可证安全的基于证书广播加密方案

doi:10.3969/j.issn.0372-2112.2016.05.013

电子学报 ›› 2016, Vol. 44 ›› Issue (5): 1101-1110.DOI: 10.3969/j.issn.0372-2112.2016.05.013

可证安全的基于证书广播加密方案

李继国, 张亦辰, 卫晓霞

河海大学计算机与信息学院, 江苏南京 210098

收稿日期:2014-07-29 修回日期:2014-11-28 出版日期:2016-05-25
- 通讯作者:
- 李继国
- 作者简介:
- 张亦辰 女,1971年生于黑龙江齐齐哈尔,学士,博士研究生,讲师,主要研究领域为密码学理论与技术.
- 基金资助:
- 国家自然科学基金 (No.61272542); 中央高校基本科研项目 (No.2013B07014)

A Provably Secure Certificate-Based Broadcast Encryption Scheme

LI Ji-guo, ZHANG Yi-chen, WEI Xiao-xia

College of Computer and Information Engineering, Hohai University, Nanjing, Jiangsu 210098, China

Received:2014-07-29 Revised:2014-11-28 Online:2016-05-25 Published:2016-05-25

摘要/Abstract

摘要：

广播加密可使发送者选取任意用户集合进行广播加密,只有授权用户才能够解密密文.但是其安全性依赖广播中心产生和颁布群成员的解密密钥.针对这一问题,本文提出基于证书广播加密的概念,给出了基于证书广播加密的形式化定义和安全模型.结合基于证书公钥加密算法的思想,构造了一个高效的基于证书广播加密方案,并证明了方案的安全性.在方案中,用户私钥由用户自己选取,证书由认证中心产生,解密密钥由用户私钥和证书两部分组成,克服了密钥托管的问题.在方案中,广播加密算法中的双线性对运算可以进行预计算,仅在解密时做一次双线性对运算,提高了计算效率.

关键词: 广播加密, 基于证书加密, 双线性对

Abstract:

Broadcast encryption allows a sender to securely broadcast to any subset of the group members.However, its security heavily depends on broadcast centre to generate and distribute decryption secret keys for group members.In order to solve the above problem, we propose the notion of certificate-based broadcast encryption, describe the formal definition and security model of the certificate-based broadcast encryption.Furthermore, we also provide an efficient certificate-based broadcast encryption scheme.In our scheme, the decryption key includes user's private key and a certificate, where the private key is chosen by user himself, and the certificate is generated by certification authority.Therefore, our scheme overcomes the key escrow problem.In addition, our scheme is efficient, because it needs only one paring in decryption algorithm and paring operation in encryption algorithm can be pre-computed.

Key words: broadcast encryption, certificate-based encryption, bilinear paring

中图分类号:

TP309

李继国, 张亦辰, 卫晓霞. 可证安全的基于证书广播加密方案[J]. 电子学报, 2016, 44(5): 1101-1110.

LI Ji-guo, ZHANG Yi-chen, WEI Xiao-xia. A Provably Secure Certificate-Based Broadcast Encryption Scheme[J]. Acta Electronica Sinica, 2016, 44(5): 1101-1110.

参考文献

[1] Naor D,Naor M,Lotspiech J.Revocation and tracing schemes for stateless receiver[A].Advances in Cryptography-CRYPTO 2001[C].LNCS 2139,Berlin:Springer-Verlag,2001.41-62.
[2] Boneh D,Gentry C,Waters B.Collusion resistant broadcast encryption with short ciphertexts and private keys[A].Advances in Cryptology-CRYPTO 2005[C].LNCS 3621,Berlin:Springer-Verlag,2005.258-275.
[3] Boneh D,Waters B.A fully collusion resistant broadcast,traces,and revokes system[A].Proceedings of the 13th ACM Conference on Computer and Communications Security[C].ACM New York,NY,USA:2006.211-220.
[4] Liu Y R,Tzeng W G.Public key broadcast encryption with low number of keys and constant decryption time[A].PKC 2008[C].LNCS 4939,Berlin:Springer-Verlag,2008.380-396.
[5] Delerablée C.Identity-based broadcast encryption with constant size ciphertexts and private keys[A].Advances in Cryptology-ASIACRYPT 2007[C].LNCS 4833,Berlin:Springer-Verlag,2007.200-215.
[6] Gentry C,Waters B.Adaptive security in broadcast encryption systems (with short ciphertexts)[A].Advances in Cryptology-EUROCRYPT 2009[C].LNCS 5479,Berlin:Springer-Verlag,2009.171-188.
[7] Boneh D,Waters B.Zhandry M.Low overhead broadcast encryption from multilinear maps[A].Advances in Cryptology-CRYPTO 2014[C].LNCS 8616,Berlin:Springer-Verlag,2014.206-223.
[8] Tan Z W,Liu Z J,Xiao H G.A fully public key tracing and revocation scheme provably secure against adaptive adversary[J].Journal of Software,2005,16(7):1333-1343.
[9] Phan D H,Pointcheval D,Strefler M.Decentralized dynamic broadcast encryption[A].Security and Cryptography for Networks[C].LNCS 7485,Berlin:Springer-Verlag,2012.166-183.
[10] Wu Q H,Qin B,Zhang L,Ferrer J D,Farràs O.Bridging broadcast encryption and group key agreement[A].Advances in Cryptology-ASIACRYPT 2011[C].LNCS 7073,Berlin:Springer-Verlag,2011.143-160.
[11] Hofheinz D,Striecks C.A generic view on trace-and-revoke broadcast encryption schemes[A].Topics in Cryptology-CT-RSA 2014[C].LNCS 8366,Berlin:Springer-Verlag,2014.48-63.
[12] Wee H.Threshold and revocation cryptosystems via extractable hash proofs[A].Advances in Cryptology-EUROCRYPT 2011[C].LNCS 6632,Berlin:Springer-Verlag,2011.589-609.
[13] Boneh D,Zhandry M.Multiparty key exchange,efficient traitor tracing,and more from indistinguishability obfuscation[A].Advances in Cryptology-CRYPTO 2014[C].LNCS 8616,Berlin:Springer-Verlag,2014.480-499.
[14] Gentry C.Certificate-based encryption and the certificate revocation problem[A].Advances in Cryptology-EUROCRYPT 2003[C].LNCS 2656,Berlin:Springer-Verlag,2003.272-293.
[15] Morillo P,Ràfols C.Certificate-based encryption without random oracles[DB/OL].Cryptology ePrint Archive,Report 2006/12,2006.
[16] Waters B.Efficient identity-based encryption without random oracles[A].Advances in Cryptology-EUROCRYPT 2005[C].LNCS 3494,Berlin:Springer-Verlag,2005.114-127.
[17] Dodis Y,Katz J.Chosen-ciphertext security of multiple encryptions[A].TCC 2005[C].LNCS 3378,Berlin:Springer-Verlag,2005.188-209.
[18] Galindo D,Morillo P,Ràfols C.Improved certificate-based encryption in the standard model[J].Journal of Systems and Software,2008,81(7):1218-1226.
[19] 陆阳,李继国,肖军模.一个高效的基于证书的加密方案[J].计算机科学,2009,36(9):28-31. Lu Y,Li J G,Xiao J M.Efficient certificate-based encryption scheme[J].Computer Science,2009,36(9):28-31.(in Chinese)
[20] Li J G,Huang X Y,Hong M X,Zhang Y C.Certificate-based signcryption with enhanced security features[J].Computers and Mathematics with Applications.2012,64(6):1587-1601.
[21] Li J G,Wang Z W,Zhang Y C.Provably secure certificate-based signature scheme without pairings[J].Information Sciences,2013,233(6):313-320.
[22] Selvi S,Vivek S,Shukla D.Efficient and provable secure certificateless multi-receiver signcryption[A].ProvSec 2008[C].LNCS 5324,Berlin:Springer-Verlag,2008.52-67.
[23] Al-Riyami S S,Paterson K G.Certificateless public key cryptography[A].Advances in Cryptology-ASIACRYPT 2003[C].LNCS 2894,Berlin:Springer-Verlag,2003.452-473.
[24] Li J G,Huang X Y,Mu Y,Susilo W,Wu Q H.Certificate-based signature:security model and efficient construction[A].Advances in Cryptology-EuroPKI'07[C].LNCS 4582,Berlin:Springer-Verlag,2007.110-125.
[25] Li J G,Huang X Y,Mu Y,Susilo W,Wu Q H.Constructions of certificate-based signature secure against key replacement attacks[J].Journal of Computer Security,2010,18(3):421-449.
[26] Li J G,Huang X Y,Zhang Y C,Xu L Z.An efficient short certificate-based signature scheme[J].Journal of Systems and Software,2012,85(2):314-322.

可证安全的基于证书广播加密方案

A Provably Secure Certificate-Based Broadcast Encryption Scheme

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	吴涛, 景晓军. 一种强不可伪造无证书签名方案的密码学分析与改进[J]. 电子学报, 2018, 46(3): 602-606.
[2]	张宇, 陈晶, 杜瑞颖, 周庆, 郑明辉. 适于车载网安全通信的高效签密方案[J]. 电子学报, 2015, 43(3): 512-517.
[3]	明洋, 王育民. 标准模型下可证安全的通配符基于身份加密方案[J]. 电子学报, 2013, 41(10): 2082-2086.
[4]	葛爱军, 马传贵, 程庆丰. 标准模型下CCA2安全且固定密文长度的模糊基于身份加密方案[J]. 电子学报, 2013, 41(10): 1948-1952.
[5]	杜红珍, 黄梅娟, 温巧燕. 高效的可证明安全的无证书聚合签名方案[J]. 电子学报, 2013, 41(1): 72-76.
[6]	李继国, 杨海珊, 张亦辰. 标准模型下安全的基于证书密钥封装方案[J]. 电子学报, 2012, 40(8): 1577-1583.
[7]	张恩;蔡永泉. 基于双线性对的可验证的理性秘密共享方案[J]. 电子学报, 2012, 40(5): 1050-1054.
[8]	张秋璞;叶顶锋. 对一个基于身份的多重签密方案的分析和改进[J]. 电子学报, 2011, 39(12): 2713-2720.
[9]	王化群;于红;吕显强;张福泰. 一种支持悬赏的匿名电子举报方案的安全性分析及设计[J]. 电子学报, 2009, 37(8): 1826-1829.
[10]	辛向军;李刚;董庆宽;肖国镇. 一个高效的随机化的可验证加密签名方案[J]. 电子学报, 2008, 36(7): 1378-1382.
[11]	司光东, 辛向军, 陈原, 肖国镇. 具有指定验证者的短签名方案[J]. 电子学报, 2008, 36(1): 24-27.
[12]	王晓峰;张 ;王尚平;张亚玲;秦波;. 新的基于身份的广义指定验证者签名方案[J]. 电子学报, 2007, 1(8): 1432-1436.
[13]	孟涛, 张鑫平, 孙圣和. 基于身份的多重签密方案[J]. 电子学报, 2007, 35(6A): 115-117.
[14]	李进;张方国;王燕鸣. 两个高效的基于分级身份的签名方案[J]. 电子学报, 2007, 35(1): 150-152.
[15]	明洋, 李恕海, 王育民. 一种高效的广义指定验证者签名证明[J]. 电子学报, 2006, 34(S1): 2434-2437.