具有授权委派的层次身份基密码研究

发布时间：2018-04-03 20:29

  本文选题：身份基密码　切入点：层次身份基密码　出处：《燕山大学》2016年博士论文

【摘要】：在设计层次身份基密码(Hierarchical Identity Based Cryptography,HIBC)系统时,隐私和效率是影响所构造系统可用性的两个重要影响因素。隐私问题源于HIBC系统中私钥委派机制,通常是实体的私钥可被用于推导它的子孙实体的私钥,即身份基密码的固有密钥托管问题,造成身份基加密系统无法实现密文的加密隐私以及身份基签名系统中认证性和不可抵赖性的破坏。效率问题关注的是密码要素(如密钥、密文、签名等)和密码操作的时间与空间复杂度;通常要求所构建的层次身份基密码系统中的密码要素和密码操作的时间与空间复杂度与实体的身份层次深度无关。虽然层次身份基加密的概念被提出已将近十五年时间了,但是密钥托管问题和如何实现定向或独立的私钥委派问题并没有得到很好地解决;针对层次身份基密码中固有的密钥托管、独立的私钥委派、密文的加密隐私和签名的不可抵赖、以及密码要素和密码操作的时空复杂度等问题,论文展开深入研究,主要完成的工作如下。第一、论文剖析已有的私钥委派机制:“无限委派”和“有限委派”,指出基于实体身份标识符的“独立随机化”和“组合随机化”的私钥构造方式造成层次身份基密码系统中密钥托管问题恶化和独立的私钥委派无法实现;提出基于独立授权的新的私钥委派机制以解决密钥托管和独立的私钥委派问题,并称该新机制为“授权委派”。授权委派实现:(1)私钥不能作为私钥推导的有效委派凭证,(2)每一份私钥委派凭证仅能用于推导指定实体的私钥,(3)实体只有拥有由根PKG(Private Key Generator)分发的有效委派凭证才能推导得到其子孙实体的私钥。第二、针对“授权委派”只是概念性机制,论文提出了“标识符差异化”的私钥构造技术,以构造具有授权委派的HIBC系统;其核心在于差异化处理实体的各层次身份标识符以随机化HIBC系统主密钥来构造实体的私钥。因为得到祖先实体和子孙实体私钥的随机化方式不同,使得祖先实体的私钥不能被当作有效的委派凭证用于推导子孙实体的私钥。为了实现基于授权的私钥委派,论文提出基于“身份模式”的被授权目标身份集合的构造方法,以便于根PKG的委派密值抽取。第三、论文研究“标识符差异化”的具体实现,提出差异化处理实体的非本地身份标识符与本地身份标识符,基于实体非本地身份标识定义的组合随机化项实现密码要素和密码操作与身份层次深度的无关性,基于实体本地身份标识独立定义的随机化项废止私钥成为私钥委派的凭证,进而解决固有的密钥托管问题。基于判定双线性Diffie-Hellman假设,在标准安全模型下构造出一个具有授权委派和选定身份安全的层次身份基加密系统;该系统的密码要素和密码操作的时空复杂度与实体的身份层次深度无关。第四、针对依Naor变换由层次加密系统构造层次签名系统引起的私钥泄露问题,论文研究为签名者身份引入虚拟层,将被签名消息看作虚拟层的身份标识构造虚身份,并由身份虚拟层独立随机化签名者私钥以构造层次身份基签名系统;基于双线性群上的“混合隙Diffie-Hellman”(HGDH)问题,依此方法由已构造的层次身份基加密系统在标准模型下构造出一个不可抵赖的可证存在性不可伪造的层次身份基签名系统。最后,为了实现匿名签名,通过集成可证存在性不可伪造的层次身份基签名系统和Groth-Sahai证明系统,提出了一个选择明文匿名和完全可追踪的层次身份基群签名的通用构造。针对群签名的匿名验证问题,提出“签名验证凭证”的概念,以可证安全的层次签名系统来实例化层次群签名通用构造,并基于Groth-Sahai证明实现群签名的匿名证明、匿名验证和签名打开。
[Abstract]:In the design of hierarchical identity based password (Hierarchical Identity Based Cryptography, HIBC) system, privacy and efficiency are two important factors influencing the structure of system availability. Privacy issues from the private key assignment mechanism in HIBC system, usually solid private key can be used to derive its descendants entity's private key, namely the inherent key escrow identity based cryptography, identity based encryption system which cannot achieve authentication and non repudiation of the destruction of privacy and identity based encryption cipher signature system. The efficiency problem is concerned with the password elements (such as key ciphertext, signature and password) time and space complexity of operation time and space level; identity based cryptosystem is usually required in the construction of the password and password elements of the operation of the complex identity hierarchy depth and entity independent of the level. Although the concept of identity based. Has been proposed for nearly fifteen years, but the key escrow problem and how to realize the directional or independent private delegate has not been well resolved; in view of the inherent key escrow level identity based passwords, appoint an independent private key encryption, privacy and non repudiation signature ciphertext, and temporal elements and password password the operation complexity, this paper deeply studied, the main work is as follows. First, this paper analyzes the existing key assignment mechanism: "infinite assignment" and "limited delegation" and pointed out that private key construction entity identifier "independent random" and "combination of randomization" based on hierarchical identity based key escrow problem caused by the password system deterioration and independent private key assignment can be realized; the independent authorized a new private key assignment mechanism to solve the key escrow and independence based on The private key assignment problem, and that the new mechanism for "delegation". Delegate: (1) the private key is not as effective delegation credentials are private key (2), a private key can only specify delegation credentials derived entities of the private key is used, (3) entity only owned by root PKG (Private Key Generator) the distribution of effective delegation credentials to derive the descendants of entities of the private key. Second, according to the "delegation" only a conceptual mechanism, the paper proposes a "key construction technology identifier difference", to construct has delegated HIBC system; its core is the level difference processing entity identifier to the master key randomized HIBC system to construct the entity's private key. Because the ancestors and descendants of random way to get real entity key, the ancestral entity as an efficient private key cannot be used to derive sub delegation credentials Sun entity. In order to realize the authorized private key private key based on the proposed based on "identity model" is authorized to set target identity construction method, to appoint PKG for root density extraction. Third, implementation of the research "identifier difference", proposed the difference processing entity identifier and non local identity the local identity identifier, the entity of non local identity defined by the combination of the realization of the password and password random elements operation and identity hierarchy depth independent entity based on local identity defined independently of the randomization to repeal the private key certificate based on the private key is assigned, and then solve the inherent key escrow problem. To determine the bilinear Diffie-Hellman based on the assumption in the standard of safety the model constructed a hierarchical identity based delegation and selected identity security encryption system; the system password Temporal elements and cryptographic operations complex identity hierarchy depth degree and independent entity. In fourth, according to the key exposure in Naor transform by hierarchical encryption system structure signature system caused by the paper for the signer's identity will be the introduction of virtual layer, message layer as virtual identity virtual identity, and identity virtual layer independent randomized signature private key to construct hierarchical identity based signature system; mixed gap Diffie-Hellman bilinear groups "based on" (HGDH), this method has been constructed by hierarchical identity based encryption system in the standard model to construct a non repudiation of hierarchical identity based signature system there is not forged. Finally, in order to achieve the integration of anonymous signature, identity based signature hierarchy system and Groth-Sahai system is proved unforgeability, presented a choice Clear and fully traceable anonymous hierarchical identity based group signature. Aiming at the problem of the general construction of anonymous authentication of group signature, puts forward the concept of "signature verification certificate", the system hierarchical signature provably secure group signature level to instantiate the generic construction, and based on the Groth-Sahai evidence proved to achieve anonymity of group signature, anonymous authentication and open the signature.

【学位授予单位】：燕山大学
【学位级别】：博士
【学位授予年份】：2016
【分类号】：TP309
，

本文编号：1706789