  • 关 诚,薛 锐,员凯立.一个非陷门动态伪累计器构造及其应用[J].信息安全学报,已采用    [点击复制]
  • GUAN Cheng,XUE Rui,YUN Kaili.A non-trapdoor dynamic pseudo-accumulator construction and its application[J].Journal of Cyber Security,Accept   [点击复制]
关 诚, 薛 锐, 员凯立
(中国科学院信息工程研究所信息安全国家重点实验室 北京 中国)
累计器是一个重要的密码学工具, 在成员关系测试、证书管理等应用程序中发挥着重要作用。传统的基于RSA和双线性映射的累计器在成员关系验证和非成员关系验证时需要给出相应的证据, 这对于不需要证据就能验证的应用来说是不必要的。另外, 这两类累计器都具有相应的陷门信息, 这使得累计器的安全性依赖于陷门信息的保密性。我们首先介绍了“动态伪累计器”的概念, 拥有动态添加和删除元素的功能, 支持集合成员关系和非成员关系验证而不需要给出相应的证据。随后我们给出了一个具体的动态伪累计器的构造, 它是非陷门的, 不需要假设累计器管理者是诚实的,并且是动态的, 允许添加新的元素和删除旧的元素。接着我们详细讨论了构造累计器需要的参数和可累计的集合上限之间的关系, 并说明了在实际中如何选取这些参数。最后我们介绍了新构造的累计器如何用来构造分级访问控制系统。
关键词:  动态伪累计器  访问控制  成员关系测试
基金项目:国家自然科学基金项目(No. 61772514), 中国国家重点研发计划(No. 2017YFB1400700), 北京市科学技术委员会(No. Z191100007119006)资助
A non-trapdoor dynamic pseudo-accumulator construction and its application
GUAN Cheng, XUE Rui, YUN Kaili
(State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences)
Accumulator is an important cryptographic tool, which plays an important role in membership test, certificate management and other applications. Traditional accumulators based on RSA or bilinear maps need to provide evidence for both membership validation and non-membership validation, which are not necessary for applications that verify validation without evidence. In addition, both types of accumulators have corresponding trapdoors, which makes the security of accumulators depend on the confidentiality of the trapdoors. We first introduce the concept of "dynamic pseudo-accumulator", which has the functionality of adding and deleting elements dynamicly, supporting the verification of set membership and non-membership without giving corresponding evidence. Then we give a concrete construction of a dynamic pseudo-accumulator which is no trapdoor and there is no need to assume that the accumulator manager is honest, and the accumulator is dynamic, allowing new elements to be added and old elements to be deleted. And we discuss in detail the relationship between the parameters required to construct the accumulator and the upper bound of the accumulative set, and explain how to choose these parameters in practice. Finally, we introduce how the newly constructed accumulator can construct a hierarchical access control system.
Key words:  dynamic pseudo-accumulator  access control  membership test