具有否认认证的SM9标识加密算法

doi:10.3778/j.issn.1673-9418.2207013

摘要/Abstract

摘要： SM9标识加密算法是我国自主设计的商用标识加密算法，它已成为国内标识加密算法行业的标准，并被广泛应用于诸如电子邮件、电子投票和网上谈判等。然而SM9标识加密算法不能有效保护发送者的身份隐私。为此，基于SM9标识加密算法，并结合否认认证协议，提出具有否认认证的SM9标识加密算法。该算法允许发送者在协议运行后否认其参与，只有预期的接收者可以识别给定消息的真实来源；与此同时，接收者不能使任何其他第三方相信消息是由特定发送者发送的。在DBDH困难问题假设下，给出具有否认认证的SM9标识加密算法的形式化定义和安全模型，并在随机预言模型下给出算法的安全性分析，证明该算法可同时满足否认性、保密性和否认认证性。理论分析和仿真实验表明，该算法不仅保持了SM9标识加密算法的效率优势，而且计算开销低于其他具有否认认证的标识加密算法。

关键词: SM9, 标识加密, 否认认证, 双线性对

Abstract: SM9 identity-based encryption algorithm is a commercial identity-based encryption algorithm independently designed by our country, which has become the standard of the domestic identity-based encryption algorithm industry, and is widely used in e-mail, electronic voting and online negotiation, etc. However, SM9 identity-based encryption algorithm can??t effectively protect the identity privacy of the sender. Based on SM9 identity-based encryption algorithm, combined with the deniable authentication protocol, this paper proposes SM9 identity-based encryption algorithm with deniable authentication. This algorithm allows the sender to deny its participation after the protocol runs, and only the intended receiver can identify the true source of the given message. At the same time, the receiver can??t convince any other third party that the message is sent by a specific sender. Under the assumption of DBDH??s difficult problem, the formal definition and security model of SM9 identity-based encryption algorithm with deniable authentication are given, and the security analysis of the algorithm is given under the random oracle model, which proves that the algorithm can satisfy denial, confidentiality and deniable authentication at the same time. Theoretical analysis and simulation experiments show that the proposed algorithm not only maintains the efficiency advantage of SM9 identity-based encryption algorithm, but also has a lower computational overhead than other identity-based encryption algorithms with deniable authentication.

Key words: SM9, identity-based encryption, deniable authentication, bilinear pairing

赵晨阳, 柯品惠, 林昌露. 具有否认认证的SM9标识加密算法[J]. 计算机科学与探索, 2023, 17(10): 2519-2528.

ZHAO Chenyang, KE Pinhui, LIN Changlu. SM9 Identity-Based Encryption Algorithm with Deniable Authentication[J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(10): 2519-2528.

参考文献

[1] BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[C]//Proceedings of the 21st Annual Interna-tional Cryptology Conference, Santa Barbara, Aug 19-23, 2001. Berlin, Heidelberg: Springer, 2001: 213-229.
[2] HORWITZ J, LYNN B. Toward hierarchical identity-based encryption[C]//Proceedings of the 2002 International Con-ference on the Theory and Applications of Cryptographic Techniques, Amsterdam, Apr 28-May 2, 2002. Berlin, Hei-delberg: Springer, 2002: 466-481.
[3] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]// Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, May 22-26, 2005. Berlin, Heidelberg: Springer, 2005: 457-473.
[4] BOLDYREVA A, GOYAL V, KUMAR V. Identity-based encryption with efficient revocation[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security, Alexandria, Oct 27-31, 2008. New York: ACM, 2008: 417-426.
[5] 密码行业标准化技术委员会. SM9标识密码算法： GM/T0044—2016[S]. 2018-03-10.
Cryptography Standardization Technical Committee. SM9 identity-based cryptographic algorithm: GM/T0044—2016[S]. 2018-03-10.
[6] CHENG Z. Security analysis of SM9 key agreement and encryption[C]//Proceedings of the 2018 International Con-ference on Information Security and Cryptology, Fuzhou, Dec 14-17, 2018. Cham: Springer, 2018: 3-25.
[7] SUN S, MA H, ZHANG R, et al. Server-aided immediate and robust user revocation mechanism for SM9[J]. Cyber-security, 2020, 3(1): 1-13.
[8] MU Y, XU H, LI P, et al. Secure two-party SM9 signing[J]. Science China Information Sciences, 2020, 63(8): 1-3.
[9] 赖建昌, 黄欣沂, 何德彪, 等. 国密SM9数字签名和密钥封装算法的安全性分析[J]. 中国科学: 信息科学, 2021, 51(11): 1900-1913.
LAI J C, HUANG X Y, HE D B, et al. Security analysis of SM9 digital signature and key encapsulation[J]. Scientia Sinica Informationis, 2021, 51(11): 1900-1913.
[10] 秦宝东, 张博鑫, 白雪. 基于仲裁的SM9标识加密算法[J]. 计算机学报, 2022, 45(2): 412-426.
QIN B D, ZHANG B X, BAI X. Mediated SM9 identity-based encryption algorithm[J]. Chinese Journal of Compu-ters, 2022, 45(2): 412-426.
[11] DWORK C, NAOR M, SAHAI A. Concurrent zero-know-ledge[C]//Proceedings of the 30th Annual ACM Symposium on Theory of Computing, Dallas, May 24-26, 1998. New York: ACM,1998: 409-418.
[12] AUMANN Y, RABIN M O. Efficient deniable authentica-tion of long messages[C]//Proceedings of the 1998 Interna-tional Conference on Theoretical Computer Science in Hon-our of Professor Manuel Blum??s 60th Birthday, California, Apr 26, 1998. Tokyo: CiNii, 1998: 20-24.
[13] DENG X, LEE C H, ZHU H. Deniable authentication proto-cols[J]. IEE Proceedings-Computers and Digital Techniques, 2001, 148(2): 101-104.
[14] CAO T, LIN D, XUE R. An efficient ID-based deniable authentication protocol from pairings[C]//Proceedings of the 19th International Conference on Advanced Informa-tion Networking and Applications, Taiwan, China, Mar 28-30, 2005. Piscataway: IEEE, 2005: 388-391.
[15] CHOU J S, CHEN Y, HUANG J C. A ID-based deniable authentication protocol on pairings[J]. Cryptology ePrint Archive, 2006: 335.
[16] LIM M H, LEE S, PARK Y, et al. An enhanced ID-based deniable authentication protocol on pairings[C]//LNCS 4706: Proceedings of the 2007 International Conference on Com-putational Science and Its Applications, Kuala Lumpur, Aug 26-29, 2007. Berlin, Heidelberg: Springer, 2007: 1008-1017.
[17] TIAN H, CHEN X, DING Y. Analysis of two types deniable authentication protocols[J]. International Journal of Network Security, 2009, 9(3): 242-246.
[18] LI F, XIONG P, JIN C. Identity-based deniable authentica-tion for ad hoc networks[J]. Computing, 2014, 96(9): 843-853.
[19] WU W, LI F. An efficient identity-based deniable authenti-cated encryption scheme[J]. KSII Transactions on Internet and Information Systems, 2015, 9(5): 1904-1919.
[20] HUANG W, LIAO Y, ZHOU S, et al. An efficient deniable authenticated encryption scheme for privacy protection[J]. IEEE Access, 2019, 7: 43453-43461.
[21] KAR J. Provably secure certificateless deniable authentica-ted encryption scheme[J]. Journal of Information Security and Applications, 2020, 54: 102581.
[22] POINTCHEVAL D, STERN J. Security arguments for digital signatures and blind signatures[J]. Journal of Crypto-logy, 2000, 13(3): 361-396.
[23] PBC Library. The pairing-based cryptography library[EB/OL]. (2013-06-14)[2022-06-01]. http://crypto.stanford.edu/pbc/.