基于身份加密的密钥管理方案研究

145(100049)(IBE)IBE()ResearchonKeyManagementSchemesforIBEZHENGXiaolin,JINGJiwu(StateKeyLaboratoryofInformationSecurity,GraduateSchoolofChineseAcademyofSciences,Beijing100049)AbstractInIBEsystem,keyupdateandkeyescrowaredifficultproblemswhichcouldn’tbewellsolved.ThispaperintroducessometypicalkeymanagementschemesforIBE.Fromengineeringapplicationpointofview,itcomparestheseschemesfromsecurity,systemcomplexity(cost),adaptabilityandotheraspects.KeywordsIdentitybasedencryption(IBE);Keyescrow;KeyupdateComputerEngineering3221Vol.32No.21200611November2006··10003428(2006)21014503ATP393.081(IdentityBasedEncryption,IBE)RSAAdiShamir1984(1)AliceBobbob@b.combob@b.comBob(PrivateKeyGeneratorPKG)BobAliceBob1,EncryptwithPublicKey:Name=bob@b.com2,BobAuthenticates3,PrivateKeyforbob@b.comSendSecureE-mailPKG,PrivateKeyGenerator1IBEIBEPKGPKICAIBEPKGIBEPKICRLOCSPIBEIBEIBE42IBEShamirIBE4(1):,,,,*pubSetupMCsP→(,)pubsPMC*(2)Extrats(ID)=dIDIDsdID(3)(,)()pubIDPEncrptmc=mIDpubPc(4)(,)()IDdPDecryptcm=cdIDm(IBE)1984Shamir863(2003AA144051)(1980)2005-12-25E-mailxlzheng@lois.cn1462001DanBonehMatthewFranklin[1]BF-IBEDH(BDH)[2]3IBE1IBE4IBE3.1DanBoneh_MatthewFranklin[1]IBEBonehFranklinBF-IBE[1]BonehFranklin{(),}iPKCEcryptMt=ttIDPKGdID()IDdMDecryptC=3.2DaeHyun_PilJoongLee[3][3]DaeHyunPilJoongLeeIBEBF-IBE7(1)CL_Genparams*CLSK(2)CL_Ext_Partial_Pri_Keyidparams*CLSKidCLD(3)CL_Set_Sec_ValparamsididCLS(4)CL_Set_Pri_KeyparamsidCLDidCLSidCLSK(5)CL_Set_Pub_KeyparamsididCLSidCLPK(6)CL_Enc_(,)IDCLPKparamsCLEncMidC=(7)CL_Dec_()IDCLSKparamsCLDecCM=CL_GenCL_Ext_Partial_Pri_KeyPKGCL_Set_Sec_ValCL_Set_Pri_KeyCL_Set_Pub_Key3[3]3.3YevgeniyDodis_MotiYung[4][4]DodisYungIBE(HierarchicalIBE)[4](2)GentrySliverbergHIBE(1)12,,GGe0,qs∈Z01PG∈,000QsP=*11:{0,1}HG→,22:{0,1}nHG→120012(,,,,,,)PKGGePQHH=*0SKs=(2)0t≥12(,,,)tIDIDIDK1tsG∈1111(,,)ttPHIDID++=K1tttQsP+=11111001(,,,)ttiittissPQsPQsP++−====∑K(3)12(,,,)tIDIDIDK{0,1}nM∈Q0111(,...,)iiPHIDIDG=∈01,(,)qrgeQrP∈=Z022[,(),,,]tCrPMHgrPrP=⊕K(4)02[,,,,]tCUVUU=K001(,),(,)tiiifeUSfeQU−==022()tfMVHff=⊕K11(,,,)ttsQQ−K**11,,tss−K*12:tttiiisssP−==+∑*0:iiiQQsP=+21ID31ID32ID22ID12ID13ID23ID14ID0RootID11ID2HIBE3.4Yumiko_Goichiro[5]YumikoGoichiro2004[5]IBE3.3HIBEDodisKatzXuYung(key-insulated)[6](privatedevice)3.33012(.),(.),(.)TTTtT0(2005/Jul/26/14:00)=2005/Jul/26T1(2005/Jul/26/14:00)=2005/Jul-SepT0(t)=0,36(1)PGENIKEparamss(2)GENIKEparamssID012000(,,)ddd00d0(1,2)idi=i(3)(i=1,2)iIKEVGen−iiIKEVGen−itdparamst14711()iiTtδ−−(4)(1,2)iIKEUpdi=i1itd−params11()iiTtδ−−11()iiTtd−−1()iTt−(5)EncIKEMparamsIDt,Ct(6)DecIKE,Ctparams0tdMPGENIKEGENIKEPKG[5]4IBE4IBE()4.1DanBoneh_MatthewFranklinPKGDaeHyun_PilJoongLeeCL_Set_Pri_KeyYevgeniyDodis_MotiYungYumiko_Goichirott*4.2DanBoneh_MatthewFranklintPKGIBEDaeHyun_PilJoongLeeIBEYevgeniyDodis_MotiYungIBEYumiko_Goichirottt*IBE4.3DanBoneh_MatthewFranklinPKGPKGPKGPKGDaeHyun_PilJoongLee4.2IBEYevgeniyDodis_MotiYungYumiko_Goichirot*(privatedevice)4.4()DanBoneh_MatthewFranklinIBEPKGDaeHyun_PilJoongLeePKIRSAIBECACAYevgeniyDodis_MotiYung11(,,,)ttsQQ−Kt-1(11,,tQQ−K)CACA→CA→CA→…→…Yumiko_Goichiro4.5DanBoneh_MatthewFranklinDaeHyun_PilJoongLeePKIYevgeniyDodis_MotiYung4.4PKIYumiko_Goichiro54IBEYumiko_GoichiroIBEIBE151151(dense)(sparse)3811001100100.2733469348jRj=101E825165824(1024*1024*3*8)1g84328q,c0q015047619049523810c0150001650499983502q012c8432c8q,c0q014999987850000122c0149996352500036484241E-60128101383[0,1](2)1,,.[J].,1996,41(5):402-405.2KotulskiZ,SzczepaskiJ.ApplicationofDiscreteChaoticDynamicalSystemsinCryptography--DCCMethod[J].InternationalJournalofBifurcationandChaos,1999,9(6):1121-1135.3JakimoskiG,KocarevL.ChaosandCryptography:BlockEncryptionCiphersBasedonChaoticMaps[J].IEEETransactionsonCircuitsSystem-1:FundamentalTheoryandApplications,2001,48(2):163-169.4.[J].(),2002,17(6):318-322.5,.[J].,2003,25(11):1514-1518.6,.Hash[J].,2003,26(4):460-464.7,.[J].,2003,31(8):1209-1212.8LiHD,FengDD.StreamCipherAlgorithmsBasedonCompositeNonlinearDiscreteChaoticDynamicalSystems[J].JournalofSoftware,2003,14(5):991-998.9,.[M].:,2001.10BaranovskyA,DaemsD.DesignofOne-dimensionalChaoticMapswithPrescribedStatisticalProperties[J].InternationalJournalofBifurcationandChaos,1995,5(6):1585-1598.11.[M].:,2000.12,.[M].:,1999.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~1471BonehD,FranklinM.Identity-basedEncryptionfromtheWeilPairing[C].Proc.ofCrypto'01.Springer-Verlag,2001:213-229.2BonehD.TheDecisionDiffie-hellmanProblem[C].Proc.ofICANN’98.Springer-Verlag,1998:48-63.3YumDH,LeePJ.Identity-basedCryptographyinPublicKeyManagement[C].Proc.ofEuroPKI’04,2004:71-84.4DodisY,YungM.Exposure-resilienceforFree:TheHierarchicalID-basedEncryptionCase[C].Proc.ofIEEESecurityinStorageWorkshop,2002:45-52.5HanaokaY,HanaokaG,ShikataJ,etal.Identity-basedEncryptionwithNon-interactiveKeyUpdate[C].IACRePrintArchive,2004.6DodisY,KatzJ,XuS,etal.Key-insulatedPublicKeyCryptosystems[C].Proc.ofEurocrypt'02.Springer-Verlag,2002:65-82.7,,.[J].,2004,50(10):164-166.g0rib1b2b3b4b5…bn-1bn