【作者】 王圣宝；

【导师】 曹珍富；

【作者基本信息】 上海交通大学 ， 计算机软件与理论， 2008， 博士

【摘要】 2000年,Sakai等学者,以及Joux分别开创性地利用双线性配对构造出静态(非交互式)身份基密钥共享方案和一轮三方密钥协商协议,解决了公钥密码学界的两个著名难题。从那以后,双线性配对作为一种基本工具在设计崭新密码方案方面的有效作用不断被挖掘出来,出现了大量新颖而又实用的密码方案。例如,身份基加密方案、无证书加密方案、短签名方案、双方及多方身份基密钥协商协议等等。利用双线性配对构造各种新型密码方案的研究,是当前公钥密码学研究领域的一个热点。另外,基于计算复杂性理论的可证安全技术也已成为分析这些新提出方案安全性的一种必要手段。本文工作围绕基于双线性配对的新型密码方案的设计与可证安全展开,主要研究内容分为两大部分:(1)公钥加密方案,包括身份基加密方案和可托管公钥加密方案;(2)双方身份基认证密钥协商协议,分别包括随机预言模型下和标准模型下安全的协议。主要研究成果如下:一、高效身份基加密方案的设计与分析。深入探讨了身份基加密方案的实际应用场景,即多管理域环境。基于Sakai-Ohgishi-Kasahara身份基密钥抽取方法,我们提出了一个新的身份基加密方案。在我们的新方案中,加密者可以在获得意定解密者所属域的主公钥之前离线预先加密明文,因此它比著名的Boneh-Franklin方案在多域环境下更为实用和高效,且与后者具有相同的安全级别,即它们的安全性都基于标准双线性Diffie-Hellman (BDH)假设。我们还详细讨论了该身份基加密方案的多种应用,包括:全局托管ElGamal加密、多接收者身份基加密以及身份基代理重加密等。其中,我们提出的多接收者身份基加密方案比Baek等学者的方案在多域环境下具有更好的扩展性。并且,我们提出的身份基代理重加密方案成功解决了Green-Ateniese方案不能抵抗合谋攻击的问题。它同时也是第一个能够抵抗合谋攻击的基于密钥分割策略的代理重加密方案。二、可托管公钥加密方案的设计与分析。提出了两个高效的可托管公钥加密方案(即带有两个解密密钥的公钥加密方案)。其中,我们提出的第二个方案是现有文献中所有同类方案中最为高效的一个,它使得用户的密钥存储空间以及公钥长度降到最低,且去除了加密过程中的配对运算,并能对明文进行离线预先加密。除此之外,它也是第一个可证安全的可托管公钥加密方案,它的安全性基于标准双线性Diffie-Hellman(BDH)假设。三、随机预言模型下身份基认证密钥协商协议的设计与分析。首次建立了认证Diffie-Hellman协议和身份基认证密钥协商协议之间的对应关系,提出了一种有效的协议平行设计方法。系统研究了身份基认证密钥协商协议的前向安全属性,继而提出了一个在托管模式下(即无PKG前向安全)达到完美前向安全的身份基认证密钥协商协议。在考虑预先计算的情形下,所提新协议比Wang的协议更为高效。并且,我们利用模块化证明方法,严格证明了所提新协议的基本安全属性及完美前向安全性。四、标准模型下身份基认证密钥协商协议的设计与分析。利用Gentry身份基加密方案,提出了第一个在标准模型下可证安全的身份基认证密钥协商协议。并且,我们还给出了所提基本协议在无托管模式下的扩展。更多还原

【Abstract】 In 2000, Sakai et al. and Joux independently found that bilinear pairings could be usedin constructive ways to build new cryptographic schemes, by presenting an identity-basedkey sharing scheme and a one-round tripartite key agreement protocol, respectively. Fromthen on, numerous novel and practical schemes has been proposed using bilinear pairings,such as identity-based encryption (IBE) schemes, short signature schemes and two-partyidentity-based key agreement protocols.Bilinear pairings have been used intensively as an important tool to design new crypto-graphic schemes, and recently this area has become a hot spot in public key cryptography.Besides, provable security based on complexity theory has become a prevailing method toevaluate the security of those newly proposed schemes. This thesis focuses on the designand analysis of new pairing-based cryptographic schemes, which is divided into two distinctparts. The first part studies public key encryption schemes, including identity-based encryp-tion schemes and public encryption schemes with two private keys. The second part exploresthe design and analysis of identity-based authenticated key agreement protocols, includingprotocols secure in the random oracle model and the standard model, respectively. The maincontributions of the thesis are as follows:1. The design and analysis of efficient identity-based encryption schemes. Firstly, we in-vestigate the real-world application setting for identity-based encryption schemes, i.e.,the multiple administrator domain environment, and then we propose a new provably-secure scheme based on the Sakai-Ohgishi-Kasahara private-key extraction algorithm.In the new scheme, the encryptor can have the pairing computation pre-computedoff-line and hence is more practical than the famous Boneh-Franklin scheme in themulti-domain environment. We also discuss its applications in global escrow ElGamalencryption, multi-receiver identity-based encryption and proxy re-encryption settings.Notably, our identity-based proxy re-encryption scheme solves the collusion attackproblem in the Green-Ateniese scheme, and to the best our knowledge, ours is the firstsuch scheme that employs the so-called key sharing strategy. 2. The design and analysis of escrowable public key encryption schemes (i.e. public-key encryption schemes with two decryption keys). We propose two efficient suchschemes. And, our second scheme is the most efficient one among all the existingconstructions in the literature. It eliminates pairing evaluation in the encryption pro-cedure and at the same time enables off-line pre-encryption. Besides, it is the firstprovably-secure escrowable public key encryption scheme and its security is based onthe standard bilinear Diffie-Hellman (BDH) assumption.3. The design and analysis of identity-based authenticated key agreement protocols thatare secure in the random oracle model. For the first time, we establish a close rela-tions between authenticated Diffie-Hellman protocols and identity-based authenticatedkey agreement protocols. We put forward a parallel design methodology for identity-based authenticated key agreement protocols. We investigate the forward secrecy ofthe identity-based authenticated key agreement protocols and propose a new efficientprotocol which achieves perfect forward secrecy in the escrowed mode. When pre-computation is possible, our new protocol is more efficient that that of Wang. Lastly,we strictly proved the security of the new protocol by adopting the modular prooftechnique.4. The design and analysis of identity-based authenticated key agreement protocols thatare secure in the standard model. We propose the first identity-based authenticatedkey agreement protocol that can be proven secure in the standard model. Besides, wealso extend our basic protocol to the escrowless model and the across-domain setting,respectively.更多还原