摘要: |
自SM9标识密码相关算法先后被纳入ISO/IEC国际标准以来,为推动密码技术实现安全先进、自主可控,一系列关于SM9标识密码算法的功能性拓展和安全性(拓展)证明被提出。Cheng依据Gap-q-BCAA1困难问题假设对SM9密钥封装、公钥加密和密钥协商系列算法进行了安全性分析。为有效消除SM9系列算法对Gap困难问题的依附,Lai等人随后利用Twin-Hash-ElGamal技术构造出了Twin-SM9密钥封装机制。然而,Twin-SM9密钥封装机制的解密操作需要2次双线性配对运算,在需要对海量数据进行频繁解密操作且算力资源受限的环境中(如无线传感设备、密码芯片等),计算代价高昂的配对运算将会成为制约系统效率的重要瓶颈。针对上述问题,本文基于Twin-SM9提出了支持多密文批量审计的解密外包新型密钥封装机制BAOC-Twin-SM9,并在随机谕言模型下证明了BAOC-Twin-SM9具备Replayable Chosen Ciphertext Attacks (RCCA)安全性。BAOC-Twin-SM9利用云服务中心的强大算力有效消除了双线性配对运算对原Twin-SM9密钥封装机制解密效率的影响,计算资源有限的终端数据使用者最终只需进行两次简单的指数运算就能对外包计算结果解密。相比于Twin-SM9,其更适用于解密操作频繁且算力资源受限的环境中。另外,针对半可信云服务中心解密外包计算结果的高效审计问题,BAOC-Twin-SM9运用随机盲化技术实现了多密文外包解密结果的批量审计功能,从而保证了外包计算结果的正确性。理论分析和仿真实验数据论证了BAOC-Twin-SM9的可行性与高效性,BAOC-Twin-SM9拓展了SM9系列算法的应用领域。 |
关键词: Twin-SM9|解密外包|批量审计|SM9|密钥封装 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.07.07 |
投稿时间:2022-03-14修订日期:2022-06-22 |
基金项目:本课题得到国家自然科学基金项目(No. 62032005, No. 61972094, No. 61872087, No. 61902070)、福建省自然科学基金项目(No.2020J02016)和福建省科协第二届青年人才托举工程资助。 |
|
Multi-Ciphertext Batch Auditable Outsourced Twin-SM9 Key Encapsulation Mechanism |
LIU Kuan,NING Jianting,WU Wei,CHEN Haixia |
College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China;College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China;State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Mathematics and Statistics, Fujian Normal University, Fuzhou 350117, China |
Abstract: |
A series of functional extensions and security proofs (extensions) of identity-based cryptographic algorithms have been proposed in order to promote the cryptographic techniques to achieve the goal of safety and advancement, independent control since identity-based cryptographic algorithm SM9 was incorporated into ISO/IEC international standards. Based on Gap-q-BCAA1 assumption, Cheng gave security analysis of SM9 key encapsulation and encryption algorithm, key exchange protocol. Later, Lai et al. proposed Twin-SM9 key encapsulation mechanism to effectively eliminate the dependence of SM9 series algorithm on Gap assumption with Twin-Hash-ElGamal. However, the decryption operation of Twin-SM9 key encapsulation mechanism requires two bilinear pairing operations. In resource-constrained environment where frequent decryptions of massive data are required (wireless sensing equipment、 cryptographic chip etc), the expensive pairing cost will become an important bottleneck which restricts the efficiency of the system. To solve the problem, we propose a new key encapsulation mechanism named BAOC-Twin-SM9 based on Twin-SM9, with purpose of supporting multi-ciphertexts batch auditing and decryption outsourcing. The security of our BAOC-Twin-SM9 is secure against Replayable Chosen Ciphertext Attacks (RCCA) under random oracle model. BAOC-Twin-SM9 eliminates the influence of bilinear pairing operations on the decryption efficiency of the Twin-SM9 key encapsulation mechanism powerfully using the frederic computing power of cloud service center, terminal data user with limited computing resources can finally decrypt the outsourced computing results with only two simple exponential operations. Compared to the Twin-SM9, it is more suitable for resource-constrained environment when frequent decryption operations are required. To solve the issue of efficient audit for decryption of outsourced computing results in semi-trusted cloud service center, BAOC-Twin-SM9 implements batch auditing for multi-ciphertexts outsourcing decryption by using random blinding technology, thus ensuring the correctness of outsourcing computing results. Theoretical analysis and simulation data demonstrate the feasibility and efficiency of our BAOC-Twin-SM9. Our BAOC-Twin-SM9 extends the application scope of SM9 series algorithms. |
Key words: Twin-SM9|outsourced decryption|batch audit|SM9|key encapsulation |