本文選題：格公鑰密碼　切入點：無證書公鑰加密　出處：《西安電子科技大學》2014年博士論文　論文類型：學位論文

【摘要】：隨著量子計算機的發(fā)展,研究者發(fā)現(xiàn)利用量子計算機可以在多項式時間內(nèi)解決離散對數(shù)問題和大整數(shù)分解問題。那么基于這兩個困難問題的密碼體制在量子環(huán)境下將不再安全。因此,研究量子環(huán)境下安全的密碼體制是非常有意義的。格公鑰密碼作為后量子密碼的典型代表,具有良好的密碼學性質(zhì)。雖然格公鑰密碼在最近幾年取得了突破性進展和很多重要成果,但總體來說還是處在研究初期,與基于離散對數(shù)和大整數(shù)分解問題的密碼體制相比,還遠遠不夠成熟,還有很多問題需要解決。該論文對格公鑰密碼進行了深入的研究與分析,主要取得如下結(jié)果：1、利用格上第一個基于身份的加密方案,構(gòu)造了一個無證書加密方案,與基于離散對數(shù)問題和大整數(shù)分解問題的無證書加密方案相比,該方案的大部分計算都是矩陣向量乘法和內(nèi)積運算,計算復雜度較低,并且在量子環(huán)境下是安全的。2、利用無陷門簽名技術(shù)和小范數(shù)矩陣傳遞技術(shù),基于格上的小整數(shù)解問題,構(gòu)造了一個高效代理簽名方案。方案中的小范數(shù)矩陣傳遞技術(shù)可以控制代理簽名私鑰的維數(shù),使得代理簽名私鑰的維數(shù)小于原始簽名私鑰的維數(shù)。與基于盆景樹原理和固定維數(shù)的格基委托技術(shù)構(gòu)造的代理簽名方案相比,大大降低了代理簽名私鑰和代理簽名的尺寸。3、針對量子環(huán)境下基于大整數(shù)分解與離散對數(shù)困難問題的代理重簽名的不安全性,提出一種能夠抵抗量子攻擊的代理重簽名方案。借助Xagawa的代理重加密技術(shù)和格上的無陷門簽名技術(shù),構(gòu)造了第一個基于格的代理重簽名方案,并運用格上的小整數(shù)解問題的困難性對其進行了安全性證明。證明和效率分析結(jié)果表明,該方案具有雙向性、多次使用性、密鑰最優(yōu)性以及透明性,與基于其它困難問題的代理重簽名方案相比,具有漸近計算復雜度低的優(yōu)點。最后,把該方案擴展為基于身份的代理重簽名方案。4、利用原像抽樣算法構(gòu)造了格上第一個多次使用的單向代理重簽名方案,部分解決了Libert等在CCS 2008上提出的公開問題。該方案基于格上的小整數(shù)解問題,其驗證開銷不會隨著變換次數(shù)的增加而增大,并且簽名尺寸隨著變換次數(shù)的增加呈線性增長。5、利用原像抽樣技術(shù)與固定維數(shù)的格基委派技術(shù),基于格上的小整數(shù)解問題,構(gòu)造了格上第一個基于身份的單向代理重簽名方案。該方案具有單向性,多次使用性等性質(zhì)。與其他具有相同性質(zhì)的基于身份的代理重簽名相比,具有驗證開銷小,漸近復雜度低等優(yōu)點。6、利用原像抽樣技術(shù),構(gòu)造了格上第一個多次使用的單向代理重加密方案。該方案的代理重加密密鑰不需要雙方私鑰的交互就可以生成,從而可以抵抗合謀攻擊,并且被證明在標準模型下是CPA安全的。同時擴展為基于身份的單向代理重加密方案。
[Abstract]:With the development of quantum computer, Researchers have found that quantum computers can solve discrete logarithm problems and large integer decomposition problems in polynomial time. The cryptosystem based on these two difficult problems will no longer be secure in quantum environment. It is very meaningful to study secure cryptosystem in quantum environment. Lattice public key cryptography is a typical representative of post-quantum cryptography. Although lattice public key cryptography has made a breakthrough and many important achievements in recent years, generally speaking, it is still in the early stage of study, compared with the cryptosystem based on discrete logarithm and large integer decomposition. It is still far from mature, there are still many problems to be solved. This paper deeply studies and analyzes the lattice public key cryptography, and obtains the following results: 1, using the first identity-based encryption scheme on the lattice. A certificate free encryption scheme is constructed. Compared with the certificate free encryption scheme based on discrete logarithm problem and large integer decomposition problem, most of the computations of the scheme are matrix vector multiplication and inner product operation, and the computational complexity is lower than that of the one based on discrete logarithm problem and large integer decomposition problem. And it is safe in quantum environment. By using the technique of no-trapdoor signature and small norm matrix transfer, the problem of small integer solution is based on the lattice. In this paper, an efficient proxy signature scheme is constructed, in which the dimension of the private key of proxy signature can be controlled by the small norm matrix transfer technique. The dimension of the proxy signature private key is smaller than that of the original signature private key. The size of private key and proxy signature of proxy signature is greatly reduced. The security of proxy resignature based on the problem of large integer decomposition and discrete logarithm in quantum environment is greatly reduced. A proxy resignature scheme, which can resist quantum attack, is proposed. The first lattice-based proxy resignature scheme is constructed by means of proxy reencryption technology of Xagawa and non-trapping door signature technology. The security of the scheme is proved by using the difficulty of solving the problem of small integers on lattices. The results of proof and efficiency analysis show that the scheme is bidirectional, multiple use, key optimality and transparency. Compared with the proxy resignature scheme based on other difficult problems, it has the advantage of low asymptotic computational complexity. Finally, The scheme is extended to an identity-based proxy resignature scheme. 4, and the first unidirectional proxy resignature scheme is constructed by using the original image sampling algorithm. This scheme is based on the small integer solution problem on lattice, and the verification overhead does not increase with the increase of the number of transformations. And the size of signature increases linearly with the increase of transformation times. 5. By using the original image sampling technique and the fixed dimension lattice-assignment technique, the small integer solution problem on the lattice is used to solve the problem. The first identity-based proxy resignature scheme on a lattice is constructed. The scheme has the properties of unidirectionality and multiple usage. Compared with other identity-based proxy resignature schemes with the same property, the scheme has less verification overhead. The asymptotic complexity is low. 6. By using the original image sampling technique, the first unidirectional proxy reencryption scheme is constructed on the lattice. The proxy reencryption key of the scheme can be generated without the interaction of the two private keys. It can resist collusion attack and is proved to be CPA secure under the standard model. It is also extended to an identity-based one-way proxy reencryption scheme.
【學位授予單位】：西安電子科技大學
【學位級別】：博士
【學位授予年份】：2014
【分類號】：TN918.4;O413

【參考文獻】

相關(guān)期刊論文 前1條

1 WANG FengHe;HU YuPu;WANG BaoCang;;Lattice-based linearly homomorphic signature scheme over binary field[J];Science China(Information Sciences);2013年11期

，

本文編號：1567112