| 引用本文: |
-
李紫怡,路献辉,程瑶,李宝.随机数可恢复的应用:构造QROM中安全和匿名的KEM方案[J].信息安全学报,已采用 [点击复制]
- Li Ziyi,Lu Xianhui,Cheng Yao,Li Bao.Power of Randomness Recovery: Construct Secure and Anonymous KEM in the QROM[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 密钥封装机制(KEM)作为密码学的重要原语,广泛用于构建各种方案或协议,例如公钥加密和认证密钥交换。随着量子计算的发展,人们开始关注设计实现后量子KEM算法。近年来,许多通用的KEM转换,特别是FO-KEM类变换,在Boneh等人提出的量子随机预言机模型(QROM)下已被证明在选择密文攻击下是不可区分(IND-CCA)安全的。FO-KEM类变换可以模块化为T变换和类U变换两部分,其整体需要引入两个随机谕言机(RO)实现选择明文攻击下(CPA)安全的PKE方案到IND-CCA安全的KEM方案的转化。而在QROM中,RO属性的应用会在安全性证明中带来归约损失。
针对这一问题,本文提出了一种新的类U变换——TU变换,该变换将OW-CPA安全的随机数可恢复的PKE方案直接转换为IND-CCA安全的KEM方案。TU变换依赖对底层随机数可恢复PKE方案特性的应用,避免了FO-KEM类变换中去随机化过程(T转换),在QROM中具有更紧凑的安全性证明。相较于已有的类变换,TU变换的解封装过程中不需要重加密过程,为算法实现效率的提升提供可能性。此外,针对KEM方案的匿名性需求,本文在TU转换基础上,应用RO的域划分技术,给出了满足匿名性提升需求的新转换。该转换在(Q)ROM中将OW-CPA安全的和选择明文攻击下匿名的(ANO-CPA)PKE方案转化为选择密文攻击下匿名的(ANO-CCA)KEM方案。 |
| 关键词: 密钥封装机制 量子随机谕言机模型 选择密文攻击下不可区分安全性 选择密文攻击下匿名性 |
| DOI: |
| 投稿时间:2024-02-03修订日期:2024-04-09 |
| 基金项目: |
|
| Power of Randomness Recovery: Construct Secure and Anonymous KEM in the QROM |
|
Li Ziyi, Lu Xianhui, Cheng Yao, Li Bao
|
| (Institute of Information Engineering) |
| Abstract: |
| The Key Encapsulation Mechanism (KEM) serves as a crucial primitive in cryptography and is widely used in con-structing various schemes or protocols, such as Public Key Encryption (PKE) and Authenticated Key Exchange (AKE). With the advancement of quantum computing, the development of post-quantum secure KEM algorithms has gained significant attention. In recent years, many generic KEM transformations, particularly the FO-KEM-like transfor-mations, have been proven to be Indistinguishable under Chosen Ciphertext Attacks (IND-CCA) in the Quantum Random Oracle Model (QROM). FO-KEM-like transformations can be modularized into two parts: the T transfor-mation and the U-like transformation. The overall transformation requires two Random Oracles (ROs) to convert a secure under Chosen Plaintext Attack (CPA) PKE scheme into an IND-CCA secure KEM scheme. In the QROM, the application of RO properties in security proofs introduces reduction loss.
Addressing this issue, this paper proposes a new U-like transformation, referred to as TU transformation. This trans-formation directly converts an OW-CPA secure randomness recoverable PKE scheme into an IND-CCA secure KEM scheme. TU transformation relies on the specific properties of the underlying randomness recoveraable PKE scheme, avoiding the de-randomization process (T transformation) present in FO-KEM-like transformations. In the QROM, we provide a more tighter security proof of TU transformation. Compared to existing U-like transformations, TU trans-formation does not require re-encryption during the decapsulation process, offering the potential for implementation efficiency improvement. Furthermore, addressing the anonymity requirements of KEM schemes, this paper applies the domain separation technique of RO and presents a new transformation based on the TU transformation. This trans-formation converts an OW-CPA secure and Anonymous under Chosen-Plaintext Attacks (ANO-CPA) PKE scheme into an Anonymous under Chosen-Ciphertext Attacks KEM scheme in the (Q)ROM. |
| Key words: Key Encapsulation Mechanism Quantum Random Oracle Model Indistinguishability under Chosen-Ciphertext At-tacks Anonymity under Chosen-Ciphertext Attacks |
