| 摘要: |
| 累计器是一个重要的密码学工具, 在成员关系测试、证书管理等应用中发挥着重要作用。传统的基于RSA或双线性映射的累计器在成员关系验证和非成员关系验证时需要给出相应的证据, 这对于不需要证据就能验证的应用来说是不必要的。另外, 这两类累计器都具有相应的陷门信息, 这使得累计器的安全性依赖于陷门信息的保密性, 导致实际应用时需要假设拥有陷门信息的累计器管理者是诚实的。虽然基于哈希函数的累计器不需要任何计算假设, 但能够做到成员关系验证时不需要给出相应的证据的构造仅支持元素的添加, 而不允许元素的删除, 而能够做到元素的动态添加和删除的构造其证据尺寸是被累计元素的对数。这些缺陷极大地限制了累计器在现实世界的应用范围。在本文中, 我们首先介绍了“动态伪累计器”的概念并给出了相应的安全性定义, 拥有动态添加和删除集合元素的功能。随后我们给出了一个具体的具有可证明安全性的动态伪累计器构造, 它是非陷门的, 不需要假设累计器管理者是诚实的, 并且是动态的, 允许添加新的元素和删除旧的元素。此外, 相比于以往的工作, 我们构造的累计器支持集合成员关系和非成员关系验证而不需要给出相应的证据。接着我们详细讨论了构造累计器需要的参数和可累计的集合尺寸上限之间的关系, 并说明了在实际中如何选取这些参数。最后我们介绍了新构造的累计器如何用来构造分级访问控制系统。 |
| 关键词: 动态伪累计器 访问控制 成员关系测试 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.09.14 |
| 投稿时间:2020-11-09修订日期:2021-02-23 |
| 基金项目:本课题得到国家自然科学基金项目(No. 61772514); 国家重点研发计划项目(No. 2017YFB1400700); 北京市科学技术委员会(No.Z191100007119006)资助。 |
|
| A Non-Trapdoor Dynamic Pseudo-Accumulator Construction and its Application |
| GUAN Cheng,XUE Rui,YUN Kaili |
| State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
| Abstract: |
| Accumulator is an important cryptographic tool, which plays an important role in membership test, certificate management and other applications. Traditional accumulators based on RSA or bilinear maps need to provide evidence for both membership validation and non-membership validation, which are not necessary for applications that verify validation without evidence. In addition, both types of accumulators have corresponded trapdoors, which makes the security of accumulators depend on the confidentiality of the trapdoors, this leads to the need to assume that the accumulator manager with trapdoor information is honest in practical applications. Although the accumulator based on the hash function does not require any computational assumptions, the construction that can realize membership verification without giving corresponding evidence only supports the addition of elements, but does not allow the deletion of elements, but can realize the construction of dynamic addition and deletion of elements, the size of the evidence is the logarithm of the accumulated term. These flaws greatly limit the real-world application of accumulators. In this article, we first introduce the concept of "dynamic pseudo-accumulator" and give the corresponding security definition, which has the functionality of adding and deleting elements of set dynamically, Then we give a concrete construction of a dynamic pseudo-accumulator with provable security which is no trapdoor and there is no need to assume that the accumulator manager is honest, and the accumulator is dynamic, allowing new elements to be added and old elements to be deleted. In addition, compared to previous work, the accumulator that we constructed supports the verification of set membership and non-membership without giving corresponding evidence. And we discuss in detail the relationship between the parameters required to construct the accumulator and the upper bound of the size of the accumulative set, and explain how to choose these parameters in practice. Finally, we introduce how the newly constructed accumulator can construct a hierarchical access control system. |
| Key words: dynamic pseudo-accumulator access control membership test |
