计算机科学与探索 ›› 2023, Vol. 17 ›› Issue (10): 2519-2528.DOI: 10.3778/j.issn.1673-9418.2207013

• 网络·安全 • 上一篇    

具有否认认证的SM9标识加密算法

赵晨阳,柯品惠,林昌露   

  1. 1. 福建师范大学 计算机与网络空间安全学院,福州 350117
    2. 福建师范大学 数学与统计学院,福州 350117
  • 出版日期:2023-10-01 发布日期:2023-10-01

SM9 Identity-Based Encryption Algorithm with Deniable Authentication

ZHAO Chenyang, KE Pinhui, LIN Changlu   

  1. 1. College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China
    2. College of Mathematics and Statistics, Fujian Normal University, Fuzhou 350117, China
  • Online:2023-10-01 Published:2023-10-01

摘要: SM9标识加密算法是我国自主设计的商用标识加密算法,它已成为国内标识加密算法行业的标准,并被广泛应用于诸如电子邮件、电子投票和网上谈判等。然而SM9标识加密算法不能有效保护发送者的身份隐私。为此,基于SM9标识加密算法,并结合否认认证协议,提出具有否认认证的SM9标识加密算法。该算法允许发送者在协议运行后否认其参与,只有预期的接收者可以识别给定消息的真实来源;与此同时,接收者不能使任何其他第三方相信消息是由特定发送者发送的。在DBDH困难问题假设下,给出具有否认认证的SM9标识加密算法的形式化定义和安全模型,并在随机预言模型下给出算法的安全性分析,证明该算法可同时满足否认性、保密性和否认认证性。理论分析和仿真实验表明,该算法不仅保持了SM9标识加密算法的效率优势,而且计算开销低于其他具有否认认证的标识加密算法。

关键词: SM9, 标识加密, 否认认证, 双线性对

Abstract: SM9 identity-based encryption algorithm is a commercial identity-based encryption algorithm independently designed by our country, which has become the standard of the domestic identity-based encryption algorithm industry, and is widely used in e-mail, electronic voting and online negotiation, etc. However, SM9 identity-based encryption algorithm can??t effectively protect the identity privacy of the sender. Based on SM9 identity-based encryption algorithm, combined with the deniable authentication protocol, this paper proposes SM9 identity-based encryption algorithm with deniable authentication. This algorithm allows the sender to deny its participation after the protocol runs, and only the intended receiver can identify the true source of the given message. At the same time, the receiver can??t convince any other third party that the message is sent by a specific sender. Under the assumption of DBDH??s difficult problem, the formal definition and security model of SM9 identity-based encryption algorithm with deniable authentication are given, and the security analysis of the algorithm is given under the random oracle model, which proves that the algorithm can satisfy denial, confidentiality and deniable authentication at the same time. Theoretical analysis and simulation experiments show that the proposed algorithm not only maintains the efficiency advantage of SM9 identity-based encryption algorithm, but also has a lower computational overhead than other identity-based encryption algorithms with deniable authentication.

Key words: SM9, identity-based encryption, deniable authentication, bilinear pairing