明文编码随机化加密方案
CSTR:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

国家自然科学基金(61272435,61373020)


Randomized Coding of Plaintext Encryption Scheme
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61272435, 61373020)

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    对著名的最优非对称填充加密方案(RSA-OAEP)及其改进方案进行分析发现:(1)这些方案的明文填充机制均采用Hash函数来隐藏明文统计特性,然而Hash函数特有的属性导致RSA-OAEP及其改进方案的安全性证明难以在标准模型下进行.很多研究工作表明,在标准模型下假定RSA(或者其变形)是困难的,无法证明RSA-OAEP及其改进方案对自适应性选择密文攻击是安全性的;(2)这些方案加密的消息是明文填充随机化处理后的信息,因此被加密信息比实际明文多出k位(设用于填充的随机数为k位).针对这两个问题,构造了一个基于配对函数编码的RSA型加密方案.该方案具有如下属性:(1)无需Hash运算就可以隐藏明文统计特性,同时使得被加密消息的长度短于实际明文的长度;(2)在标准模型下对自适应选择密文攻击是安全的;(3)该方案应用于签密时不需要额外协商签名模与加密模的大小顺序.

    Abstract:

    The analysis on the well-known optimal asymmetric encryption and its improved schemes reveal some drawbacks. For one, these schemes use plaintext padding mechanism and hash functions to hide the statistic property of plaintext, and the property of Hash function makes it difficult to prove that these schemes or their variants are secure in the standard model. Many research works show that, assuming that RSA problem and their variants are difficult, it is difficult to prove the RSA-OAEP schemes or their improvements secure against adaptive chosen cipher-text attack in the standard model. In addition, because these schemes encrypt randomized message using padding mechanism, the randomized message is k-bit longer than the plain-text. This increases the computational complexity of these schemes. To address the problem, this paper proposes an RSA-type encryption scheme based pairing functions. This scheme has the following advantages. First, the scheme does not use hash function to hide the statistical property of plain-text, which makes it possible to prove its security in the standard model. In this scheme, the randomized message can be shorter than the plain-text. Second, it is proved in the standard model that the scheme is secure against adaptive chosen cipher-text attacks. Third, when used in sign-encryption, it is not necessary for the users to negotiate the order of signature modulus or the encryption modulus.

    参考文献
    相似文献
    引证文献
引用本文

巩林明,李顺东,王道顺,窦家维.明文编码随机化加密方案.软件学报,2017,28(2):372-383

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2015-04-17
  • 最后修改日期:2015-09-10
  • 录用日期:
  • 在线发布日期: 2017-01-24
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号