2024年3月16日发(作者:蔚来电动车价格及图片)

E?cientIdentity-BasedEncryptionWithoutRandomOracles

BrentWaters

Abstract

Wepresentthe?rste?cientIdentity-BasedEncryption(IBE)schemethatisfullysecure

?rstpresentourIBEconstructionandreducethesecurityofour

schemetothedecisionalBilinearDi?e-Hellman(BDH)onally,weshowthatour

techniquescanbeusedtobuildanewsignatureschemethatissecureunderthecomputational

Di?e-Hellmanassumptionwithoutrandomoracles.

1Introduction

Identity-BasedEncryptionallowsforapartytoencryptamessageusingtherecipient’sidentity

litytouseidentitiesaspublickeysavoidstheneedtodistributepublic

keycerti?nbeveryusefulinapplicationssuchasemailwheretherecipientisoften

o?-lineandunabletopresentapublic-keycerti?catewhilethesenderencryptsamessage.

The?rste?cientandsecuremethodforIdentity-BasedEncryptionwasputforthbyBonehand

Franklin[4].Theyproposedasolutionusinge?cientlycomputablebilinearmapsthatwasshown

hen,therehavebeenschemesshowntobesecure

withoutrandomoracles,butinaweakermodelofsecurityknowastheSelective-IDmodel[9,1].

Mostrecently,BonehandBoyen[2]describedaschemethatwasprovedtobefullysecurewithout

randomoracles;r,their

schemeistooine?cienttobeofpracticaluse.

Wepresentthe?rste?cientIdentity-BasedEncryptionschemethatisfullysecurewithout

ofofourschememakesuseofanalgebraicmethod?rstusedbyBoneh

andBoyen[1]andthesecurityofourschemereducestothedecisionalBilinearDi?e-Hellman

(BDH)assumption.

WeadditionallyshowthatourIBEschemeimpliesasecuresignatureschemeunderthecompu-

tationalDi?uspracticalsignatureschemes

thatweresecureinthestandardmodelreliedontheStrong-RSAassumption[12,11]ortheStrong-

BDHassumption[3].

1.1RelatedWork

Shamir[16]?rstpresentedtheideaofIdentity-BasedEncryptionasachallengetotheresearch

r,the?rstsecureande?cientschemeofBonehandFranklin[4]didnotappear

horstookanovelapproachinusinge?cientlycomputablebilinearmaps

inordertoachievetheirresult.

.[9]describeaweakermodelofsecurityforIdentity-BasedEncryptionthatthey

elective-IDmodeltheadversarymust?rstdeclarewhich

1

identihors

provideaschem

andBoyen[1]improveuponthisresultbydescribingane?cientschemethatissecureinthe

Selective-IDmodel.

Finally,BonehandBoyen[2]describeaschemethatisfullysecurewithoutrandomoracles.

However,theirconstructionistooine?cienttobeofpracticaluse.

1.2Organization

ion2wegiveoursecurityde?

ion4wepresenttheconstructionof

ion6wediscusshowour

schemecanbeextendedtoahierarchicalidentity-basedencryptionschemeandhowthatcanbe

ussthetransformationtoasignatureschemeinSection7.

Finally,weconcludeinSection8.

2SecurityDe?nitions

Inthissectionwepresentthede?nitionofsemanticsecurityagainstpassiveadversariesforIdentity-

?nitionwas?rstdescribedbyBonehandFranklin[4].Considerthe

ehasfourdistinctphases:

SetupThechallengergeneratesthemasterpublicparametersandgivesthemtotheadversary.

Phase1Theadversaryisallowedtomakeaqueryforaprivatekey,v,wherevisanidentity

speci?ersarycanrepeatthismultipletimesfordi?erentidentities.

ChallengeTheadversarysubmitsapublickey,v

?

,andtwomessagesM

0

andM

1

.Theadver-

sary’schoiceofv

?

isrestrictedtotheidentitiesthathedidnotrequestaprivatekeyforinPhase

llenger?ipsafairbinarycoin,γ,andreturnsanencryptionofM

γ

underthepublickey

v

?

.

Phase2Phase1isrepeatedwiththerestrictionthattheadversarycannotrequesttheprivate

keyforv

?

.

GuessTheadversarysubmitsaguess,γ

更多推荐

电动车,图片,价格,作者