计算机科学 ›› 2014, Vol. 41 ›› Issue (12): 101-106.doi: 10.11896/j.issn.1002-137X.2014.12.022
魏云,魏福山,马传贵
WEI Yun,WEI Fu-shan and MA Chuan-gui
摘要: 非交互密钥交换协议(Non-interactive Key Exchange,NIKE)允许通信双方在没有信息交互的情况下生成一个共享密钥。在基于身份的非交互密钥交换协议(Identity-based Non-interactive Key Exchange,ID-NIKE)中,用户私钥是由私钥生成中心(Private Key Generator,PKG)分发给用户的,因此PKG可以计算出用户之间的共享密钥,即存在密钥托管的问题。针对ID-NIKE的上述不足,基于无证书的公钥密码体制(Certificateless Public Key Cryptography,CL-PKC),首先提出了无证书非交互密钥交换协议的安全模型,然后设计了一个强安全的无证书非交互密钥交换协议方案,并在随机预言模型下基于BDH假设给出了协议的安全性证明。该方案是第一个基于CL-PKC的非交互密钥交换协议方案,并结合了CL-PKC和NIKE的优点,因此该方案不仅具有非交互的性质,而且PKG计算不出用户间的共享密钥,所以其可以更好地保护用户隐私。另外,该协议还允许用户部分秘密信息泄露,因此具有更高的安全性。
| [1] Dodis Y,Katz J,Smith A,et al.Composability and on-line deniability of authentication[M]∥Theory of Cryptography.Berlin,Springer Berlin Heidelberg,2009:146-162 [2] Boyd C,Mao W,Paterson K G.Key agreement using statically keyed authenticators[C]∥Second International Conference,ACNS 2004,Yellow Mountain,China,2004:248-262 [3] Jakobsson M,Sako K,Impagliazzo R.Designated verifier proofs and their applications[C]∥International Conference on the Theory and Application of Cryptographic Techniques.Saragossa,1996:143-154 [4] Diffie W,Hellman M.New directions in cryptography[J].IEEE Transactions on Information Theory,1976,22(6):644-654 [5] Bernstein D J.Curve25519:new Diffie-Hellman speed records[C]∥9th International Conference on Theory and Practice in Public-Key Cryptography.New York,2006:207-228 [6] Cash D,Kiltz E,Shoup V.The twin Diffie-Hellman problem and applications[M]∥Advances in cryptology-EUROCRYPT 2008.Berlin,Springer Berlin Heidelberg,2008:127-145 [7] Freire E S V,Hofheinz D,Kiltz E,et al.Non-interactive key exchange[M]∥Public-Key Cryptography-PKC 2013.Berlin,Springer Berlin Heidelberg,2013:254-271 [8] Boneh D,Zhandry M.Multiparty key exchange,efficient traitor tracing,and more from indistinguishability obfuscation[R].Cryptology ePrint Archive,Report 2013/642,2013 [9] Maurer U M,Yacobi Y.Non-interactive public-key cryptogra-phy[M]∥Advances in Cryptology-EUROCRYPT’91.Berlin,Springer Berlin Heidelberg,1991:498-507 [10] Lim C H,Lee P J.Modified Maurer-Yacobi's scheme and its applications[M]∥Advances in Cryptology-AUSCRYPT’92.Berlin,Springer Berlin Heidelberg,1993:308-323 [11] Maurer U M,Yacobi Y.A non-interactive public-key distribu-tion system[J].Designs,Codes and Cryptography,1996,9(3):305-316 [12] Maurer M,Kügler D.A note on the weakness of the Maurer-Yacobi squaring method[R].Technical report,TI 15/99,TU Darmstadt,1999 [13] Sakai R,Ohgishi K,Kasahara M.Cryptosystems based on pai-rings[C]∥The 2000 Symposium on Cryptography and Information Security.Okinawa,2000:26-28 [14] Dupont R,Enge A.Provably secure non-interactive key distribu-tion based on pairings[J].Discrete Applied Mathematics,2006,154(2):270-276 [15] Paterson K G,Srinivasan S.On the relations between non-interactive key distribution,identity-based encryption and trapdoor discrete log groups[J].Designs,Codes and Cryptography,2009,52(2):219-241 [16] Freire E S V,Hofheinz D,Paterson K G,et al.Programmable Hash Functions in the Multilinear Setting?[M]∥Advances in Cryptology-CRYPTO 2013.Berlin,Springer Berlin Heidelberg,2013:513-530 [17] Steinwandt R,Corona A S.Identity-based non-interactive keydistribution with forward security[J].Designs,Codes and Cryptography,2012,64(1/2):195-208 [18] Lin X J,Ren Ran,Wei Z G,et al.Comment on “Identity-based non-interactive key distribution with forward security”[J].Designs,Codes and Cryptography,2013:1-7 [19] Wu T S,Lin H Y.Non-Interactive Authenticated Key Agreement over the Mobile Communication Network[J].Mobile Networks and Applications,2013,18:594-599 |
| No related articles found! |
|
||
首页