• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学 ›› 2022, Vol. 44 ›› Issue (08): 1382-1391.

• 计算机网络与信息安全 • 上一篇    下一篇

一种具有身份锁的门限多秘密共享方案

崔晨雨1,张丽娜1,2    

  1. (1.西安科技大学计算机科学与技术学院,陕西 西安 710600;2.陕西师范大学计算机科学学院,陕西 西安 710119)
  • 收稿日期:2021-10-09 修回日期:2021-11-22 接受日期:2022-08-25 出版日期:2022-08-25 发布日期:2022-08-25
  • 基金资助:
    国家自然科学基金(62102309);陕西省科技厅青年项目(2021JQ-575,2021JQ-576);陕西省教育厅项目(19JK0526);榆林市科技局项目(2016-24-4,2019-173)

A threshold multi-secret sharing scheme with identity lock

CUI Chen-yu1,ZHANG Li-na1,2   

  1. (1.College of Computer Science and Technology,Xi’an University of Science and Technology,Xi’an 710600;
    2.College of Computer Science,Shaanxi Normal University,Xi’an 710119,China)
  • Received:2021-10-09 Revised:2021-11-22 Accepted:2022-08-25 Online:2022-08-25 Published:2022-08-25

摘要: 为了避免现有秘密共享方案中不同秘密的访问控制结构可能相同的问题,提出一种基于身份锁的门限多秘密共享方案,身份锁决定秘密的授权子集,只有授权子集中的用户可以恢复秘密,对不同的秘密存在不同的身份锁。在保持子秘密可重复使用及可检测欺骗行为的前提下,不增加任何参与者的信息交互,有效地解决了不同秘密的访问控制结构难以更改的问题。同时,基于会话密钥协商算法,该方案不需要预设系统存在安全通道来传输秘密份额,因此具有较好的安全性和实用性。该方案非常适用于视频会议、文件分发等基于身份权限访问控制的门限多秘密共享场景。

关键词: 访问控制, 身份锁, 欺骗检测, 密钥协商, 多秘密共享

Abstract: In order to avoid the disadvantage that different secrets has the same access control structure in the existing secret sharing schemes, a threshold multi-secret sharing scheme based on identity lock is proposed, which determines the authorized subset of the secret. Only the user  in the authorized subset can recover the secret. There are different identity locks for different secrets.H3:  preset that the system has a secure channel to transmit secret shares,Under the premise of keeping the sub-secrets reusable and detectable for deception, it does not increase the information interaction of any participants, and effectively solves the problem that the access control structure of different secrets is difficult to change. At the same time, based on the session key negotiation algorithm, the scheme does not need to use a secure channel to transmit the secret share in advance, so it has better security and practicability. The scheme is suitable for the scenarios of multi-secret threshold sharing based on identity access control, such as video conference and file distribution.

Key words: access control, identity lock, deception detection, key negotiation, multi-secret sharing ,