支持多密文批量审计的解密外包SM9-HIBE密钥封装机制

doi:10.11959/j.issn.1000-436x.2023222

通信学报 ›› 2023, Vol. 44 ›› Issue (12): 158-170.doi: 10.11959/j.issn.1000-436x.2023222

• 学术论文 • 上一篇

支持多密文批量审计的解密外包SM9-HIBE密钥封装机制

刘宽¹, 宁建廷¹^,²^,³, 伍玮³^,⁴, 许胜民¹^,², 林超¹^,²

¹ 福建师范大学计算机与网络空间安全学院，福建福州 350117
² 福建省网络安全与密码技术重点实验室，福建福州 350117
³ 福建师范大学分析数学及应用教育部重点实验室，福建福州 350117
⁴ 福建师范大学数学与统计学院，福建福州 350117

修回日期:2023-10-23 出版日期:2023-12-01 发布日期:2023-12-01
作者简介:刘宽（1995- ），男，河南周口人，福建师范大学博士生，主要研究方向为应用密码学、数据安全等
宁建廷（1988- ），男，浙江衢州人，博士，福建师范大学教授、博士生导师，主要研究方向为公钥密码学、数据安全和区块链安全等
伍玮（1981- ），女，江苏南京人，博士，福建师范大学教授，主要研究方向为密码学、信息安全等
许胜民（1989- ），男，山东荣成人，博士，福建师范大学副教授，主要研究方向为应用密码学、区块链等
林超（1991- ），男，福建平和人，博士，福建师范大学副教授，主要研究方向为应用密码学、区块链隐私保护等
基金资助:
国家自然科学基金资助项目(61972094);国家自然科学基金资助项目(62372108);国家自然科学基金资助项目(62102090);国家自然科学基金资助项目(62102089);国家自然科学基金资助项目(U21A20466)

Multi-ciphertext batch auditable decryption outsourcing SM9-HIBE key encapsulation mechanism

Kuan LIU¹, Jianting NING¹^,²^,³, Wei WU³^,⁴, Shengmin XU¹^,², Chao LIN¹^,²

¹ College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China
² Fujian Provincial Key Laboratory of Network Security and Cryptology, Fuzhou 350117, China
³ Key Laboratory of Analytical Mathematics and Applications, Fujian Normal University, Fuzhou 350117, China
⁴ School of Mathematics and Statistics, Fujian Normal University, Fuzhou 350117, China

Revised:2023-10-23 Online:2023-12-01 Published:2023-12-01
Supported by:
The National Natural Science Foundation of China(61972094);The National Natural Science Foundation of China(62372108);The National Natural Science Foundation of China(62102090);The National Natural Science Foundation of China(62102089);The National Natural Science Foundation of China(U21A20466)

摘要/Abstract

摘要：

SM9-HIBE密钥封装机制的解密操作需要2次双线性配对运算，在设备算力受限且需对大规模信息资源进行高频解密时，配对运算的高额计算开销会束缚系统的有效部署。为此，基于SM9-HIBE提出了一种支持解密外包和多密文批量审计的新型密钥封装机制OASM9-HIBE，并利用Fujisaki-Okamoto转换技术在随机谕言模型下证明了OASM9-HIBE具备RCCA安全性。OASM9-HIBE将计算繁重的双线性配对运算全部安全外包至算力强大的云端，第k层用户只需执行一次简单的指数运算即可完成最终解密，有效提升了原SM9-HIBE的解密效率，OASM9-HIBE同时运用密钥盲化技术实现了多份转换密文的高效批量审计功能，从而拓展了SM9系列算法的应用领域。

关键词: 分层密钥封装机制, 解密外包, 批量审计, 密钥封装

Abstract:

The decryption operation of SM9-HIBE key encapsulation mechanism required two bilinear pairing operations, for the equipment requiring frequent decryption of massive data and with limited computing resources, such resourcing-consuming pairing operation will become an important bottleneck restricting the system deployment.To address the above issue, a decryption outsourcing key encapsulation mechanism OASM9-HIBE based on SM9-HIBE was proposed, which supported multi-ciphertext batch auditing.The Fujisaki-Okamoto transformation technology was utilized to prove the RCCA security of OASM9-HIBE under the random oracle model.All resourcing-consuming bilinear pairing operations were safely offloaded to the cloud server in OASM9-HIBE, the k-th hierarchical user only need to perform one simple exponentiation operation to complete the final decryption.The decryption efficiency of the original SM9-HIBE was effectively improved under the premise of not changing the downward proxy generation function of the user’s private key between hierarchical.OASM9-HIBE additively achieved the property of batch auditing of multi-transformed ciphertexts by employing the key blinding technology.Theoretical analysis and evaluation of experimental data highlight the feasibility and efficiency of OASM9-HIBE, OASM9-HIBE extends the application field of SM9 series algorithms.

Key words: hierarchical key encapsulation mechanism, decryption outsourcing, batch audit, key encapsulation

中图分类号:

TP309

刘宽, 宁建廷, 伍玮, 许胜民, 林超. 支持多密文批量审计的解密外包SM9-HIBE密钥封装机制[J]. 通信学报, 2023, 44(12): 158-170.

Kuan LIU, Jianting NING, Wei WU, Shengmin XU, Chao LIN. Multi-ciphertext batch auditable decryption outsourcing SM9-HIBE key encapsulation mechanism[J]. Journal on Communications, 2023, 44(12): 158-170.

图/表 9

表1

图1

表2

计算开销比较"

密钥封装机制	密钥生成	密钥派生	密文生成	终端解密
SM9-HIBE	$2 T_{{sm}_{1}} + (n + 1) T_{{sm}_{2}}$	$2 T_{{sm}_{1}} + (n + 1) T_{{sm}_{2}}$	$2 T_{{sm}_{1}} + k T_{{sm}_{2}} + 1 E_{t}$	$2 T_{p} + H_{K}$
OASM9-HIBE	$2 T_{{sm}_{1}} + (n + 2) T_{{sm}_{2}}$	$2 T_{{sm}_{1}} + (n + 2) T_{{sm}_{2}}$	$2 T_{{sm}_{1}} + k T_{{sm}_{2}} + 2 E_{t}$	$T_{e_{t}} + H_{K}$

表2

表3

存储开销比较"

密钥封装机制	全局参数生成	密钥生成	密钥派生	密文生成	终端解密
SM9-HIBE	$\| G_{T} \| + (n + 1) \| G_{2} \| + 2 \| G_{1} \|$	$(n - k + 1) \| G_{2} \| + \| G_{1} \|$	$(n - k + 1) \| G_{2} \| + \| G_{1} \|$	$\| G_{1} \| + \| G_{2} \|$	$2 \| G_{T} \|$
OASM9-HIBE	$2 \| G_{T} \| + (n + 1) \| G_{2} \| + 2 \| G_{1} \|$	$(n - k + 2) \| G_{2} \| + \| G_{1} \|$	$(n - k + 2) \| G_{2} \| + \| G_{1} \|$	$\| G_{1} \| + \| G_{2} \| + \| G_{T} \|$	$\| G_{2} \|$

表3

表4

表5

表6

表7

图2

参考文献 20

[1]	SHAMIR A . Identity-based cryptosystems and signature schemes[C]// Advances in Cryptology. Berlin:Springer, 2007: 47-53.
[2]	BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing[C]// Advances in Cryptology 2001. Berlin:Springer, 2001: 213-229.
[3]	HORWITZ J , LYNN B . Toward hierarchical identity-based encryption[C]// Advances in Cryptology. Berlin:Springer, 2002: 466-481.
[4]	BONEH D , BOYEN X . Efficient selective-id secure identity-based encryption without random oracles[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2004: 223-238.
[5]	WATERS B . Dual system encryption:realizing fully secure IBE and HIBE under simple assumptions[C]// Annual International Cryptology Conference. Berlin:Springer, 2009: 619-636.
[6]	LEWKO A , WATERS B . Unbounded HIBE and attribute-based encryption[C]// Advances in Cryptology. Berlin:Springer, 2011: 547-567.
[7]	BOYEN X , WATERS B . Anonymous hierarchical identity-based encryption (without random oracles)[C]// Lecture Notes in Computer Science. Berlin:Springer, 2006: 290-307.
[8]	LANGREHR R , PAN J X . Tightly secure hierarchical identity-based encryption[C]// International Workshop on Public Key Cryptography. Berlin:Springer, 2019: 436-465.
[9]	LANGREHR R , PAN J X . Hierarchical identity-based encryption with tight multi-challenge security[C]// IACR International Conference on Public-Key Cryptography. Cham:Springer, 2020: 153-183.
[10]	BLAZY O , KILTZ E , PAN J X . (Hierarchical) identity-based encryption from affine message authentication[C]// Annual Cryptology Conference. Berlin:Springer, 2014: 408-425.
[11]	GONG J Q , CAO Z F , TANG S H ,et al. Extended dual system group and shorter unbounded hierarchical identity based encryption[J]. Designs,Codes and Cryptography, 2016,80(3): 525-559.
[12]	LANGREHR R , PAN J X . Tightly secure hierarchical identity-based encryption[J]. Journal of Cryptology, 2020,33: 1787-1821.
[13]	Cryptography Standardization Technical Committee. SM9 identity-based cryptographic algorithm:GM/T0044-2016[S]. 2016.
[14]	赖建昌, 黄欣沂, 何德彪 ,等. 国密SM9数字签名和密钥封装算法的安全性分析[J]. 中国科学(信息科学), 2021,51(11): 1900-1913.
	LAI J C , HUANG X Y , HE D B ,et al. Security analysis of SM9 digital signature and key encapsulation[J]. Scientia Sinica (Informationis), 2021,51(11): 1900-1913.
[15]	赖建昌, 黄欣沂, 何德彪 . 一种基于商密SM9的高效标识广播加密方案[J]. 计算机学报, 2021,44(5): 897-907.
	LAI J C , HUANG X Y , HE D B . An efficient identity-based broadcast encryption scheme based on SM9[J]. Chinese Journal of Computers, 2021,44(5): 897-907.
[16]	秦宝东, 张博鑫, 白雪 . 基于仲裁的SM9标识加密算法[J]. 计算机学报, 2022,45(2): 412-426.
	QIN B D , ZHANG B X , BAI X . Mediated SM9 identity-based encryption algorithm[J]. Chinese Journal of Computers, 2022,45(2): 412-426.
[17]	赖建昌, 黄欣沂, 何德彪 ,等. 基于商用密码SM9的高效分层标识加密[J]. 中国科学(信息科学), 2023,53(5): 918-930.
	LAI J C , HUANG X Y , HE D B ,et al. An efficient hierarchical identity-based encryption based on SM9[J]. Scientia Sinica (Informationis), 2023,53(5): 918-930.
[18]	BONEH D , BOYEN X , GOH E J . Hierarchical identity based encryption with constant size ciphertext[C]// Lecture Notes in Computer Science. Berlin:Springer, 2005: 440-456.
[19]	GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts[C]// Proceedings of the 20th USENIX Security Symposium. Berkeley:USENIX Association, 2011: 523-538.
[20]	FUJISAKI E , OKAMOTO T . Secure integration of asymmetric and symmetric encryption schemes[J]. Journal of Cryptology, 2013,26(1): 80-101.

密钥封装机制	解密外包	批量审计	困难问题假设	安全性
SM9-HIBE	×	×	(q,n)-DBDHI	sID-CPA
OASM9-HIBE	√	√	(q,n)-DBDHI	RCCA

密钥封装机制	全局参数生成	密钥生成	密钥派生	密文生成	终端解密
SM9-HIBE	$\| G_{T} \| + (n + 1) \| G_{2} \| + 2 \| G_{1} \|$	$(n - k + 1) \| G_{2} \| + \| G_{1} \|$	$(n - k + 1) \| G_{2} \| + \| G_{1} \|$	$\| G_{1} \| + \| G_{2} \|$	$2 \| G_{T} \|$
OASM9-HIBE	$2 \| G_{T} \| + (n + 1) \| G_{2} \| + 2 \| G_{1} \|$	$(n - k + 2) \| G_{2} \| + \| G_{1} \|$	$(n - k + 2) \| G_{2} \| + \| G_{1} \|$	$\| G_{1} \| + \| G_{2} \| + \| G_{T} \|$	$\| G_{2} \|$

密钥封装机制	密钥生成/ms	密钥派生/ms	加密/ms	解密外包/ms	批量审计/ms
SM9-HIBE	82.90	82.13	84.79	—	—
OASM9-HIBE	88.11	87.90	95.13	14.25	10.68

密钥封装机制	密钥生成/ms	密钥派生/ms	加密/ms	解密外包/ms	批量审计/ms
SM9-HIBE	82.90	82.13	8 572	—	—
OASM9-HIBE	88.11	87.90	9 737	1 501	11.33

支持多密文批量审计的解密外包SM9-HIBE密钥封装机制

Multi-ciphertext batch auditable decryption outsourcing SM9-HIBE key encapsulation mechanism

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 20

相关文章 6

Metrics

推荐阅读 0

密钥封装机制	终端解密/ms
SM9-HIBE	78.63
OASM9-HIBE	11.07

[1]	孙磊,赵志远,王建华,朱智强. 云存储环境下支持属性撤销的属性基加密方案[J]. 通信学报, 2019, 40(5): 47-56.
[2]	宋衍,韩臻,李建军,韩磊. 支持安全共享的云存储系统研究[J]. 通信学报, 2017, 38(Z1): 88-96.
[3]	查雅行，罗守山，卞建超，李伟. 基于多分支认证树的多用户多副本数据持有性证明方案[J]. 通信学报, 2015, 36(11): 80-91.
[4]	何凯,黄传河,王小毛,王晶,史姣丽. 云存储中数据完整性的聚合盲审计方法[J]. 通信学报, 2015, 36(10): 119-132.
[5]	马海英，曾国荪，王占君，王伟. 高效可证明安全的基于属性的在线/离线加密机制[J]. 通信学报, 2014, 35(7): 13-112.
[6]	马海英,曾国荪,王占君,王伟. 高效可证明安全的基于属性的在线/离线加密机制[J]. 通信学报, 2014, 35(7): 104-112.