be leakage-resilient and semantically secure in the standard model under the subgroup decision assumptions.
出处
《软件学报》
EI
CSCD
北大核心
2015年第5期1196-1212,共17页
Journal of Software
基金
国家自然科学基金(61370224,61272436,61170135)
湖北省自然科学基金(2013CFA046)
湖北工业大学高层次人才项目
中国科学院信息工程研究所信息安全国家重点实验实验室开放课题(2014-04)
关键词
通配身份基加密
弹性泄漏
密钥委托
身份模板
泄漏率
wildcard IBE (identity-based encryption)
leakage resilience
key delegation
identity pattern
leakage rate
