机动节点的匿名双向认证
|
摘要
基于身份的公钥密码体制及其应用已经越来越受到重视,如何构建一个安全性高效率好的公钥密码体系称为一个重要的研究方向。
基于身份的密码体制中,公钥是用户的身份,如姓名,邮件地址等等,或者由身份经过相应的映射得到的伪身份。私钥由可信的第三方管理中心(PKG)生成。而随着信息时代的发展,匿名性越来越被人们所需要,如何在不知道对方的真实身份的情况下,安全可靠的与对方进行信息交互,成为了一个重要的问题。同时匿名性要求PKG拥有追踪性,即可以对某个节点的行为进行追踪,以实现通信的不可否认性。
本文主要研究基于身份的公钥加密体制及其在机动节点匿名双向认证中的应用。在本文的研究中,主要用到了椭圆曲线,weil对,基于身份的加密体制,耦合触发元胞自动机等技术和工具。
本文构造的基于身份的公钥加密认证系统,是使用weil对技术和耦合触发元胞自动机技术构造的可以抵抗选择密文攻击,有IND-CCA2安全性的公钥加密系统。同时本文提出了基于新型加密机制的机动节点匿名双向认证机制,并给出了安全性证明,效率分析和正确性证明。最后给出了机动节点匿名双向认证系统的模型。
The Identity-Based Encryption(IBE) System and application is more and more important, It have already become a important research aspect, that how to build a public key encryption system with high security and efficiency.
In IBE system, thepublic key is something about user's ID, such like name, email and so on. or some fake ID, which created by some Hash function. And the private key is created by PKG—A creditable third party administion. However, with development of information times, anonymious is needed for more and more people, It is important that how to exchange information with each other safely, while not know each other' s true ID. That also need PKG can track any nodes' behave.
This paper concentrates on the theory and technique of identity-based encryption and its application on mobile nodes' anonymious authentication. We use ellipse curve, pairing technology, IBE, and coupling touch off cell automaton as basic knowledge.
This paper use pairing technology and CTCA to construct a public key Encryption system, which can counteract chosen chiptext attrack and satisfy IND-CCA2 model. As the same time ,this paper also construct the anonymious bidirectional authentication mechanism of mobile nodes, which based on the new Encryption system constructed above and also give the prove of security, analyze of efficiency and the prove of validity, In the end, the paper give an anonymious bidirectional authentication model of mobile nodes.
基于身份的密码体制中,公钥是用户的身份,如姓名,邮件地址等等,或者由身份经过相应的映射得到的伪身份。私钥由可信的第三方管理中心(PKG)生成。而随着信息时代的发展,匿名性越来越被人们所需要,如何在不知道对方的真实身份的情况下,安全可靠的与对方进行信息交互,成为了一个重要的问题。同时匿名性要求PKG拥有追踪性,即可以对某个节点的行为进行追踪,以实现通信的不可否认性。
本文主要研究基于身份的公钥加密体制及其在机动节点匿名双向认证中的应用。在本文的研究中,主要用到了椭圆曲线,weil对,基于身份的加密体制,耦合触发元胞自动机等技术和工具。
本文构造的基于身份的公钥加密认证系统,是使用weil对技术和耦合触发元胞自动机技术构造的可以抵抗选择密文攻击,有IND-CCA2安全性的公钥加密系统。同时本文提出了基于新型加密机制的机动节点匿名双向认证机制,并给出了安全性证明,效率分析和正确性证明。最后给出了机动节点匿名双向认证系统的模型。
The Identity-Based Encryption(IBE) System and application is more and more important, It have already become a important research aspect, that how to build a public key encryption system with high security and efficiency.
In IBE system, thepublic key is something about user's ID, such like name, email and so on. or some fake ID, which created by some Hash function. And the private key is created by PKG—A creditable third party administion. However, with development of information times, anonymious is needed for more and more people, It is important that how to exchange information with each other safely, while not know each other' s true ID. That also need PKG can track any nodes' behave.
This paper concentrates on the theory and technique of identity-based encryption and its application on mobile nodes' anonymious authentication. We use ellipse curve, pairing technology, IBE, and coupling touch off cell automaton as basic knowledge.
This paper use pairing technology and CTCA to construct a public key Encryption system, which can counteract chosen chiptext attrack and satisfy IND-CCA2 model. As the same time ,this paper also construct the anonymious bidirectional authentication mechanism of mobile nodes, which based on the new Encryption system constructed above and also give the prove of security, analyze of efficiency and the prove of validity, In the end, the paper give an anonymious bidirectional authentication model of mobile nodes.
引文
1 W. Diffie and M.E. Hellman, "New directions in cryptography," IEEE Trans. Inform Theory, IT-22, 6, 1976, pp. 644-654
2 Rivest R. L., Shamir A. and Adleman L. M. A Method for Obtaining Digital Signature and Public Key Cryptosystems. Communications of the ACM, Vol. 21, No. 2, Feb. 1978, pp. 120-126.
3 Rbain, M.O. Digital signature and public-key functions as intractable as facoriza-tion. MIT Laboratory for computer Science, Technical Report, MIr/LC-S/TR212, Jan 1979.
4 EiGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory, Vol. 31, No. 4,1985, pp. 469-472.
5 Miller V S. Use of elliptic curve in cryptosystems. Advances in Cryptology-CRYPZ085, LNCS 218, Springer-Verlag, Berlin, 1986, pp. 417-426.
6 Koblitz N. Elliptic curve cryptosystems. Mathematics of Compution, 1987,48(177):203-209.
7 Koblitz N. Hyperelliptic cryptography, J. of Crypto.,1989,1(3):139-150
8 A. Shamir, Identity-based cryptosystems and signature schemes. Crypto84, Springer-Verlag, LNCS196: 47-53, 1984.
9 Joux A. A one round protocol for tripartite Diffie-Hellman. Algorithmic Number Theory Symposium, ANTS-IV, LNCS 1838, Springer-Verlag, Berlin, 2000, pp. 385-394.
10 D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, Advances inCryptology-Crypto 2001, LNCS 2139, 213-229, Springer-Verlag, 2001.
11 R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairing. In SCIS 2000, Okinawa, Japan, January 2000.
12 K.G. Paterson. ID-based signatures from pairings on elliptic curves. Technical Report 2002/004, IACR ePrint Archive, January 2002
13 X. Yi. An identity-based signature scheme from the weil pairing. IEEE Communications Letters, 7 (2):76-78, 2003.
14 J. C. Cha and J. H. Cheon. An identity-based signature from Gap Diffie-Hellman groups. In Y. Desmedt, editor, PKC 2003, volume 2567 of LNCS, pages 18 - 30. Springer-Verlag, January 2003.
15 F. Hess, Exponent Group Signature Schemes and Efficient Identity Based Signature Schemes Based on Pairings, Cryptology ePrint Archive, Report2002/012.
16 X. Chen, F. Zhang and K. Kim. A new ID-based group signature scheme from bilinear pairings, http: //eprint. iacr. org/2003/116. 2003
17 B Lynn. Authenticated ID—based encryption [R]. Cryptology ePrint Archive, Tech Rep: 2002/072, 2004. http: //eprint. iacr. org/2002/072
18 R Canetti, S Halevi, J Katz. Chosen—ciphertext security from identity based encryption[G]. In: Advances in Cryptology- Eurocrypt' 04, LNCS 3027. Berlin: Springer—Verlag, 2004. 207-222
19 D Boneh, X Boyen. Efficient selective ID secure identity based encryption without random Oracles [G]. In: Advances in Cryptology—Euroerypt' 04, LNCS 3027. Berlin: Springer— Verlag, 2004. 223—238
20 D Boneh, X Boyen. Secure identity based encryption without random oracles[G]. In: Advances in Cryptology-Crypto' 04, LNCS 3152. Berlin: Springer-Verlag, 2004. 443—459
21 J Horwitz, B Lynn. Toward hierarchical identity based encryption[G]. In: Advances in Cryptology-Eurocrypt' 02, LNCS 2332. Berlin: Springer—Verlag, 2002. 466—481
22 C Gentry, A Silverberg. Hierarchical ID—based cryptography [G]. In: Advances in Cryptology-Ai~crypt'02, LNCS 2501. Berlin: Springer—Verlag, 2002. 548—566
23 N P Smart. An ID—based authenticated key agreement protocol based on the Well pairing[J]. IEE Electronics Letters, 2002, 38(13): 630—632
24 M Scott. Authenticated ID—based key exchange and remote log— in with insecure token and PIN number[R]. Cryptology ePrint Archive. Tech Rep: 2002|164, 2002. http: | / eprint. iacr. org 2002 / 164
25 L Chen, C Kudla. Identity based authenticated key agreement from pairings[R]. CryptoIogy ePrint Archive, Teeh Rep: 2002/184, 2002. http: / /eprint. iacr. org / 2002 / 184
26 K Shim . Efficient ID—based authenticated key agreement protocol based on the Well pairing[J]. IEE Electronics Letters, 2003, 39(8): 653—654
27 H M Sun. BT Hsieh. Security analysis of Shim' s authenticated key agreement protocols from pairings[R]. Cryptology ePrint Archive, Tech Rep: 2003| 13. 2003. http: | /eprint. iacr. org 2003/113
28 N McCullagh, P SLM Barreto. A new two—party identity—based authenticated key agreement[G]. In: Proc of the RSA Conf 2005 Cryptographers' Track (CT—RSA' 05), LNCS 3376. Berlin: Springer Verlag, 2005. 262—274
29 M BeL Lare, P Rogaway. Entity authentication and key distribution[G]. In: Proc of the Advances in Cryptology- Crypto' 93, LNCS 773. Berlin: Springer—Verlag, 1994. 232—249
30 A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. Odlyzko, editor, CRYPTO 1986, volume 263 of LNCS, pages 186 - 194. Springer-Verlag, August 1986.
31 OhtaK, Okamoto E. Practical extension of Fiat-Shamir scheme. Electr. Lett. 1988, 24(15): 955-956.
32 Laih C, Lee J and Harn L. et al. A new scheme for ID-based cryptosystem and signature.INFOCOM' 89. IEEE.23-27 Apr 1989,vol.3, 998-1002.
33 Chang C and Lin C. An ID-based signature scheme based upon Rabin' s public key cryptosystem. Proceeding 25th Annual IEEE International Carnahan Conference on Security Technology, October 1-3, 1991,pp: 139-141.
34 Park S, Kim S, Won D. ID-based group signature. Electr. Lett. 1997, 33(19): 1616-1617.
35 Popescu S. An efficient ID-based group signature scheme. Studia Univ. Babed-Bolyai, Informatica, 2002, XLVII(2):29-36.
36 H. Gutowitz, Cryptography with dynamical systems, in:E. Goles, N. Boccara (Eds.)Cellular Automata and Cooperative Phenomena, Kluwer Academic Publishers, Dordrecht, 1993
37 Chen Z, Huang J, Huang D et al. Provably secure and ID-based group signature scheme. 18th International Conference on AINA' 04. Vol. 2, 384-388, March 29-31,2004, Fukuoka, Japan.
38 http://killerzhu.blogchina.com/3822089.html.
39 Parimal Pal Chaudhuri,Depanwita Roy Chowdhury, Sukumar Nandi,Santanu Chattopadhuay, Additive Cellular Automata: Theory and Application IEEE Computer Society-Wiley, 1997
40 S.Wolfram, Statistical Mechanics of Cellular Automata, Review Modern Physics, 1983, Vol. 55, :Vo. 3. pp. 601-644
41 A.K. Das,A.Ganguly, A. Dasgupta, SBhawmik, and P. P. Chaudhuri,Efficient Characterisation of Cellular Automata, IEEE Proceedings, 1990, Vol.137, Pt.E, No.1, pp. 81-87
42 G.Y. Vichniac, P. Tamayo, Hartman, Annealed and quenched inhomogeneous cellular automata, Journal of Statiscal Physics, 1986, Vol. 45, No.875
43 Melanie Mitchell, Computation in Cellular Automata: A Selected Review, In T. Gramss, S. Bomboldt, 1998. pp. 95-140
44 S. Wolfram, University and Complexity in Cellular Automata, Physica D, 1984, Vol. 10 No.1: pp.1-35
45 姚刚,冯登国,基于weil对的成对密钥协商协议.Journal of software,v0l.17,NO.4,april 2006,pp.907-914.
46 田野,张玉军,李忠诚,使用对技术的基于身份的密码学研究综述.Journal of Computer Research and Development,ISSN 1000-1239/CN 11-1777/TP43(10):1810-1819,2006.
47 Ian Blake, Kumar Murty , Guangwu Xu, Refinements of Miller' s Algorithm for Computing Weil/TatePairing. lnUniversityofToronto. October, 2OO3. pp. 3-12.
48 WenBo Mao, ELLIPTIC CURVES AND BILINEAR PAIRINGS. pp. 11S-143.
49 Paulo S.L.M. Barreto, Hae Y. Kim, Ben Lynn, Michael Scott. Efficient Algorithms for Pairing-Based Cryptosystems. M. Yung (Ed.): CRYPTO 2002, LNCS 2442, pp. 354-369, 2002.
50 V.Shoup. Using Hash functions as a hedge against chosen ciphertext attaek[C].Advances in Cryptology-EUROCRYPT 2000. Berlin:Springer-Verlag ,2000.275-288.
51 平萍等,基于耦合触发元胞自动机的并行加密模型.信息与控制.V0l.35,No.3,June,2006.
52 Kirsten Eisentr ager, Kristin hauter, and Peter L. Montgomery. Fast elliptic curve arithmetic and improved Weil pairing evaluation. In Marc Joye, editor, Topics in Cryptology - CT-RSA 2003, The Cryptographers' Track at the RSA Conference 2003, San Francisco,CA, USA, April 13-17, 2003, Proceedings, pages 343 - 354. LNCS 2612, Springer-Verlag, 2003.
53 M. Ciet, M. Joye, K. Lauter, and P. L. Montgomery, Trading inversions for mul-tiplications in elliptic curve cryptography, Designs,Codes and Cryptography. Vol39, No 2, pp. 189-206, May 2006.
2 Rivest R. L., Shamir A. and Adleman L. M. A Method for Obtaining Digital Signature and Public Key Cryptosystems. Communications of the ACM, Vol. 21, No. 2, Feb. 1978, pp. 120-126.
3 Rbain, M.O. Digital signature and public-key functions as intractable as facoriza-tion. MIT Laboratory for computer Science, Technical Report, MIr/LC-S/TR212, Jan 1979.
4 EiGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory, Vol. 31, No. 4,1985, pp. 469-472.
5 Miller V S. Use of elliptic curve in cryptosystems. Advances in Cryptology-CRYPZ085, LNCS 218, Springer-Verlag, Berlin, 1986, pp. 417-426.
6 Koblitz N. Elliptic curve cryptosystems. Mathematics of Compution, 1987,48(177):203-209.
7 Koblitz N. Hyperelliptic cryptography, J. of Crypto.,1989,1(3):139-150
8 A. Shamir, Identity-based cryptosystems and signature schemes. Crypto84, Springer-Verlag, LNCS196: 47-53, 1984.
9 Joux A. A one round protocol for tripartite Diffie-Hellman. Algorithmic Number Theory Symposium, ANTS-IV, LNCS 1838, Springer-Verlag, Berlin, 2000, pp. 385-394.
10 D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, Advances inCryptology-Crypto 2001, LNCS 2139, 213-229, Springer-Verlag, 2001.
11 R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairing. In SCIS 2000, Okinawa, Japan, January 2000.
12 K.G. Paterson. ID-based signatures from pairings on elliptic curves. Technical Report 2002/004, IACR ePrint Archive, January 2002
13 X. Yi. An identity-based signature scheme from the weil pairing. IEEE Communications Letters, 7 (2):76-78, 2003.
14 J. C. Cha and J. H. Cheon. An identity-based signature from Gap Diffie-Hellman groups. In Y. Desmedt, editor, PKC 2003, volume 2567 of LNCS, pages 18 - 30. Springer-Verlag, January 2003.
15 F. Hess, Exponent Group Signature Schemes and Efficient Identity Based Signature Schemes Based on Pairings, Cryptology ePrint Archive, Report2002/012.
16 X. Chen, F. Zhang and K. Kim. A new ID-based group signature scheme from bilinear pairings, http: //eprint. iacr. org/2003/116. 2003
17 B Lynn. Authenticated ID—based encryption [R]. Cryptology ePrint Archive, Tech Rep: 2002/072, 2004. http: //eprint. iacr. org/2002/072
18 R Canetti, S Halevi, J Katz. Chosen—ciphertext security from identity based encryption[G]. In: Advances in Cryptology- Eurocrypt' 04, LNCS 3027. Berlin: Springer—Verlag, 2004. 207-222
19 D Boneh, X Boyen. Efficient selective ID secure identity based encryption without random Oracles [G]. In: Advances in Cryptology—Euroerypt' 04, LNCS 3027. Berlin: Springer— Verlag, 2004. 223—238
20 D Boneh, X Boyen. Secure identity based encryption without random oracles[G]. In: Advances in Cryptology-Crypto' 04, LNCS 3152. Berlin: Springer-Verlag, 2004. 443—459
21 J Horwitz, B Lynn. Toward hierarchical identity based encryption[G]. In: Advances in Cryptology-Eurocrypt' 02, LNCS 2332. Berlin: Springer—Verlag, 2002. 466—481
22 C Gentry, A Silverberg. Hierarchical ID—based cryptography [G]. In: Advances in Cryptology-Ai~crypt'02, LNCS 2501. Berlin: Springer—Verlag, 2002. 548—566
23 N P Smart. An ID—based authenticated key agreement protocol based on the Well pairing[J]. IEE Electronics Letters, 2002, 38(13): 630—632
24 M Scott. Authenticated ID—based key exchange and remote log— in with insecure token and PIN number[R]. Cryptology ePrint Archive. Tech Rep: 2002|164, 2002. http: | / eprint. iacr. org 2002 / 164
25 L Chen, C Kudla. Identity based authenticated key agreement from pairings[R]. CryptoIogy ePrint Archive, Teeh Rep: 2002/184, 2002. http: / /eprint. iacr. org / 2002 / 184
26 K Shim . Efficient ID—based authenticated key agreement protocol based on the Well pairing[J]. IEE Electronics Letters, 2003, 39(8): 653—654
27 H M Sun. BT Hsieh. Security analysis of Shim' s authenticated key agreement protocols from pairings[R]. Cryptology ePrint Archive, Tech Rep: 2003| 13. 2003. http: | /eprint. iacr. org 2003/113
28 N McCullagh, P SLM Barreto. A new two—party identity—based authenticated key agreement[G]. In: Proc of the RSA Conf 2005 Cryptographers' Track (CT—RSA' 05), LNCS 3376. Berlin: Springer Verlag, 2005. 262—274
29 M BeL Lare, P Rogaway. Entity authentication and key distribution[G]. In: Proc of the Advances in Cryptology- Crypto' 93, LNCS 773. Berlin: Springer—Verlag, 1994. 232—249
30 A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. Odlyzko, editor, CRYPTO 1986, volume 263 of LNCS, pages 186 - 194. Springer-Verlag, August 1986.
31 OhtaK, Okamoto E. Practical extension of Fiat-Shamir scheme. Electr. Lett. 1988, 24(15): 955-956.
32 Laih C, Lee J and Harn L. et al. A new scheme for ID-based cryptosystem and signature.INFOCOM' 89. IEEE.23-27 Apr 1989,vol.3, 998-1002.
33 Chang C and Lin C. An ID-based signature scheme based upon Rabin' s public key cryptosystem. Proceeding 25th Annual IEEE International Carnahan Conference on Security Technology, October 1-3, 1991,pp: 139-141.
34 Park S, Kim S, Won D. ID-based group signature. Electr. Lett. 1997, 33(19): 1616-1617.
35 Popescu S. An efficient ID-based group signature scheme. Studia Univ. Babed-Bolyai, Informatica, 2002, XLVII(2):29-36.
36 H. Gutowitz, Cryptography with dynamical systems, in:E. Goles, N. Boccara (Eds.)Cellular Automata and Cooperative Phenomena, Kluwer Academic Publishers, Dordrecht, 1993
37 Chen Z, Huang J, Huang D et al. Provably secure and ID-based group signature scheme. 18th International Conference on AINA' 04. Vol. 2, 384-388, March 29-31,2004, Fukuoka, Japan.
38 http://killerzhu.blogchina.com/3822089.html.
39 Parimal Pal Chaudhuri,Depanwita Roy Chowdhury, Sukumar Nandi,Santanu Chattopadhuay, Additive Cellular Automata: Theory and Application IEEE Computer Society-Wiley, 1997
40 S.Wolfram, Statistical Mechanics of Cellular Automata, Review Modern Physics, 1983, Vol. 55, :Vo. 3. pp. 601-644
41 A.K. Das,A.Ganguly, A. Dasgupta, SBhawmik, and P. P. Chaudhuri,Efficient Characterisation of Cellular Automata, IEEE Proceedings, 1990, Vol.137, Pt.E, No.1, pp. 81-87
42 G.Y. Vichniac, P. Tamayo, Hartman, Annealed and quenched inhomogeneous cellular automata, Journal of Statiscal Physics, 1986, Vol. 45, No.875
43 Melanie Mitchell, Computation in Cellular Automata: A Selected Review, In T. Gramss, S. Bomboldt, 1998. pp. 95-140
44 S. Wolfram, University and Complexity in Cellular Automata, Physica D, 1984, Vol. 10 No.1: pp.1-35
45 姚刚,冯登国,基于weil对的成对密钥协商协议.Journal of software,v0l.17,NO.4,april 2006,pp.907-914.
46 田野,张玉军,李忠诚,使用对技术的基于身份的密码学研究综述.Journal of Computer Research and Development,ISSN 1000-1239/CN 11-1777/TP43(10):1810-1819,2006.
47 Ian Blake, Kumar Murty , Guangwu Xu, Refinements of Miller' s Algorithm for Computing Weil/TatePairing. lnUniversityofToronto. October, 2OO3. pp. 3-12.
48 WenBo Mao, ELLIPTIC CURVES AND BILINEAR PAIRINGS. pp. 11S-143.
49 Paulo S.L.M. Barreto, Hae Y. Kim, Ben Lynn, Michael Scott. Efficient Algorithms for Pairing-Based Cryptosystems. M. Yung (Ed.): CRYPTO 2002, LNCS 2442, pp. 354-369, 2002.
50 V.Shoup. Using Hash functions as a hedge against chosen ciphertext attaek[C].Advances in Cryptology-EUROCRYPT 2000. Berlin:Springer-Verlag ,2000.275-288.
51 平萍等,基于耦合触发元胞自动机的并行加密模型.信息与控制.V0l.35,No.3,June,2006.
52 Kirsten Eisentr ager, Kristin hauter, and Peter L. Montgomery. Fast elliptic curve arithmetic and improved Weil pairing evaluation. In Marc Joye, editor, Topics in Cryptology - CT-RSA 2003, The Cryptographers' Track at the RSA Conference 2003, San Francisco,CA, USA, April 13-17, 2003, Proceedings, pages 343 - 354. LNCS 2612, Springer-Verlag, 2003.
53 M. Ciet, M. Joye, K. Lauter, and P. L. Montgomery, Trading inversions for mul-tiplications in elliptic curve cryptography, Designs,Codes and Cryptography. Vol39, No 2, pp. 189-206, May 2006.