基于容错学习的属性基加密方案的具体安全性分析
|
摘要
为了能全面研究基于容错学习(LWE)的属性基加密(ABE)方案的安全性,考察其抵抗现有攻击手段的能力,在综合考虑格上算法和方案噪声扩张对参数的限制后,利用已有的解决LWE的算法及其可用程序模块,该文提出了针对基于LWE的ABE方案的具体安全性分析方法。该方法可以极快地给出满足方案限制要求的具体参数及方案达到的安全等级,此外,在给定安全等级的条件下,该方法可以给出相应的具体参数值。最后,利用该方法分析了4个典型的基于LWE的属性基加密方案的具体安全性。实验数据表明,满足一定安全等级的基于LWE的属性基方案的参数尺寸过大,还无法应用到实际中。
In order to comprehensively study the security of the Attribute-Based Encryption(ABE) scheme based on Learning With Errors(LWE) and test its ability to resist existing attacks, an analysis method for concrete security of ABE based on LWE is proposed. After consideration of the parameter restrictions caused by algorithms on lattices and noise expansion, this method applies the existing algorithms to solving LWE and the available program modules, and it can quickly provide the specific parameters that satisfy the scheme and estimate the corresponding security level. In addition, it can output the specific parameters that satisfy the pregiven security level. Finally, four existing typical schemes are analyzed by this method. Experiments show that the parameters are too large to be applied to practical applications.
In order to comprehensively study the security of the Attribute-Based Encryption(ABE) scheme based on Learning With Errors(LWE) and test its ability to resist existing attacks, an analysis method for concrete security of ABE based on LWE is proposed. After consideration of the parameter restrictions caused by algorithms on lattices and noise expansion, this method applies the existing algorithms to solving LWE and the available program modules, and it can quickly provide the specific parameters that satisfy the scheme and estimate the corresponding security level. In addition, it can output the specific parameters that satisfy the pregiven security level. Finally, four existing typical schemes are analyzed by this method. Experiments show that the parameters are too large to be applied to practical applications.
引文
[1]SAHAI A and WATERS B.Fuzzy identity-based encryption[C].The 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques,Aarhus,Denmark,2005:457-473.doi:10.1007/11426639_27.
[2]AJTAI M.Generating hard instances of lattice problems(extended abstract)[C].The 28th Annual ACM Symposium on Theory of Computing,Philadelphia,Pennsylvania,USA,1996:99-108.doi:10.1145/237814.237838.
[3]REGEV O.On lattices,learning with errors,random linear codes,and cryptography[C].The 37th Symposium on Theory of Computing,Baltimore,USA,2005:84-93.doi:10.1145/1060590.1060603.
[4]LYUBASHEVSKY V,PEIKERT C,and REGEV O.On ideal lattices and learning with errors over rings[J].Journal of the ACM,2010,60(6):43.doi:10.1145/2535925.
[5]ALBRECHT M R,PLAYER R,and SCOTT S.On the concrete hardness of learning with Errors[J].Journal of Mathematical Cryptology,2015,9(3):169-203.doi:10.1515/jmc-2015-0016.
[6]BECKER A,DUCAS L,GAMA N,et al.New directions in nearest neighbor searching with applications to lattice sieving[C].The Twenty-Seventh Annual ACM-SIAMSymposium on Discrete Algorithms,Arlington,Virginia,2016:10-24.doi:10.1137/1.9781611974331.ch2.
[7]SCHNEIDER M.Sieving for shortest vectors in ideal lattices[C].The 6th International Conference on Cryptology in Africa,Cairo,Egypt,2013:375-391.doi:10.1007/978-3-642-38553-7_22.
[8]AGRAWAL S,BONEH D,and BOYEN X.Efficient lattice(H)IBE in the standard model[C].The 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques,French Riviera,France,2010:553-572.doi:10.1007/978-3-642-13190-5_28.
[9]BONEH D,NIKOLAENKO V,and SEGEV G.Attributebased encryption for arithmetic circuits[EB/OL].http://eprint.iacr.org/2013/669,2013.
[10]CHEN Yuanmi and NGUYEN P Q.BKZ 2.0:Better lattice security estimates[C].The 17th International Conference on the Theory and Application of Cryptology and Information Security,Seoul,South Korea,2011:1-20.doi:10.1007/978-3-642-25385-0_1.
[11]BAI Shi and GALBRAITH S D.Lattice decoding attacks on binary LWE[C].The 19th Australasian Conference on Information Security and Privacy,Wollongong,NSW,Australia,2014:322-337.doi:10.1007/978-3-319-08344-5_21.
[12]PAAR C and PELZL J.Understanding Cryptography:ATextbook for Students and Practitioners[M].Berlin Heidelberg:Springer,2010:156.
[13]LINDNER R and PEIKERT C.Better key sizes(and attacks)for LWE-based encryption[C].The Cryptographers’Track at the RSA Conference 2011 Topics in Cryptology,San Francisco,USA,2011:319-339.doi:10.1007/978-3-642-19074-2_21.
[14]ALBRECHT M R,CID C,FAUGèRE J,et al.On the complexity of the BKW algorithm on LWE[J].Designs,Codes and Cryptography,2015,74(2):325-354.doi:10.1007/s10623-013-9864-x.
[15]ZHAO Jian,GAO Haiying,and ZHANG Junqi.Attributebased encryption for circuits on lattices[J].Tsinghua Science and Technology,2014,19(5):463-469.doi:10.3969/j.issn.1007-0214.2014.05.005.
[16]赵建,高海英,胡斌.基于理想格的高效密文策略属性基加密方案[J].电子与信息学报,2018,40(7):1652-1660.doi:10.11999/JEIT170863.ZHAO Jian,GAO Haiying,and HU Bin.An efficientciphertext-policy attribute-based encryption on ideallattices[J].Journal of Electronics&InformationTechnology,2018,40(7):1652-1660.doi:10.11999/JEIT170863.
[17]ZHANG Jiang,ZHANG Zhenfeng,and GE Aijun.Ciphertext policy attribute-based encryption from lattices[C].The 7th ACM Symposium on Information,Computer and Communications Security,Seoul,Korea,2012:16-17.doi:10.1145/2414456.2414464.
[2]AJTAI M.Generating hard instances of lattice problems(extended abstract)[C].The 28th Annual ACM Symposium on Theory of Computing,Philadelphia,Pennsylvania,USA,1996:99-108.doi:10.1145/237814.237838.
[3]REGEV O.On lattices,learning with errors,random linear codes,and cryptography[C].The 37th Symposium on Theory of Computing,Baltimore,USA,2005:84-93.doi:10.1145/1060590.1060603.
[4]LYUBASHEVSKY V,PEIKERT C,and REGEV O.On ideal lattices and learning with errors over rings[J].Journal of the ACM,2010,60(6):43.doi:10.1145/2535925.
[5]ALBRECHT M R,PLAYER R,and SCOTT S.On the concrete hardness of learning with Errors[J].Journal of Mathematical Cryptology,2015,9(3):169-203.doi:10.1515/jmc-2015-0016.
[6]BECKER A,DUCAS L,GAMA N,et al.New directions in nearest neighbor searching with applications to lattice sieving[C].The Twenty-Seventh Annual ACM-SIAMSymposium on Discrete Algorithms,Arlington,Virginia,2016:10-24.doi:10.1137/1.9781611974331.ch2.
[7]SCHNEIDER M.Sieving for shortest vectors in ideal lattices[C].The 6th International Conference on Cryptology in Africa,Cairo,Egypt,2013:375-391.doi:10.1007/978-3-642-38553-7_22.
[8]AGRAWAL S,BONEH D,and BOYEN X.Efficient lattice(H)IBE in the standard model[C].The 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques,French Riviera,France,2010:553-572.doi:10.1007/978-3-642-13190-5_28.
[9]BONEH D,NIKOLAENKO V,and SEGEV G.Attributebased encryption for arithmetic circuits[EB/OL].http://eprint.iacr.org/2013/669,2013.
[10]CHEN Yuanmi and NGUYEN P Q.BKZ 2.0:Better lattice security estimates[C].The 17th International Conference on the Theory and Application of Cryptology and Information Security,Seoul,South Korea,2011:1-20.doi:10.1007/978-3-642-25385-0_1.
[11]BAI Shi and GALBRAITH S D.Lattice decoding attacks on binary LWE[C].The 19th Australasian Conference on Information Security and Privacy,Wollongong,NSW,Australia,2014:322-337.doi:10.1007/978-3-319-08344-5_21.
[12]PAAR C and PELZL J.Understanding Cryptography:ATextbook for Students and Practitioners[M].Berlin Heidelberg:Springer,2010:156.
[13]LINDNER R and PEIKERT C.Better key sizes(and attacks)for LWE-based encryption[C].The Cryptographers’Track at the RSA Conference 2011 Topics in Cryptology,San Francisco,USA,2011:319-339.doi:10.1007/978-3-642-19074-2_21.
[14]ALBRECHT M R,CID C,FAUGèRE J,et al.On the complexity of the BKW algorithm on LWE[J].Designs,Codes and Cryptography,2015,74(2):325-354.doi:10.1007/s10623-013-9864-x.
[15]ZHAO Jian,GAO Haiying,and ZHANG Junqi.Attributebased encryption for circuits on lattices[J].Tsinghua Science and Technology,2014,19(5):463-469.doi:10.3969/j.issn.1007-0214.2014.05.005.
[16]赵建,高海英,胡斌.基于理想格的高效密文策略属性基加密方案[J].电子与信息学报,2018,40(7):1652-1660.doi:10.11999/JEIT170863.ZHAO Jian,GAO Haiying,and HU Bin.An efficientciphertext-policy attribute-based encryption on ideallattices[J].Journal of Electronics&InformationTechnology,2018,40(7):1652-1660.doi:10.11999/JEIT170863.
[17]ZHANG Jiang,ZHANG Zhenfeng,and GE Aijun.Ciphertext policy attribute-based encryption from lattices[C].The 7th ACM Symposium on Information,Computer and Communications Security,Seoul,Korea,2012:16-17.doi:10.1145/2414456.2414464.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |