Author: |
陳炫豪 Chen, Hsuan-Hao |
---|---|
Thesis Title: |
可否認式配對加密系統 Deniable Matchmaking Encryption |
Advisor: |
紀博文
Chi, Po-Wen |
Committee: | 紀博文 王銘宏 莊允心 |
Approval Date: | 2021/07/30 |
Degree: |
碩士 Master |
Department: |
資訊工程學系 Department of Computer Science and Information Engineering |
Thesis Publication Year: | 2021 |
Academic Year: | 109 |
Language: | 英文 |
Number of pages: | 52 |
Keywords (in Chinese): | 可否認式加密系統 、配對加密系統 、變色龍雜湊函數 |
Keywords (in English): | Deniable Encryption, Matchmaking Encryption, Chameleon Hash Function |
DOI URL: | http://doi.org/10.6345/NTNU202101242 |
Thesis Type: | Academic thesis/ dissertation |
Reference times: | Clicks: 85 Downloads: 11 |
Share: |
School Collection Retrieve National Library Collection Retrieve Error Report |
我們提出了一個名為可否認式配對加密系統的新加密系統,這個加密系統是建立在配對加密系統的基礎上,並新增了可否認式加密系統的特性,使其在一些受到脅迫而必須公開密文或金鑰內容的場合,依舊能夠保護寄件者、收件者以及密文本身的安全性,這是一套能同時否認寄件者、收件者身分以及訊息內容的加密系統。
在可否認式配對加密系統中,寄件者以及收件者皆可以透過指定身分來保護密文,只有當雙方的身分皆符合加密時的指定身分時,密文才能被正確的解密,而對於任何非指定身分的一方,此密文皆不會洩漏任何資訊,並且,若今天發生了一些脅迫事件,迫使任一方或建立金鑰的公正第三方必須公開金鑰或公開原文時,因為此加密系統藉由變色龍雜湊函數的性質,可以產生出另一個不同寄件者、不同收件者以及不同原文的加密訊息,使得除了當事人雙方以外,其他人皆沒有辦法判定哪一組密文才是真正的密文,以此來保護當事人雙方的安全。
在理論方面,我們定義了可否認式配對加密系統的安全性,提供了完整的可否認式配對加密系統的架構,並證明了在配對加密系統是安全的情況下,我們的可否認式配對加密系統是安全的。而在實作方面,我們計算了可否認式配對加密系統的計算時間需求與計算空間需求並與配對加密系統進行比較。
We introduce a new encryption scheme, which is called Deniable Matchmaking Encryption (DME). This encryption scheme is based on Matchmaking Encryption (ME) and adds deniability on it. In some situations that users or the trusted third parties are coercered to reveal the plaintext or even the secret keys, this scheme can still protect the message and the identity of the sender and receiver. This is a Bi-identity-deniability encryption scheme.
In DME, The sender and the receiver can protect the message by specifying the other user's identity. Only when both the sender and the receivers' identities are matched, the ciphertext can be decrypted correctly, and for anyone does not match the identity acquirement, the ciphertext leaks no information.With the help of chameleon hash function, DME can generate an indistinguishable fake ciphertext, which the sender identity, receiver identity and the message are all fake, to protect the true ciphertext. So that if any malicious adversary coercers the users or trusted third parties to reveal the ciphertext or the secret keys, the adversary can not distinguish whether the ciphertext is true.
On the theoretical side, we define the security of DME and provide a DME encryption scheme. We prove that if ME is secure, our DME is also secure. On the practical side, we compute the space cost and computation cost of DME and compare it to ME.
[1] G. Ateniese and B. de Medeiros. Identitybased chameleon hash and applications. In A. Juels, editor, Financial Cryptography, pages 164–180, Berlin, Heidelberg, 2004.
Springer Berlin Heidelberg.
[2] G. Ateniese and B. de Medeiros. On the key exposure problem in chameleon hashes. In C. Blundo and S. Cimato, editors, Security in Communication Networks, pages165–179, Berlin, Heidelberg, 2005. Springer Berlin Heidelberg.
[3] G. Ateniese, D. Francati, D. Nuñez, and D. Venturi. Match me if you can: Matchmaking encryption and its applications. In A. Boldyreva and D. Micciancio, editors, Advances in Cryptology – CRYPTO 2019, pages 701–731, Cham, 2019. Springer International Publishing.
[4] N. Attrapadung and H. Imai. Conjunctive broadcast and attributebased encryption. In H. Shacham and B. Waters, editors, PairingBased Cryptography – Pairing 2009, pages 248–265, Berlin, Heidelberg, 2009. Springer Berlin Heidelberg.
[5] J. Bethencourt, A. Sahai, and B. Waters. Ciphertextpolicy attributebased encryption. In 2007 IEEE Symposium on Security and Privacy (SP ’07), pages 321–334, 2007.
[6] D. Boneh and M. Franklin. Identitybased encryption from the weil pairing. In
J. Kilian, editor, Advances in Cryptology — CRYPTO 2001, pages 213–229, Berlin,
Heidelberg, 2001. Springer Berlin Heidelberg.
[7] R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky. Deniable encryption. In B. S.
Kaliski, editor, Advances in Cryptology — CRYPTO ’97, pages 90–104, Berlin,
Heidelberg, 1997. Springer Berlin Heidelberg.
[8] D. L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84–90, Feb. 1981.
[9] X. Chen, F. Zhang, and K. Kim. Chameleon hashing without key exposure. In
K. Zhang and Y. Zheng, editors, Information Security, pages 87–98, Berlin, Heidelberg, 2004. Springer Berlin Heidelberg.
[10] X. Chen, F. Zhang, W. Susilo, and Y. Mu. Efficient generic online/offline signatures without key exposure. In J. Katz and M. Yung, editors, Applied Cryptography and Network Security, pages 18–30, Berlin, Heidelberg, 2007. Springer Berlin Heidelberg.
[11] J. Choi and S. Jung. A handover authentication using credentials based on chameleon hashing. IEEE Communications Letters, 14(1):54–56, 2010.
[12] I. Damgård and J. B. Nielsen. Improved noncommitting encryption schemes based on a general complexity assumption. In M. Bellare, editor, Advances in Cryptology — CRYPTO 2000, pages 432–450, Berlin, Heidelberg, 2000. Springer Berlin Heidelberg.
[13] Y. Desmedt and J.J. Quisquater. Publickey systems based on the difficulty of
tampering (is there a difference between des and rsa?). In A. M. Odlyzko, editor,
Advances in Cryptology — CRYPTO’ 86, pages 111–117, Berlin, Heidelberg, 1987.
Springer Berlin Heidelberg.
[14] C.I. Fan, L.Y. Huang, and P.H. Ho. Anonymous multireceiver identitybased encryption. IEEE Transactions on Computers, 59(9):1239–1249, 2010.
[15] D. M. Goldschlag, M. G. Reed, and P. F. Syverson. Hiding routing information. In R. Anderson, editor, Information Hiding, pages 137–150, Berlin, Heidelberg, 1996. Springer Berlin Heidelberg.
[16] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attributebased encryption for
finegrained access control of encrypted data. In Proceedings of the 13th ACM
Conference on Computer and Communications Security, CCS ’06, page 89–98,
New York, NY, USA, 2006. Association for Computing Machinery.
[17] S. Guo, D. Zeng, and Y. Xiang. Chameleon hashing for secure and privacypreserving vehicular communications. IEEE Transactions on Parallel and
Distributed Systems, 25(11):2794–2803, 2014.
[18] M. Klonowski, P. Kubiak, and M. Kutyłowski. Practical deniable encryption. In
V. Geffert, J. Karhumäki, A. Bertoni, B. Preneel, P. Návrat, and M. Bieliková, editors,
SOFSEM 2008: Theory and Practice of Computer Science, pages 599–609, Berlin,
Heidelberg, 2008. Springer Berlin Heidelberg.
[19] H. Krawczyk and T. Rabin. Chameleon hashing and signatures, 1998.
[20] A. Lewko and B. Waters. Decentralizing attributebased encryption. In K. G. Paterson, editor, Advances in Cryptology – EUROCRYPT 2011, pages 568–588, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.
[21] J. Li, J. Li, X. Chen, C. Jia, and W. Lou. Identitybased encryption with outsourced
revocation in cloud computing. IEEE Transactions on Computers, 64(2):425–437,
2015.
[22] U. M. Maurer and Y. Yacobi. Noninteractive publickey cryptography. In D. W.
Davies, editor, Advances in Cryptology — EUROCRYPT ’91, pages 498–507,
Berlin, Heidelberg, 1991. Springer Berlin Heidelberg.
[23] P. Mohassel. Onetime signatures and chameleon hash functions. In A. Biryukov, G. Gong, and D. R. Stinson, editors, Selected Areas in Cryptography, pages 302–319, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.
[24] S. Müller, S. Katzenbeisser, and C. Eckert. Distributed attributebased encryption. In P. J. Lee and J. H. Cheon, editors, Information Security and Cryptology – ICISC 2008, pages 20–36, Berlin, Heidelberg, 2009. Springer Berlin Heidelberg.
[25] A. O’Neill, C. Peikert, and B. Waters. Bideniable publickey encryption. In P. Rogaway, editor, Advances in Cryptology – CRYPTO 2011, pages 525–542, Berlin,
Heidelberg, 2011. Springer Berlin Heidelberg.
[26] A. Sahai and B. Waters. Fuzzy identitybased encryption. In R. Cramer, editor,
Advances in Cryptology – EUROCRYPT 2005, pages 457–473, Berlin, Heidelberg,
2005. Springer Berlin Heidelberg.
[27] A. Sahai and B. Waters. How to use indistinguishability obfuscation: Deniable encryption, and more. In Proceedings of the FortySixth Annual ACM Symposium
on Theory of Computing, STOC ’14, page 475–484, New York, NY, USA, 2014.
Association for Computing Machinery.
[28] A. Shamir. Identitybased cryptosystems and signature schemes. In G. R. Blakley and D. Chaum, editors, Advances in Cryptology, pages 47–53, Berlin, Heidelberg, 1985. Springer Berlin Heidelberg.
[29] H. Tanaka. A realization scheme for the identitybased cryptosystem. In C. Pomerance, editor, Advances in Cryptology — CRYPTO ’87, pages 340–349, Berlin, Heidelberg, 1988. Springer Berlin Heidelberg.
[30] S. Tsujii and T. Itoh. An idbased cryptosystem based on the discrete logarithm
problem. IEEE Journal on Selected Areas in Communications, 7(4):467–473, 1989.
[31] B. Waters. Efficient identitybased encryption without random oracles. In R. Cramer, editor, Advances in Cryptology – EUROCRYPT 2005, pages 114–127, Berlin, Heidelberg, 2005. Springer Berlin Heidelberg.