Forward-Secure Public-Key Encryption Scheme Based on SM9

doi:10.3778/j.issn.1673-9418.2310034

Abstract

Abstract: In the traditional hybrid cryptosystem, an attacker can generate the previously used session key to decrypt session contents encrypted under the session key due to the leakage of the current private key. To address this issue of leakage of the private key, this paper applies the key encapsulation mechanism and proposes a forward-secure public-key encryption scheme (FS-SM9) based on identity cryptosystem SM9. This paper also proves that the scheme is IND-FS-CPA under the hardness assumption (q, n)-DBDHI in the standard model. In the encryption scheme, the lifetime of the system is divided into multiple periods which are managed by a binary tree, which reduces the overheads of the system to a logarithmic level. The time information is embedded into the ciphertext when encrypting messages. Only the private key of the specific period can decrypt the ciphertext. Each private key is updated via an updating procedure and this updating procedure is unidirectional, during which a new private key is generated while the old one is deleted, so the forward security is preserved. Moreover, as shown by the performance analysis and experimental results, the scheme only introduces negligible overheads in achieving forward security under certain conditions. Therefore, the proposed scheme is practical and can be run on specific resource-constrained devices, providing forward security for these devices.

Key words: forward security, SM9, key encapsulation, chosen-plaintext security

摘要： 在传统的混合密码机制中，用户的私钥一旦泄露，攻击者就可以生成该用户前期使用的会话密钥，从而解密出用该会话密钥加密的会话内容。针对这种私钥泄露带来的安全问题，使用密钥封装技术，提出了一个基于标识密码SM9的前向安全的公钥加密方案（FS-SM9），并且在标准模型下，证明了该方案在[(q,n)-DBDHI]困难问题假设下是IND-FS-CPA安全的。在该方案中，系统可使用总时长分为多个时间段，同时使用二叉树管理时间段，将开销降至对数级别。在加密时将时间信息嵌入到密文中，只有特定时间段的私钥才能解密该密文，而私钥在每个时间段都会通过更新算法更新一次，生成新私钥，并删除旧私钥，该更新过程是单向的，所以能实现前向安全。此外，性能分析和实验结果都表明，该方案在实现前向安全的同时引入的额外时间开销在一定条件下是可忽略的。因此，该方案具有较好的实用性，可以运行在特定的资源受限的设备上，为这些设备提供前向安全保障。

关键词: 前向安全, SM9, 密钥封装, 选择明文安全

HUANG Wenfeng, XU Shengmin, MA Jinhua, NING Jianting, WU Wei. Forward-Secure Public-Key Encryption Scheme Based on SM9[J]. Journal of Frontiers of Computer Science and Technology, 2024, 18(12): 3348-3358.

黄文峰, 许胜民, 马金花, 宁建廷, 伍玮. 基于SM9的前向安全公钥加密方案[J]. 计算机科学与探索, 2024, 18(12): 3348-3358.

References

[1] CANETTI R, HALEVI S, KATZ J. A forward-secure public key encryption scheme[C]//Proceedings of the 2003 International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, May 4-8, 2003. Berlin, Heidelberg: Springer, 2003: 255-271.
[2] BLAKLEY G R. Safeguarding cryptographic keys[C]//Proceedings of the 1979 International Workshop on Managing Requirements Knowledge, New York, Jun 4-7, 1979. Washington: IEEE Computer Society, 1979: 313-318.
[3] SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612-613.
[4] DESMEDT Y. Threshold cryptosystems[C]//Proceedings of the 1992 International Workshop on the Theory and Application of Cryptographic Techniques. Berlin, Heidelberg: Springer, 1992: 1-14.
[5] HERZBERG A, JAKOBSSON M, JARECKI S, et al. Proactive public key and signature systems[C]//Proceedings of the 4th ACM Conference on Computer and Communications Security, Zurich, Apr 1-4, 1997.?New York: ACM, 1997: 100-110.
[6] BELLARE M, MINER S K. A forward-secure digital signature scheme[C]//Proceedings of the Annual International Cryptology Conference, Santa Barbara, Aug 15-19, 1999. Berlin, Heidelberg: Springer, 1999: 431-448.
[7] DIFFIE W, VAN OORSCHOT P C, WIENER M J. Authentication and authenticated key exchanges[J]. Designs, Codes and Cryptography, 1992, 2(2): 107-125.
[8] GüNTHER C G. An identity-based key-exchange protocol[C]//Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques, Houthalen, Apr 10-13, 1989. Berlin, Heidelberg: Springer, 1990: 29-37.
[9] DIFFIE W, HELLMAN M E. New directions in cryptography[M]//Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman. New York: ACM, 2022: 365-390.
[10] ABE M, GENNARO R, KUROSAWA K, et al. Tag-KEM/ DEM: a new framework for hybrid encryption and a new analysis of Kurosawa-Desmedt KEM[C]//Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg: Springer, 2005: 128-146.
[11] KUROSAWA K, DESMEDT Y. A new paradigm of hybrid encryption scheme[C]//Proceedings of the 24th Annual International Cryptology Conference, Santa Barbara, Aug 15-19, 2004. Berlin, Heidelberg: Springer, 2004: 426-442.
[12] DI-CRESCENZO G, ISHAI Y, OSTROVSKY R. Universal service-providers for database private information retrieval[C]//Proceedings of the 17th Annual ACM Symposium on Principles of Distributed Computing, Puerto Vallarta, Jun 28-Jul 2, 1998.?New York: ACM, 1998: 91-100.
[13] BELLARE M，YEE B. Forward-security in private-key cryptography[C]//Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, Apr 13-17, 2003. Berlin, Heidelberg: Springer, 2003: 1-18.
[14] BONEH D, BOYEN X, GOH E J. Hierarchical identity based encryption with constant size ciphertext[C]//Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg: Springer, 2005: 440-456.
[15] GREEN M D, MIERS I. Forward secure asynchronous messaging from puncturable encryption[C]//Proceedings of the 2015 IEEE Symposium on Security and Privacy, San Jose, May 17-21, 2015. Washington: IEEE Computer Society, 2015: 305-320.
[16] 涂彬彬, 王现方, 张立廷. 两种分布式SM2/9算法应用[J]. 密码学报, 2020, 7(6): 826-838.
TU B B, WANG X F, ZHANG L T. Two distributed applications of SM2 and SM9[J]. Journal of Software, 2020, 7(6): 826-838.
[17] 董一潇, 全建斌, 王明儒, 等. 国密SM9算法在物联网安全领域的应用研究[J]. 电信工程技术与标准化, 2022, 35(9): 22-27.
DONG Y X, QUAN J B, WANG M R, et al. Research on the application of SM9 algorithm in the security field of Internet of things[J]. Telecom Engineering Technics and Standardization. 2022, 35(9): 22-27.
[18] 唐飞, 甘宁, 阳祥贵, 等. 基于区块链与国密SM9的抗恶意KGC无证书签名方案[J]. 网络与信息安全学报, 2022, 8(6): 9-19.
TANG F, GAN N, YANG X G, et al. Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9[J]. Chinese Journal of Network and Information Security, 2022, 8(6): 9-19.
[19] 赖建昌, 黄欣沂, 何德彪, 等. 基于SM9的CCA安全广播加密方案[J]. 软件学报, 2023, 34(7): 3354-3364.
LAI J C, HUANG X Y, HE D B, et al. CCA secure broadcast encryption based on SM9[J]. Journal of Software. 2023, 34(7): 3354-3364.
[20] 张雪锋, 彭华. 一种基于SM9算法的盲签名方案研究[J]. 信息网络安全, 2019(8): 61-67.
ZHANG X F, PENG H. Blind signature scheme based on SM9 Algorithm[J]. Netinfo Security, 2019(8): 61-67.
[21] 杨亚涛, 蔡居良, 张筱薇, 等. 基于SM9算法可证明安全的区块链隐私保护方案[J]. 软件学报, 2019, 30(6): 1692-1704.
YANG Y T, CAI J L, ZHANG X W, et al. Privacy preserving scheme in block chain with provably secure based on SM9 algorithm[J]. Journal of Software, 2019, 30(6): 1692-1704.
[22] 许盛伟, 任雄鹏, 袁峰, 等. 一种关于SM9的安全密钥分发方案[J]. 计算机应用与软件, 2020, 37(1): 314-319.
XU S W, REN X P, YUAN F, et al. A secure key issuing scheme of SM9[J]. Computer Applications and Software, 2020, 37(1): 314-319.
[23] 赖建昌, 黄欣沂, 何德彪, 等. 基于商用密码SM9的高效分层标识加密[J]. 中国科学:信息科学, 2023, 53(5): 918-930.
LAI J C, HUANG X Y, HE D B, et al. An efficient hierarchical identity-based encryption based on SM9[J]. Scientia Sinica (Informationis), 2023, 53(5): 918-930.
[24] CHENG Z H, ZHAO H. Security analysis of SM9 key agreement and encryption[C]//Proceedings of the 14th International Conference on Information Security and Cryptology, Fuzhou, Dec 14-17, 2018. Cham: Springer, 2019: 3-25.
[25] 赖建昌, 黄欣沂, 何德彪, 等. 国密SM9数字签名和密钥封装算法的安全性分析[J]. 中国科学: 信息科学, 2021, 51(11): 1900-1913.
LAI J C, HUANG X Y, HE D B, et al. Security analysis of SM9 digital signature and key encapsulation[J]. Scientia Sinica (Informationis), 2021, 51(11): 1900-1913.
[26] BONEH D, LYNN B, SHACHAM H. Short signatures from the Weil pairing[C]//Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security. Berlin, Heidelberg: Springer, 2001: 514-532.
[27] BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[C]//Proceedings of the 21st Annual International Cryptology Conference. Berlin, Heidelberg: Springer, 2001: 213-229.
[28] GALBRAITH S D, PATERSON K G, SMART N P. Pairings for cryptographers[J]. Discrete Applied Mathematics, 2008, 156(16): 3113-3121.
[29] GOLDWASSER S, MICALI S. Probabilistic encryption & how to play mental poker keeping secret all partial information[M]//Providing Sound Foundations for Cryptography: on the Work of Shafi Goldwasser and Silvio Micali. New York: ACM, 2019: 173-201.
[30] BELLARE M, ROGAWAY P. Random oracles are practical: a paradigm for designing efficient protocols[C]//Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Nov 3-5, 1993. New York: ACM, 1993: 62-73.
[31] 密码行业标准化技术委员会. SM9标识密码算法第4部分: 密钥封装机制和公钥加密算法: GM/T0044.4—2016[S]. 北京: 中国标准出版社, 2016.
Technical Committee for Standardization of Cryptographic Industry. Identity-based cryptographic algorithm SM9 - part 4: key encapsulation mechanism and public key encryption algorithm: GM/T0044.4—2016[S]. Beijing: China Standards Press, 2016.
[32] 密码行业标准化技术委员会. SM9标识密码算法第5部分: 参数定义: GM/ T0044.5—2016[S]. 北京: 中国标准出版社, 2016.
Technical Committee for Standardization of Cryptographic Industry. Identity-based cryptographic algorithm SM9 - part 5: parameter definition: GM/T0044.5—2016[S]. Beijing: China Standards Press, 2016.
[33] 曾凡斐, 宋春地, 江大维, 等. 水电厂智能终端网联安全方案设计与实现[J]. 水电与抽水蓄能, 2022, 8(5): 54-61.
ZENG F F, SONG C D, JIANG D W, et al. Design and implementation of networked security solutions for intelligent terminals in hydropower plants[J]. Hydropower and Pumped Storage, 2022, 8(5): 54-61.