免密钥托管的基于身份的分层加密机制研究
为解决基于身份加密的密钥托管问题,提出了一种针对密钥生成中心的密文不可区分性ACI-KGC的安全性的改进方案。该方案首先描述了如何改进架构,以达到ACI-KGC安全性。引入第三方信任机构ICA,通过匿名密钥生成协议联合生成用户私钥,在这一过程中,可以确保私钥生成器无法获知用户身份信息,从而无法伪造用户私钥。然后将改进的机制应用到现有的基于身份的分层加密方案中,并且分析证明,在保持性能的前提下达到了更好的安全性。...
Saved in:
Published in | 计算机工程与科学 Vol. 39; no. 5; pp. 870 - 876 |
---|---|
Main Author | |
Format | Journal Article |
Language | Chinese |
Published |
中南大学信息科学与工程学院,湖南长沙,410083
2017
|
Subjects | |
Online Access | Get full text |
ISSN | 1007-130X |
DOI | 10.3969/j.issn.1007-130X.2017.05.008 |
Cover
Summary: | 为解决基于身份加密的密钥托管问题,提出了一种针对密钥生成中心的密文不可区分性ACI-KGC的安全性的改进方案。该方案首先描述了如何改进架构,以达到ACI-KGC安全性。引入第三方信任机构ICA,通过匿名密钥生成协议联合生成用户私钥,在这一过程中,可以确保私钥生成器无法获知用户身份信息,从而无法伪造用户私钥。然后将改进的机制应用到现有的基于身份的分层加密方案中,并且分析证明,在保持性能的前提下达到了更好的安全性。 |
---|---|
Bibliography: | We present a new scheme to remove key escrow from the hierarchical identity-based en cryption (HIBE), based on the security notion of anonymous ciphertext indistinguishability against key generation center (ACI-KGC) proposed by Chow. In view of this, we firstly describe how to equip a modified framework in the HIBE system with the ACI-KGC security. The private key generator (PKG) and identity certificate authority (ICA) cooperate in an anonymous private key generation protocol, such that the PKG can issue a private key to a user authenticated by the ICA without knowing the list of us- ers' identities. Then, we apply the proposed scheme to the HIBE system, and theoretical analysis shows that the scheme can provide better security and maintain the performance. 43-1258/TP TANG Xin,QI Fang (School of Information Science and Engineering, Central South University, Changsha 410083, China) key escrow ; hierarchical identity-based encryption ; ACI-KGC security ; identity certificateauthority |
ISSN: | 1007-130X |
DOI: | 10.3969/j.issn.1007-130X.2017.05.008 |