更全的杂志信息网

Pairing-Free Certificateless Key-Insulated Encryption with Provable Security

更新时间:2016-07-05

1.Introduction

1.1 Motivation

The first public key cryptography was proposed by Diffie and Hellman in 1976[1]. Nowadays the most popular public key cryptography RSA was presented by Rivest, Shamir, and Adleman in 1978[2], based on the definition of trapdoor oneway function. In the public key cryptosystem, a public key is used to encrypt the plaintext, meanwhile the corresponding private key is used to decrypt the associated ciphertext. To avoid the impersonate attack such as the public key replacement attack on the public key cryptography, public key infrastructure (PKI) as an authority is needed in public key encryption (PKE), the authority uses a certificate to bind the user and the user’s public key. The certificate is the signature generated by the authority PKI. The PKI has a very complicated infrastructure for the certificate management including the storage, distribution, revocation, and verification of the certificate. So the PKI has difficulty in the efficiency and scalability.

A encryption scheme, identity based encryption (IBE), was introduced by Shamir in 1984[3]. This encryption solves the problem of authenticity for the public key by informing a public key directly from the user’s identity. In the IBE scheme, key generation center (KGC) generates the private key for a user and the system parameters including the master key. The master key and the user’s entity are combined to form a private key. Thus, the IBE scheme meets a challenge, the problem of the key escrow. If the KGC is malicious, it will know the master key. As a result,the private key will be exposed and the security of the entire cryptosystem will be compromised.

To solve the above problem, the certificateless public key encryption (CL-PKE) was proposed by Al-Riyami and Paterson in 2003[4]. In this new kind of encryption, Al-Riyami and Paterson added a new component into the private key,secret value, which is generated by a user himself and also kept by the user himself. So even if the malicious KGC leaks the partial part of the private key created by KGC, the attacker also cannot get the entire private key to decrypt the associated ciphertext. Through this, the problem of key exposure is alleviated and the security of the cryptosystem is maintained.

However, we will always meet a more complicated and hostile environment where the private key may be exposed in a higher risk. In order to solve these challenges in practice, He et al.[5] proposed a certificateless key-insulated encryption(CL-KIE) scheme which integrated the key-insulated security notion into the CL-PKE scheme. The key-insulated security notion was denoted by Hea, Dodis, and Rabin in 2002[6]. In this new security notion, the time is divided into n time periods. A physical secure device generates a helper key in the cryptosystem during each time period and keeps the helper key secret from KGC. The private key consists of a partial private key generated by KGC and a periodically updated helper key.So even if the private key is leaked in a time period, the security of the whole cryptosystem will not be affected in next time periods. Through this approach, we can efficiently alleviate the cryptosystem disaster led by temporary private key exposure. A number of key-insulated schemes[7]-[11] have been proposed. Following their work, here we propose a CL-KIE scheme which is composed of the key-insulated security notion and the CL-KIE scheme. The proposed CL-KIE scheme can provide higher security protection in practical environments.

The CL-KIE scheme proposed by He et al.[5] is based on bilinear pairing. The efficiency of the bilinear pairing computational operation is much lower compared with other computational operations such as the modular exponentiation in finite fields[12]. To overcome this, a lot of work[13],[14] has been conducted to increase the computational performance of encryption schemes. In this paper, we want to propose another scheme which not only can alleviate the problem of key exposure in the practical hostile environment but also can achieve higher computational efficiency.

1.2 Contribution

In this paper, we proposed a scheme called paring-free CL-KIE scheme. First, we formalize the definition of the scheme and construct its security model. Then we give the concrete construction of the proposed scheme. We also prove the security of the proposed scheme against the chosen plaintext attacks (CPAs) in the random oracle model considering the assumption of the computational Diffie-Hellman (CDH) hardness problem. Finally, we compare our scheme with CL-PKE[4] and the CL-KIE[5] in order to show the advantages of our scheme both on security and efficiency.

昌吉市共有10家养老机构,本调查对所有养老机构进行调查。通过“简易智力状态量表”筛选,排除具有认知障碍、交流障碍和因身体状况不能完成调查的老年人,获取本人同意后共有793人作为研究对象。

齿轮位于位置1时,假想将轴承C去掉,以支反力R3代替其作用,便可建立如图7所示的齿轮径向F单独作用下的静定梁模型和载荷R3单独作用下的静定梁模型。根据C处挠度为0,可建立挠度平衡方程。

2.Definition

• SetPublicKey(params, , ): Given params, , and , let ,, the algorithm computes and sets the public key.

2.1 Formal Definition

The CL-KIE scheme consists of the following eight algorithms:

1) Setup: This is a probabilistic algorithm performed by a KGC that accepts a security parameter to generate system parameters params, a master key, and a helper key.

2) SetSecretValue: This is a probabilistic algorithm performed by a user that accepts system parameters params and an identity string to generate a secret value.

queries: maintains a list of tuple which is initially empty. When issues a query on, responds as follows:

If is on the, responds with .

5) SetPublicKey: This is a deterministic algorithm performed by a user that accepts system parameters params, the secret value , and the partial public key to generate a public key.

当然,我们也可以从另一个角度来说明仲由根本没有贫富的念头,因为他志于道,因此能忘于物。他曾说:“愿车马衣轻裘,与朋友共,蔽之而无憾。”意思是:我愿意把我的车马衣裘与朋友共同使用,直到坏了也没有什么遗憾的。可见,仲由的心胸多么廓然,没有人我之界线,道行高远。

6) SetSecretKey: This is a deterministic algorithm performed by a user that accepts system parameters params, the secret value , and the partial private key to generate a private key.

7) Encrypt: This is a probabilistic algorithm performed by a sender that accepts system parameters params, the plaintext at a time period i, the user’s identity string ID, and the public key to generate the corresponding ciphertext.

8) Decrypt: This is a deterministic algorithm performed by a receiver that accepts system parameters params, the ciphertext at a time period i , the user’s identity string, and the private key to get the plaintext or “Reject”.

2.2 Security Model

The same as the pairing-free CL-PKE scheme proposed by Baek, Safavi-Naini, and Susilo[13], the user in our scheme also needs to interact with KGC and authenticate himself to KGC to get a partial public key which is used to generate a full public key. The partial output of the algorithm PartialKeyExtract is the input of the algorithm SetPublicKey. Especially in our scheme,the user needs to interact with a secure physical device to get a helper key which is also an important component of the full private key. The output of the algorithm HelperKeyUpdate is the input of the algorithm SetPublicKey. In our scheme, we consider two types of adversaries Type I adversary () and Type II adversary (): represents the external attacker who cannot access the master key but can replace the public key for an entity with its choice; represents the malicious KGC who can access the master key but cannot replace the public key by itself. We model the security of our scheme through two games (Game 1 and Game 2) where a challenger interacts with an adversary ( and) and a challenger.

First, we list the random oracles may be issued in our games as follows:

1) Partial-Key-Extract: On accepting system parameters params, a master key, an identity string, and a time period i,the challenger runs the algorithm PartialKeyExtract to generate a partial public key and a partial private key,then sends these results to the adversary.

2) Helper-Key-Update: On accepting system parameters params, a helper key, an identity string, and a time period i,the challenger runs the algorithm HelperKeyUpdate to generate a helper private key, then returns to the adversary.

3) Private-Key-Request: On accepting system parameters params, the secret value , and the partial private key , the challenger runs the algorithm SetSecretKey to generate a private key , then sends this private key to the adversary.

4) Public-Key-Request: On accepting system parameters params, the secret value , and the partial public key , the challenger runs the algorithm SetPublicKey to generate a public key , then sends this public key to the adversary.

5) Public-Key-Replace: The adversary can repeatedly replace the public key for any entity with any value on ’s choice at any point.

6) Set-Secret-Value: On receiving system parameter params and an identity string, the challenger runs the algorithm SetSecretValue, then sends the secret value z to the adversary.

queries: maintains a list of tuple which is initially empty. When issues a query on, responds as follows:

Setup: The challenger runs the algorithm Setup taking as input a security parameter , then returns params to while keeping the master key secret.

Phase 1: The adversary is given access to a sequence of oracles: Partial-Key-Extract, Helper-Key-Update, Private-Key-Request, Public-Key-Request, and Public-Key-Replace. issues these queries on the restricted conditions we give below.

Challenge: The adversary outputs two plaintexts with the equal length on the challenger identity and a time period, the challenger picks a random number and generates the ciphertext related to, then is sent to as a target challenge.

Phase 2: The adversary makes a new sequence of oracle queries as that in Phase 1.

Guess: Finally, the adversary guesses a bit,then the adversary will win the game if.

There are a few restrictions on as follows:

The adversary is not allowed to extract the private key on the challenger identity ID* at any one point.

The adversary is not allowed to extract the private key for any entity if the associated public key has been replaced.

一是各部门根据特定法案或政策而建立某些融资支持计划或项目,对规划、建设提供大量拨款和低于市场利率(甚至零利率)的长期贷款(一般为20年);二是通过规范再生水用户收费、返还税收等保障项目获取运营收入;三是以具体融资标准规范引导和筛选再生水项目,支持符合政策需求的项目。

MAX3232是Maxim公司推出的一款低功耗、高速率的电平转换芯片,工作电压范围为3~5.5 V.外部仅需两个0.1 μF、两个1 μF的小尺寸电荷泵电容,即可实现TTL与RS-232之间的转换.此外,MAX3232具有高速率的数据传输,在120 Kbps的速率下,依然可以保证电平转换的可靠性、稳定性.MAX3232外设图如图4所示,它可以同时完成两个串口的电平转换.

The adversary cannot simultaneously replace the public key for the challenge identity ID* before the challenge phase and extract the partial private key and helper private key on ID*in any phases.

Otherwise, selects an integer and adds into the. Then responds with .

Phase 1: The adversary is given access to a sequence of oracles: Public-Key-Request, Private-Key-Request, and Set-Secret-Value. issues these queries on the restricted conditions we give below.

本底值样地剖面形态的 7Be垂直分布特征反映了降雨携带 7Be沉降的数量和土壤吸附后再渗透分布的变化,与研究区的旱雨季转变和雨季期间的降雨及降雨量的波动情况有关。因为研究区位于滇西高原季风气候地带,3月的本底值样地的土壤表层,由于较长时期干旱形成裂隙结构利于降雨迅速渗透至土壤深层,以致在3月剖面中下部出现间断分布;5月本底值样地由于降雨致使表层土壤颗粒分散并充填土壤裂隙,土壤表层吸收水份并不连续向下渗透,在土壤剖面表层中呈现高浓度值,并且在次表层和底部出现多个峰值层;8月降雨持续进行,降雨后地表细流多于向土壤层垂直方向渗透的水分,致使本底值剖面出现较低浓度的 7Be含量。

Challenge: The adversary outputs two plaintexts with the equal length on the challenger identity and a time period, the challenger picks a random number and generates the ciphertext related to then is sent to as a target challenge.

首先,绩效目标管理考核方案应包括绩效目标设定、绩效责任落实、绩效监控、绩效情况反馈、绩效责任追究以及绩效改进提升等内容,从多角度考虑绩效考核所能够和应该涉及的部门与范围。在方案的具体制定过程中,要注意结合定性与定量原则,以提升学校发展内涵和增强学校教学实力为立足点,使绩效目标管理考核方案的制定充分体现学校的发展重点与发展方向。另外,还要力求在最大程度上确保方案的指标体系同时兼顾教学部门指标与管理部门指标,兼顾基本指标和加分指标等。

Phase 2: The adversary makes a new sequence of oracle queries as that in Phase 1.

Guess: Finally, the adversary guesses a bit then the adversary will win the game if.

There are a few restrictions on as follows:

乙肝表面抗原(HBsAg)、丙型肝炎抗体(抗-HCV)、梅毒螺旋体特异性抗体(抗-TP)、人类免疫缺陷病毒抗体(抗-HIV)的检测均使用上海科华ELISA试剂盒,所有项目均在本院完成。流行病学数据来自住院未输血的患者的传染性标志物检测指标。

The adversary is not allowed to extract the private key on the challenger identity ID* at any one point.

直至苏轼被贬岭南,仍然“九死岭南吾不悔”,坚持“以民为本”的政治主张。他在海南写下《论商鞅》一文,借批评商鞅用过度、失度、无度的反人道、反人性的“流血刻骨”的强硬而残酷的办法来推行变法,并联系宋朝的社会现实,明褒司马光,暗贬王安石“阴夺民利”导致“破国亡宗”的严重后果。

The adversary is not allowed to replace the public key.

In Phase 2, the adversary is not allowed to make a decryption for the challenge ciphertext.

2.3 CDH Assumption

The security of our scheme is based on CDH assumption.

The CDH assumption states that a certain computational problem within a cyclic group is hard. Let and be primes such that giving for a randomly chosen generator and random , it is computationally intractable to compute the value in, where denotes the multiplicative group whose order is ; denotes the multiplicative group whose order is.

3.Construction

Now we give the concrete construction of the pairing-free CL-KIE scheme.

• Setup( ): Taking as input a security parameter , this algorithm works as the following steps:

Generate two -bit large primes and such that.

各髑髅骨被刀砍身死者(骨上有刀痕可验)、身首异处者(脑骨白色,因身部血气不能冲上,故脑骨白色囟门,无血癊)、中弹身死者(骨上有弹洞可验)、钝器击伤身死者(头部有骨损可验,若致命之胸腹等处囟门牙根现红色血)、焚烧身死者(骨殖黑焦且有灰未因年久骨腐未获) 。㉘

Pick a generator of .

Pick as the master secret key uniformly at random and compute the corresponding public key . Pick as the helper secret key uniformly at random and compute the corresponding public key.

施工质量的控制受到钢筋绑扎工艺的影响,这是整个施工最为关键的缓解,对于施工质量有着极大的影响。因此,科学有效地对施工环节质量整个过程进行控制和监督工作,确保施工质量,对建筑高质量施工工程有着不可或缺的重要作用。在进行钢筋绑扎操作时,应该对相关质量工作做好控制,确保钢筋材料符合相关技术要求,满足国家相关规定,对钢筋的加工合理地监督,保证建筑工程的稳定性,以此推进建筑施工工程的有效发展。

Select four cryptographic hash functions: and , where , and denotes the natural number set; denotes the positive integer set; l,, and denote three integers.

采取的相应对策如下:利用整体道床结构钢筋的可靠电气连接,形成杂散电流排流网;整体道床结构缝两侧分别引出结构钢筋连接端子作为杂散电流排流网的连接端子;设有牵引变电所的车站,在牵引变电所附近上、下行线路的整体道床上分别设置1个排流端子。地下车站、区间隧道结构钢筋不再作为排流网,而是将地下车站、区间隧道结构钢筋通过可靠的电气连接进行防护。变电所接地母排不再接入排流柜,仅将上、下行整体道床结构钢筋接入排流柜即可。

The system parameters are params= , master key=x, and helper key=.

• SetSecretValue(params, ): Given params and an identity string, the algorithm uniformly picks a at random as the secret value and returns as.

• HelperKeyUpdate(i , params, helper key, ): Given params, a helper key, and an identity string ID at the time period , the algorithm periodically generates a helper private key, and returns as the user’s helper private key.

• PartialKeyExtract(i, params, master key, ID): Given params, a master key, and an identity string ID at the time period, the algorithm uniformly selects an and computes as the partial public key, then the algorithm generates the corresponding partial pivate key Let DID=t, return

In this section, we first formalize the definition of CL-KIE and give its security model. Then we introduce the related hardness problem assumption which the security of the scheme is based on.

• SetSecretKey(params, , ): Given params, , and , the algorithm sets.

• Encrypt(i, params,,, ) where the bit length of is: Given params, a user’s identity string, the public key, and the plaintext at a time period i, the algorithm works as the following steps:

Compute

Select at random, and compute.

Compute   such  that   and, where and.

海德格尔指出,to agathon在希腊思想中意味着“适宜于某物和使某物适宜的东西”。[5]227而每一idea作为“某物的外观”则“让人看见那每每是一个存在者的东西”。[5]227-228因此,理念适宜于使某物在其所是中显象并且在其持存中在场。反过来,使一切理念都适宜于这样一回事情的东西,亦即理念之理念,是一种“绝对的使……适宜”,也就是to agathon。因此,“善的理念”绝不意味着有某种“善”——即使是最高的善——并且有关于这种善的“理念”。“善的理念”中的第二格必须被理解为主语第二格,即“善这个理念”,善本身就是最高的理念。

• Decrypt(i , params,,, ): On receiving params,a user’s identity string , the private key , and the ciphertext at a time period i, the algorithm computes. If, return, else return“Reject”.

The structure of the CL-KIE scheme is given in Fig. 1.

Fig. 1. Structure of the CL-KIE scheme.

4.Analysis

4.1 Security Proof

Theorem 1. Provided , , , and modeled as random oracles, the proposed CL-KIE scheme is secure against Type I adversary with CPA attacks.

Proof. Suppose that there is a Type I adversary, who presents an external attacker who knows the secret value and cannot get a master key. Given a random instance,we construct a CDH attacker to compute the value of to break the CDH assumption by making use of. Now we give the concrete proof as follows.

1) Setup: The challenger simulates the algorithm Setup and gives to the adversary. Here and are random oracles controlled by the challenger , which can be issued by the adversary at any time.

i) Game 1: Choosing plaintext security of CL-KIE for.

If is on the, responds with.

Otherwise, selects an integer and adds into the. Then responds with.

3) HelperKeyUpdate: This is a deterministic algorithm performed by a secure physical device that accepts system parameters params, a helper key, an identity string ID, and a time period i to generate a helper private key.

If is on the, responds with.

Otherwise, selects an integer and adds into the. Then responds with .

queries: maintains a list of tuple which is initially empty. When issues a query on, responds as follows:

4) PartialKeyExtract: This is a probabilistic algorithm performed by a KGC that accepts system parameters params, a master key, an identity string , and a time period i to generate a partial public key and a partial private key.

In Phase 2, the adversary is not allowed to make decryption for the challenge ciphertext .ii) Game 2: Choosing plaintext security of CL-KIE for.Setup: The challenger runs the algorithm Setup taking as input a security parameter , then returns params to.

queries: maintains a list of tuple which is initially empty. When issues a query on, responds as follows:

If is on the, responds with.

Otherwise, selects and addsinto the. Then responds with.

2) Helper-Key-Update: maintains a list HelperKeyList of tuple which is initially empty. When issues a query on, responds as follows:

If exists on the HelperKeyList. responds with.

Otherwise, first searches for the tuple on. If no such tuple is found, then issues queries on.Then computes. responds with.

3) Partial-Key-Extract: maintains a list PartialKeyList of tuple which is initially empty. When issues a query on, responds as follows:

If exists on the PartialKeyList, responds with.

Otherwise, first searches for the tuple on. If no such tuple is found, then issues query on.Then randomly  picks and  computes after that, adds into the and into the ParitialKeyList. Finally, responds with.

4) Public-Key-Request: maintains a list PublicKeyList of tuple which is initially empty. When issues a query on, responds as follows:

If exists in PublicKeyList, responds with.

Otherwise, picks.

If, responds as follows:

If exists in the PartialKeyList, randomly picks and computes . Then adds into the PublicKeyList and to the PrivateKeyList. Finally, responds with.

If does not exist in the PartialKeyList, runs the above oracles (Helper-Key-Update and Partial-Key-Extract) to get the tuple. Then, randomly picks and computes . After that, adds into the PublicKeyList and into the PrivateKeyList. Finally, responds with.

If , randomly picks and computes and Then computes and adds into the PrivateKeyList.Finally, adds into the PublicKeyList and responds with.

5) Private-Key-Request: maintains a list PrivateKeyList of tuple which is initially empty. When issues a query on, responds as follows:

runs the above oracles (Helper-Key-Update, Partial-Key-Extract, and Public-Key-Request) to get the tuple from the PublicKeyList.

If, searches the tuple from the PrivateKeyList and responds with.

If, responds with “abort”.

6) Public-Key-Replace: On receving the Public-Key-Replace query on replaces the tuple on PublicKeyList for with the new tuple

7) Challenge: When issues a challenge query on responds as follows:

runs the above oracles ( queries, queries, queries, queries, Partial-Key-Extract, Public-Key-Request,Helper-Key-Update, Private-Key-Requests, and Public-Key-Replace) on to get the tuple from the PublicKeyList.

If, responds with “abort”.

If, does the followings:

searches the tuple from the PrivateKeyList.

randomly selects, and.

sets

Define

responds with as the target ciphertext.

8) Guess: When outputs its guess , randomly picks the tuple from the and outputs where and as the solution of the given instance of CDH.

[Analysis] When the game begins, the CDH attacker sets and simulates hash functions as random oracles. Then the CDH attacker sends params= to. During the simulation, needs to guess every bit in the target plaintext with the target identity string in a time period. The CDH attacker will set, and where the CDH attacker(noted that does not know ) and We evaluate the simulation of the decryption oracle. The CDH attacker returns the target ciphertext We can get:

Furthermore

According to the equation above, given the values of ,and , it is easy to compute . The CDH attacker can get the solution of the CDH problem. Through this reduction, we can prove the security of our scheme against Type I adversary on indistinguishability under chosen plaintext attacks(IND-CPAs).

Theorem 2. Provided,,, and modeled as the random oracles, the proposed CL-KIE scheme is secure against Type II adversary with IND-CPAs.

Proof. Suppose that there is a Type II adversary, who presents a malicious KGC who cannot get the secret value generated by user himself. Given a random instance , and , we construct a CDH attacker to compute the value of to break the CDH assumption by making use of. Now we give the concrete proof as follows:

1) Setup: The challenger simulates the algorithm Setup giving params to the adversary. Here, and are random oracles controlled by the challenger , which can be issued by the adversary at any time. queries: The same as that in Theorem 1. queries: The same as that in Theorem 1. queries: The same as that in Theorem 1. queries: The same as that in Theorem 1.

2) Public-Key-Request: B maintains a list PublicKeyList of tuple which is initially empty. When issues a query on , responds as follows:

If exists in the PublicKeyList, responds with.

Otherwise, picks.

If , firstly, searches on the PartialKeyList. Then randomly picks and computes. After that, adds into the PublicKeyList and to the PrivateKeyList. Finally, responds with.

If , randomly picks and computes Then computes and adds into the PrivateKeyList.Finally, B adds into the PublicKeyList and responds with.

3) Private-Key-Request: maintains a list PrivateKeyList of tuple which is initially empty. When issues a query on , responds as follows:

runs Public-Key-Request oracle to get the tuple from the PublicKeyList.

If, searches the tuple from the PrivateKeyList and responds with.

If, responds with “abort”.

• Set-Secret-Value: When issues a query on , responds as follows:

runs Public-Key-Request to get the tuple from the Public Key List.

If, responds with .

If, responds with “abort”.

5) Challenge: When issues a challenge query on responds as follows:

runs the above oracle on to get the tuple from the PublicKeyList.

If, responds with “abort”.

If, does the followings:

searches the tuple from the PrivateKeyList.

randomly selects

sets

Define

responds with as the target ciphertext.

6) Guess: When outputs its guess , randomly picks the tuple from the and outputs as the solution of the given instance of CDH.

[Analysis] When the game begins, the CDH attacker simulates hash functions as random oracles. Then the CDH attacker sends params= to .During the simulation, needs to guess every bit in the target plaintext with the target identity string in a time period. The CDH attacker will set which keeps secret by user himself. The CDH attacker also will set where the CDH attacker sets (noted that does not know), We evaluate the simulation of the decryption oracle. The CDH attacker returns a target ciphertext. We can get:

According to the equation above, given the values of, it is easy to compute. Thus the CDH attacker can get the solution to the CDH problem. Through this reduction, we can prove the security of our scheme against Type II adversary on IND-CPAs.

4.2 Performance Comparison

In this section, we will compare the performance of our scheme with the certificateless public key cryptography presented by Al-Riyami and Paterson[4] and the CL-KIE on bilinear pairing proposed in He et al.[5] in Table 1. We assume the two schemes are based on bilinear pairing and implemented on bits and bits ( and denote two cyclic groups). Our pairing-free CL-KIE scheme is implemented on and where and are both 1024-bit length primes and satisfying the condition that q| p−1. For the other system parameters, we set =160 bits, =160 bits, and Hash function=160 bits. Then, we list the costly computational operations. We denote the point multiplication in by, the exponentiation in by , the pairing computation by and the exponentiations in and by. We omit the other trivial computational operations.

Table 1: Performance comparison

CL-PKE CL-KIE with pairing Pairing-free CL-KIE PartialKeyExtract M 3M E2 SetPublicKey 2M 2M 2E2 Encrypt M+P+E1 2M+3P 6E2 Decrypt P P 3E2

Depending on a 512-bit Tate pairing takes 20.0 ms whereas a 1024-bit prime modular exponentiation takes 8.8 ms in the multiprecision integer and rational arithmetic C/C++ library(MIRACL) implementation[12], the computational performance of pairing is more expensive than it of modular exponentiation in finite fields. So the computation of our scheme is more efficient in every phase among PartialKeyExtract,SetPublicKey, Encrypt, and Decrypt compared with the other two schemes. A periodically updated helper key in the private key of our scheme can provide an extra security capability that can alleviate the problem of private key leakage, as compared with CL-PKE scheme[4]. Our paring-free CL-KIE scheme also can achieve the same security requirement as that of the CL-PKE[6]. Above all, our paring-free CL-KIE is optimal both on efficiency and security among the three schemes in Table 1.

4.3 Potential Application

Our scheme can be applied to a lot of applications which meet the key escrow problem. For instance, a common server can be used to store the private data for personal, meanwhile the common server can communicate with the mobile phone of every user. The mobile phone of every user can periodically generate a helper key which will be one component of the private key. So the private key will be updated at every time period. Assuming this situation, a malicious friend of one user Bob, who knows Bob’s secret value, breaks the KGC on the server to know the master key of the cryptosystem. Even in this case, this malicious friend still cannot get the valid private key of Bob to decrypt his personal data. Above all, our CL-KIE scheme can provide high security protection for the privacy-sensitive environment.

5.Conclusions

In order to increase the efficiency of CL-KIE and achieve the security requirement that mitigates the key exposure, in this paper, we proposed a pairing-free CL-KIE scheme which combines the key-insulated security notion and the CL-KIE scheme. First, we formalized the definition of pairing-free CL-KIE scheme and constructed the security model of our scheme. Then, we gave the concrete construction of the pairing-free CL-KIE scheme. After that, we proved the security of our scheme against the IND-CPAs under random oracles considering the assumption of the CDH problem. Finally, we compared our scheme with the CL-PKE[4] and CL-KIE[6] on efficiency and security. It is observed that, the proposed pairing-free CL-KIE scheme is optimal because our scheme not only can reduce a lot of the computational running time but also can achieve key-escrow and key-exposure resiliences. In the future, we plan to construct more schemes to avoid the problem of key escrow and give the security proof in the standard model to meet the high security requirement in the complicated practical environment.

Acknowledgment

We would like to thank the referees for their valuable suggestions.

References

[1]W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. on Information Theory, vol. 22,no. 6, pp. 644-654, 1976.

[2]R. L. Ronald, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,”Communications of the ACM, vol. 21, no. 2, pp. 120-126,1978.

[3]A. Shamir, “Identity-based cryptosystems and signature schemes,” in Proc. of the Workshop on the Theory &Application of Cryptographic Techniques, 1984, pp. 47-53.

[4]S. S. Al-Riyami and K. G. Paterson, “Certificateless public key cryptography,” in Proc. of Intl. Conf. on the Theory and Application of Cryptology and Information Security, 2003,pp. 452-473.

[5]L. He, Y. Chen, H. Xiong, and Z. Guang, “Certificateless key insulated encryption: Cryptographic primitive for achieving key-escrow free and key-exposure resilience,” in Proc. of Intl. Conf. on Big Data Computing and Communications,2016, pp. 387-395.

[6]A. J. Hea, Y. Dodis, and T. Rabin, “On the security of joint signature and encryption,” in Proc. of Intl. Conf. on the Theory and Applications of Cryptographic Techniques, 2002,pp. 83-107.

[7]H. Hong and Z. Sun, “High efficient key insulated attribute based encryption scheme without bilinear pairing operations,” Springer Plus, vol. 5, no. 1, pp. 1-12, 2016.

[8]Z. Wan, J. Li, and X. Hong, “Parallel key-insulated signature scheme without random oracles,” Journal  of Communications and Networks, vol. 15, no. 3, pp. 252-257,2013.

[9]R. Sreenivasa and R. Dutta, “Attribute-based key-insulated signature for boolean formula,” Intl. Journal of Computer Mathematics, vol. 93, no. 6, pp. 1-25, 2015.

[10]P. Gopal and P. Reddy, “Efficient ID-based key-insulated signature scheme with batch verifications using bilinear pairings over elliptic curves,” Journal of Discrete Mathematical Sciences and Cryptography, vol. 18, no. 4, pp.385-402, 2015.

[11]Y. Chen, W. Xu, and H. Xiong, “Strongly secure certificateless key-insulated signature secure in the standard model,” Annals of Telecommunications, vol. 70, no. 9-10, pp.395-405, 2015.

[12]MIRACL, Multiprecision integer and rational arithmetic C/C++ library. [Online]. Available: http://indigo.ie/mscott/

[13]J. Baek, R. Safavi-Naini, and W. Susilo, “Certificateless public key encryption without pairing,” in Proc. of Intl. Conf.on Information Security, 2005, pp. 134-148.

[14]J. Lai, W. Kou, and K. Chen, “Self-generated-certificate public key encryption without pairing and its application,” in Proc. of Intl. Conf. on Practice and Theory in Public-Key Cryptography, 2007, pp. 476-489.

Li-Bo He,Dong-Jie Yan,Hu Xiong,Zhi-Guang Qin
《Journal of Electronic Science and Technology》2018年第1期文献

服务严谨可靠 7×14小时在线支持 支持宝特邀商家 不满意退款

本站非杂志社官网,上千家国家级期刊、省级期刊、北大核心、南大核心、专业的职称论文发表网站。
职称论文发表、杂志论文发表、期刊征稿、期刊投稿,论文发表指导正规机构。是您首选最可靠,最快速的期刊论文发表网站。
免责声明:本网站部分资源、信息来源于网络,完全免费共享,仅供学习和研究使用,版权和著作权归原作者所有
如有不愿意被转载的情况,请通知我们删除已转载的信息