支持等式测试的标识加密(identity-based encryption with equality test,IBEET)体制解决了传统等式测试方案中证书管理的问题,得到了广泛的关注.但现有的IBEET体制难以抵抗渗透攻击,且都是基于国外密码算法设计,不具有自主知识产权.基于此,提出一种支持等式测试并具有密码逆向防火墙的SM9标识加密方案(SM9 identity-based encryption scheme with equality test and cryptographic reverse firewalls,SM9-IBEET-CRF).该方案在用户与云服务器的上行信道间部署密码逆向防火墙(cryptographic reverse firewalls,CRF),对用户发出的信息执行重随机化以达到抵抗渗透攻击的作用.该方案拓展国密算法SM9至IBEET领域中,提升其运行效率并丰富国密算法在云计算领域的研究.给出了SM9-IBEET-CRF的形式化定义和安全模型,并在随机预言机模型中考虑 2种不同的敌手将此方案在选择密文攻击下的不可区分性与单向性分别形式化地规约到BDH困难假设上.同时,该方案通过考虑第 3种敌手证明CRF的部署为其带来维持功能性、保留安全性以及抵抗渗透性.实验仿真和分析结果展示了该方案的有效性.
Abstract
The identity-based encryption with equality test(IBEET)scheme solves the problem of certificate management in traditional equality test schemes and gets wide attention.However,the existing IBEET systems are difficult to resist penetration attacks and based on foreign cipher algorithm designs without independent intellectual property rights.To deal with this challenge,we propose a SM9 identity-based encryption scheme with equality test and cryptographic reverse firewalls(SM9-IBEET-CRF).The cipher reverse firewalls(CRF)which are deployed in the upstream channel between users and cloud server can re-randomize the information to protect against penetration attacks.This scheme expands SM9 identity-based encryption algorithm to IBEET,improves its efficiency and enriches the research of secret algorithm in cloud computing.We give the definition of SM9-IBEET-CRF and corresponding security models.In random oracle model,the scheme formalizes the IBE-IND-CCA and IBE-OW-CCA security into the BDH difficulty assumption by considering two different opponents.At the same time,we demonstrate that CRF deployment provides functionality-maintaining,security-preserving and exfiltration-resistant by considering the third opponent.The experimental simulation and analysis results show the effectiveness of the scheme.
维普
万方数据