一种解决IBC密钥托管问题的新方案
|
摘要
为了解决基于身份公钥密码体制中与生俱来的密钥托管问题,结合已有的方案,提出一种新的具有更多优势的密钥托管方案。用户和密钥生成中心各自选择一部分参数生成系统主密钥,在用户不必引入一部分身份信息的前提下达到共同生成用户私钥的目的。用户可通过双线性对的性质,验证密钥生成中心是否诚实提供自己所选取的参数。在监听过程中,由于设置了最受信赖的托管代理,用户的隐私得到了更好的保护,解决了监听及可信第三方权利过大的问题。在必要情况下,可通过修改用户或密钥生成中心选取的参数来达到更换部分或全部密钥的效果,使系统具有良好的动态性。
In order to solve the inherent key escrow problem in identity-based cryptography,a new key escrow scheme with more advantages was proposed based on the existing scheme. The user and the key generation center each selected a part of the parameters to generate the system master key so as to achieve the purpose of jointly generating the user private key without introducing some of the identity of the premise. The user can verify whether the key generation center honestly provided the parameter of its own choosing through the nature of the bilinear pairing. In the monitoring process,due to set up the most trusted hosting agent,the user's privacy had been better protected,and solved the problem of oversight and the third party rights too large. If necessary,the effect of replacing some or all of the keys can be achieved by modifying parameters selected by the user or the key generation center to make the system dynamic.
In order to solve the inherent key escrow problem in identity-based cryptography,a new key escrow scheme with more advantages was proposed based on the existing scheme. The user and the key generation center each selected a part of the parameters to generate the system master key so as to achieve the purpose of jointly generating the user private key without introducing some of the identity of the premise. The user can verify whether the key generation center honestly provided the parameter of its own choosing through the nature of the bilinear pairing. In the monitoring process,due to set up the most trusted hosting agent,the user's privacy had been better protected,and solved the problem of oversight and the third party rights too large. If necessary,the effect of replacing some or all of the keys can be achieved by modifying parameters selected by the user or the key generation center to make the system dynamic.
引文
[1]周加法.基于身份公钥密码的密钥托管问题研究[D].郑州:解放军信息工程大学,2006.
[2]Dan B,Franklin M.Identity-Based Encryption from the Weil Pairing[J].Siam Journal on Computing,2001,32(3):213-229.
[3]Al-Riyami S S,Paterson K G.Certificateless Public Key Cryptography[M]//Advances in Cryptology—ASIACRYPT2003.Springer Berlin Heidelberg,2003:452-473.
[4]Gentry C.Certificate-based encryption and the certificate revocation problem[C]//International Conference on Theory and Applications of Cryptographic Techniques.Springer-Verlag,2003:272-293.
[5]Goyal V.Reducing Trust in the PKG in Identity Based Cryptosystems[C]//International Cryptology Conference on Advances in Cryptology.Springer-Verlag,2007:430-447.
[6]金正平.基于身份的密码体制中密钥托管问题的相关研究[D].北京邮电大学,2010.
[7]萧萍.基于身份的新型密钥托管方案[J].自动化与仪器仪表,2015(4):222-224.
[8]萧萍.基于身份的混合加密方案[J].工业仪表与自动化装置,2016(1):99-101.
[9]范强,谢冬青.可灵活设置托管代理的密钥托管方案[J].计算机工程与应用,2005,41(10):122-123.
[10]李林,李志华.基于改进的动态密钥托管方案的研究及其应用[J].计算机工程与设计,2015(7):1732-1736.
[11]黄仁季,吴晓平,李洪成.基于身份标识加密的身份认证方案[J].网络与信息安全学报,2016,2(6):32-37.
[12]张亦辰,李继国,袁泓.无证书代理签名方案[J].南京信息工程大学学报(自然科学版),2017,9(5):490-496.
[13]杨波,孙晓蓉,王育民.基于门限方案的密钥托管[J].西安电子科技大学学报,1998(2):239-241.
[14]茹秀娟,晋玉星.基于身份的广义门限群签名方案[J].开封大学学报,2015,29(4):85-88.
[15]王熔.基于门限秘密共享的密码保护研究[D].长沙:湖南大学,2015.
[16]陈华.基于身份的公钥密码系统的研究[D].武汉:武汉大学,2012.
[2]Dan B,Franklin M.Identity-Based Encryption from the Weil Pairing[J].Siam Journal on Computing,2001,32(3):213-229.
[3]Al-Riyami S S,Paterson K G.Certificateless Public Key Cryptography[M]//Advances in Cryptology—ASIACRYPT2003.Springer Berlin Heidelberg,2003:452-473.
[4]Gentry C.Certificate-based encryption and the certificate revocation problem[C]//International Conference on Theory and Applications of Cryptographic Techniques.Springer-Verlag,2003:272-293.
[5]Goyal V.Reducing Trust in the PKG in Identity Based Cryptosystems[C]//International Cryptology Conference on Advances in Cryptology.Springer-Verlag,2007:430-447.
[6]金正平.基于身份的密码体制中密钥托管问题的相关研究[D].北京邮电大学,2010.
[7]萧萍.基于身份的新型密钥托管方案[J].自动化与仪器仪表,2015(4):222-224.
[8]萧萍.基于身份的混合加密方案[J].工业仪表与自动化装置,2016(1):99-101.
[9]范强,谢冬青.可灵活设置托管代理的密钥托管方案[J].计算机工程与应用,2005,41(10):122-123.
[10]李林,李志华.基于改进的动态密钥托管方案的研究及其应用[J].计算机工程与设计,2015(7):1732-1736.
[11]黄仁季,吴晓平,李洪成.基于身份标识加密的身份认证方案[J].网络与信息安全学报,2016,2(6):32-37.
[12]张亦辰,李继国,袁泓.无证书代理签名方案[J].南京信息工程大学学报(自然科学版),2017,9(5):490-496.
[13]杨波,孙晓蓉,王育民.基于门限方案的密钥托管[J].西安电子科技大学学报,1998(2):239-241.
[14]茹秀娟,晋玉星.基于身份的广义门限群签名方案[J].开封大学学报,2015,29(4):85-88.
[15]王熔.基于门限秘密共享的密码保护研究[D].长沙:湖南大学,2015.
[16]陈华.基于身份的公钥密码系统的研究[D].武汉:武汉大学,2012.