可证安全的IDPKC-to-CLPKC异构签密方案
|
摘要
为了保证异构网络中消息的机密性和认证性,该文定义了身份公钥密码IDPKC到无证书公钥密码CLPKC异构签密模型,并提出具体的IDPKC-to-CLPKC异构签密方案。方案中双方密码系统参数相互独立,能够满足实际应用需求。在随机预言模型下,基于GBDH,CDH和q-SDH困难假设,证明方案满足IDPKC-to-CLPKC异构签密的机密性和不可伪造性。同时,该方案满足匿名性,通过密文无法判断发送方和接收方的身份,可以有效保护双方的身份隐私。
In order to ensure the confidentiality and authentication in different network environments, the security model of IDPKC-to-CLPKC heterogeneous signcryption is defined from IDentity-based Public Key Cryptography(IDPKC) to Certificate Less Public Key Cryptography(CLPKC), and a concrete IDPKC-to-CLPKC heterogeneous signcryption scheme is presented. The system parameters in IDPKC and CLPKC are independent on each other in the scheme, which can meet the practical requirements. Based on the assumptions of Gap Bilinear Diffie-Hellman(GBDH), Computational Diffie-Hellman(CDH) and q-Strong Diffie-Hellman(q-SDH), the scheme is proved to satisfy the confidentiality and unforgeability in the random oracle model. Moreover, the scheme is also proved to satisfy the properties of ciphertext anonymity, which means the attacker can not judge the identities of the sender and the receiver. Therefore, the scheme can effectively protect the privacy of both identities.
In order to ensure the confidentiality and authentication in different network environments, the security model of IDPKC-to-CLPKC heterogeneous signcryption is defined from IDentity-based Public Key Cryptography(IDPKC) to Certificate Less Public Key Cryptography(CLPKC), and a concrete IDPKC-to-CLPKC heterogeneous signcryption scheme is presented. The system parameters in IDPKC and CLPKC are independent on each other in the scheme, which can meet the practical requirements. Based on the assumptions of Gap Bilinear Diffie-Hellman(GBDH), Computational Diffie-Hellman(CDH) and q-Strong Diffie-Hellman(q-SDH), the scheme is proved to satisfy the confidentiality and unforgeability in the random oracle model. Moreover, the scheme is also proved to satisfy the properties of ciphertext anonymity, which means the attacker can not judge the identities of the sender and the receiver. Therefore, the scheme can effectively protect the privacy of both identities.
引文
[1]ZHENG Y L.Digital signcryption or how to achieve cost(signature&encryption)< [2]SUN Y X and LI H.Efficient signcryption between TPKC and IDPKC and its multi-receiver construction[J].Science China Information Sciences,2010,53(3):557-566.doi:10.1007/s11432-010-0061-5.
[3]AN J H,DODIS Y,and RABIN T.On the security of joint signature and encryption[C].Proceedings of the CryptologyEUROCRYP2002,Berlin,2002:83-107.doi:10.1007/3-540-46035-7_6.
[4]HUANG Q,WONG D S,and YANG G M.Heterogeneous signcryption with key privacy[J].Computer Journal,2011,54(4):525-536.doi:10.1093/comjnl/bxq095.
[5]FU X T,LI X W,and LIU W.IDPKC-to-TPKI construction of multi-receiver signcryption[C].Proceedings of the INCo S(5),Washington,USA,2013:335-339.doi:10.1109/INCo S.2013.62.
[6]LI F G,ZHANG H,and TAKAGI T.Efficient signcryption for heterogeneous systems[J].IEEE Systems Journal,2013,7(3):420-429.doi:10.1109/JSYST.2012.2221897.
[7]LI F G,HAN Y Y,and JIN C H.Practical signcryption for secure communication of wireless sensor networks[J].Wireless Personal Communications,2016,89(4):1-22.doi:10.1007/s11277-016-3327-4.
[8]张玉磊,张灵刚,张永洁,等.匿名CLPKC-TPKI异构签密方案[J].电子学报,2016,44(10):2432-2439.doi:10.3969/j.issn.0372-2112.2016.10.022.ZHANG Y L,ZHANG L G,ZHANG Y J,et al.CLPKCto-TPKI heterogeneous signcryption scheme with anonymity[J].Acta Electronica Sinica,2016,44(10):2432-2439.doi:10.3969/j.issn.0372-2112.2016.10.022.
[9]周彦伟,杨波,张文政.可证安全的高效无证书广义签密方案[J].计算机学报,2016,39(3):543-551.doi:10.11897/SP.J.1016.2016.00543.ZHOU Y W,YANG B,and ZHANG W Z.Provably secure and efficient certificateless generalized signcryption[J].Chinese Journal of Computers,2016,39(3):543-551.doi:10.11897/SP.J.1016.2016.00543.
[10]LI F G,HAN Y Y,and JIN C H.Practical access control for sensor networks in the context of the Internet of Things[J].Computer Communications,2016,89-90:154-164.doi:10.1016/j.comcom.2016.03.007.
[11]张玉磊,王欢,李臣意,等.可证安全的紧致无证书聚合签密方案[J].电子与信息学报,2015,37(12):2838-2844.doi:10.11999/JEIT150407.ZHANG Y L,WANG H,LI C Y,et al.Provable secure and compact certificateless aggregate signcryption scheme[J].Journal of Electronics&Information Technology,2015,37(12):2838-2844.doi:10.11999/JEIT150407.
[12]BARBOSA M and FARSHIM P.Certificateless signcryption[C].Proceedings of ASIACCS 2008,Tokyo,2008:369-372.doi:10.1145/1368310.1368364.
[13]POINTCHEVAL D and STERN J.Security arguments for digital dignatures and blind signatures[J].Journal of Cryptology,2001,13(3):361-396.doi:10.1007/s001450010003.
[14]LI C K,YANG M,WONG D S,et al.An efficient signcryption scheme with key privacy and its extension to ring signcryption[J].Journal of Computer Security,2010,18(3):451-473.doi:10.3233/JCS-2009-0374.
[15]路秀华,温巧燕,王励成.格上的异构签密[J].电子科技大学学报,2016,45(3):458-462.doi:10.3969/j.issn.1001-0548.2016.02.025.LU X H,WEN Q Y,and WANG L C.A lattice-based heterogeneous signcryption[J].Journal of University of Electronic Science and Technology of China,2016,45(3):458-462.doi:10.3969/j.issn.1001-0548.2016.02.025.
[3]AN J H,DODIS Y,and RABIN T.On the security of joint signature and encryption[C].Proceedings of the CryptologyEUROCRYP2002,Berlin,2002:83-107.doi:10.1007/3-540-46035-7_6.
[4]HUANG Q,WONG D S,and YANG G M.Heterogeneous signcryption with key privacy[J].Computer Journal,2011,54(4):525-536.doi:10.1093/comjnl/bxq095.
[5]FU X T,LI X W,and LIU W.IDPKC-to-TPKI construction of multi-receiver signcryption[C].Proceedings of the INCo S(5),Washington,USA,2013:335-339.doi:10.1109/INCo S.2013.62.
[6]LI F G,ZHANG H,and TAKAGI T.Efficient signcryption for heterogeneous systems[J].IEEE Systems Journal,2013,7(3):420-429.doi:10.1109/JSYST.2012.2221897.
[7]LI F G,HAN Y Y,and JIN C H.Practical signcryption for secure communication of wireless sensor networks[J].Wireless Personal Communications,2016,89(4):1-22.doi:10.1007/s11277-016-3327-4.
[8]张玉磊,张灵刚,张永洁,等.匿名CLPKC-TPKI异构签密方案[J].电子学报,2016,44(10):2432-2439.doi:10.3969/j.issn.0372-2112.2016.10.022.ZHANG Y L,ZHANG L G,ZHANG Y J,et al.CLPKCto-TPKI heterogeneous signcryption scheme with anonymity[J].Acta Electronica Sinica,2016,44(10):2432-2439.doi:10.3969/j.issn.0372-2112.2016.10.022.
[9]周彦伟,杨波,张文政.可证安全的高效无证书广义签密方案[J].计算机学报,2016,39(3):543-551.doi:10.11897/SP.J.1016.2016.00543.ZHOU Y W,YANG B,and ZHANG W Z.Provably secure and efficient certificateless generalized signcryption[J].Chinese Journal of Computers,2016,39(3):543-551.doi:10.11897/SP.J.1016.2016.00543.
[10]LI F G,HAN Y Y,and JIN C H.Practical access control for sensor networks in the context of the Internet of Things[J].Computer Communications,2016,89-90:154-164.doi:10.1016/j.comcom.2016.03.007.
[11]张玉磊,王欢,李臣意,等.可证安全的紧致无证书聚合签密方案[J].电子与信息学报,2015,37(12):2838-2844.doi:10.11999/JEIT150407.ZHANG Y L,WANG H,LI C Y,et al.Provable secure and compact certificateless aggregate signcryption scheme[J].Journal of Electronics&Information Technology,2015,37(12):2838-2844.doi:10.11999/JEIT150407.
[12]BARBOSA M and FARSHIM P.Certificateless signcryption[C].Proceedings of ASIACCS 2008,Tokyo,2008:369-372.doi:10.1145/1368310.1368364.
[13]POINTCHEVAL D and STERN J.Security arguments for digital dignatures and blind signatures[J].Journal of Cryptology,2001,13(3):361-396.doi:10.1007/s001450010003.
[14]LI C K,YANG M,WONG D S,et al.An efficient signcryption scheme with key privacy and its extension to ring signcryption[J].Journal of Computer Security,2010,18(3):451-473.doi:10.3233/JCS-2009-0374.
[15]路秀华,温巧燕,王励成.格上的异构签密[J].电子科技大学学报,2016,45(3):458-462.doi:10.3969/j.issn.1001-0548.2016.02.025.LU X H,WEN Q Y,and WANG L C.A lattice-based heterogeneous signcryption[J].Journal of University of Electronic Science and Technology of China,2016,45(3):458-462.doi:10.3969/j.issn.1001-0548.2016.02.025.