• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学

• 论文 • 上一篇    下一篇

免密钥托管的基于身份的分层加密机制研究

唐鑫,齐芳   

  1. (中南大学信息科学与工程学院,湖南 长沙410083)
  • 收稿日期:2015-11-04 修回日期:2016-03-04 出版日期:2017-05-25 发布日期:2017-05-25
  • 基金资助:

    国家自然科学基金(61103035);湖南省科技计划项目(2014GK3029)

A new key-escrow-free  hierarchical
identity-based encryption scheme
 

TANG Xin,QI Fang   

  1. (School of Information Science and Engineering,Central South University,Changsha 410083,China)
  • Received:2015-11-04 Revised:2016-03-04 Online:2017-05-25 Published:2017-05-25

摘要:

为解决基于身份加密的密钥托管问题,提出了一种针对密钥生成中心的密文不可区分性ACIKGC的安全性的改进方案。该方案首先描述了如何改进架构,以达到ACIKGC安全性。引入第三方信任机构ICA,通过匿名密钥生成协议联合生成用户私钥,在这一过程中,可以确保私钥生成器无法获知用户身份信息,从而无法伪造用户私钥。然后将改进的机制应用到现有的基于身份的分层加密方案中,并且分析证明,在保持性能的前提下达到了更好的安全性。
 

关键词: 密钥托管, 基于身份的分层加密, ACIKGC安全, 第三方信任机构

Abstract:

We present a new scheme to remove key escrow from the hierarchical identitybased encryption (HIBE), based on the security notion of anonymous ciphertext indistinguishability against key generation center (ACIKGC) proposed by Chow. In view of this, we firstly describe how to equip a modified framework in the HIBE system with the ACIKGC security. The private key generator (PKG) and identity certificate authority (ICA) cooperate in an anonymous private key generation protocol, such that the PKG can issue a private key to a user authenticated by the ICA without knowing the list of users’ identities. Then, we apply the proposed scheme to the HIBE system, and theoretical analysis shows that the scheme can provide better security and maintain the performance.
 

Key words: key escrow, hierarchical identitybased encryption, ACIKGC security, identity certificate authority