电子学报 ›› 2020, Vol. 48 ›› Issue (2): 291-295.DOI: 10.3969/j.issn.0372-2112.2020.02.010

• 学术论文 • 上一篇    下一篇

标准模型下可公开验证的匿名IBE方案的安全性分析

杨启良1,2, 周彦伟1,2, 杨坤伟1, 王涛1   

  1. 1. 陕西师范大学计算机科学学院, 陕西西安 710062;
    2. 密码科学技术国家重点实验室, 北京 100878
  • 收稿日期:2019-01-11 修回日期:2019-07-04 出版日期:2020-02-25 发布日期:2020-02-25
  • 通讯作者: 周彦伟
  • 作者简介:杨启良 男,1991年6月出生于陕西省西安市.现为陕西师范大学计算机科学学院博士生.从事密码学、信息安全的研究工作E-mail:yangqiliang@snnu.edu.cn
  • 基金资助:
    国家重点研发计划(No.2017YFB0802000);国家自然科学基金(No.61802242,No.61572303,No.61772326,No.61872087,No.61802241,No.61702259);陕西省自然科学基础研究计划(No.2018JQ6088);"十三五"国家密码发展基金(No.MMJJ20180217);中央高校基本科研业务费项目(No.GK201803064)

On the Security of Publicly Verifiable Anonymous IBE Scheme in the Standard Model

YANG Qi-liang1,2, ZHOU Yan-wei1,2, YANG Kun-wei1, WANG Tao1   

  1. 1. School of Computer Science, Shaanxi Normal University, Xi'an, Shaanxi 710062, China;
    2. State Key Laboratory of Cryptology, Beijing 100878, China
  • Received:2019-01-11 Revised:2019-07-04 Online:2020-02-25 Published:2020-02-25

摘要: 现有的可公开验证的匿名基于身份的加密(Identity-Based Encryption,IBE)机制声称解决了在静态困难性假设之上构造紧的选择密文安全的IBE机制的困难性问题.然而,本文发现,由于该机制的密文不具备防扩展性,使得任何敌手可基于已知的有效密文生成任意消息的合法加密密文,导致该机制无法满足其所声称的选择密文安全性.我们根据不同的密文相等判定条件分别提出两种方法对原始方案的安全性进行了分析,同时在分析基础上指出原始安全性证明过程中所存在的不足.

关键词: 基于身份的密码学, 基于身份的加密, 公开可验证, 选择密文安全, 判定性双线性Diffie-Hellman假设, 标准模型, 双线性映射

Abstract: How to create an identity-based encryption (IBE) scheme with tight chosen-ciphertext attacks (CCA) security based on the static assumption is an open problem.A publicly verifiable anonymous IBE scheme designed in the standard model claimed that the CCA security of proposed scheme was proved based on the classic static assumption.However, in this paper, we demonstrate that the previous IBE scheme cannot achieve the claimed CCA security because the ciphertext was extensile.In other words, a valid encrypted ciphertext can be forged by any adversary from a known ciphertext.To analyze the security of the previous IBE scheme, two methods are proposed based on the criterion of ciphertext equality.Additionally, based on the analysis of the previous IBE scheme, we point out the shortcomings of the original security proof.

Key words: identity-based cryptography, identity-based encryption, anonymous, publicly verifiable, chosen-ciphertext security, decisional bilinear Diffie-Hellman assumption, standard model, bilinear pairing

中图分类号: