摘要
用户撤销是基于身份的代理重签名方案在应用中必须解决的重要问题。针对目前基于身份的代理重签名方案不支持用户撤销的问题,引入了可撤销的基于身份代理重签名密码体制,并给出了相应的形式化定义和安全模型。基于代理重签名方案和二叉树结构,构造了一个可撤销的基于身份的代理重签名方案。在所构造的方案中,用户的签名密钥由秘密密钥和更新密钥两部分组成。通过安全信道传输的秘密密钥是固定的,但利用公开信道广播的更新密钥是周期性变化的。只有未被撤销的用户才能获得更新密钥,并使秘密密钥随机化,更新密钥生成当前时间段的签名密钥。在标准模型下证明了所构造的方案在适应性选择身份和消息攻击下是存在不可伪造的,并满足双向性、多用性和抗签名密钥泄露攻击性。分析结果表明,所构造的方案高效地实现了用户的撤销与密钥的更新,具有良好的延展性。
User revocation is necessary to the practical application of identity-based proxy re-signature scheme. To solve the problem that the existing identity-based proxy re-signature schemes cannot provide revocation functionality, the notion of revocable identity-based proxy re-signature was introduced. Furthermore, the formal definition and security model of revocable identity-based proxy re-signature were presented. Based on proxy re-signature scheme and binary tree structure, a revocable identity-based proxy re-signature scheme was proposed. In the proposed, scheme, the user's signing key consists of two parts, a secret key and an update key. The secret key transmitted over the secure channel is fixed, but the update key broadcasted by the public channel is periodically changed. Only the user who has not been revoked can obtain the update key, and then randomize the secret key and update the key to generate the corresponding signature key of the current time period. In the standard model, the proposed scheme is proved to be existentially unforgeable against adaptive chosen-identity and chosen-message attacks. In addition, the proposed scheme has properties of bidirectionality and multi-use, and can resist signing key exposure attacks. The analysis results show that the proposed scheme can efficiently revoke the user and update the user's key, and thus it has good scalability.
引文
[1]YANG T,YU B,WANG H,et al.Cryptanalysis and improvement of Panda-public auditing for shared data in cloud and internet of things[J].Multimedia Tools and Applications,2017,76(19):19411-19428.
[2]SOOKHAK M,GANI A,KHAN M K,et al.Dynamic remote data auditing for securing big data storage in cloud computing[J].Information Sciences,2017,380:101-116.
[3]WATERS B.Efficient identity-based encryption without random oracles[C]//The 24th Annual International Conference on The Theory and Application of Cryptographic Techniques.IACR,2005:114-127.
[4]SHAO J,CAO Z,WANG L,et al.Proxy re-signature schemes without random oracles[C]//The 8th International Conference on Cryptology.Springer,2007:197-209.
[5]FENG J,LAN C,JIA B.ID-based proxy re-signature scheme with strong unforgeability[J].Journal of Computer Applications,2014,34(11):3291-3294.
[6]HU X,ZHANG Z,YANG Y.Identity based proxy re-signature schemes without random oracle[C]//Computational Intelligence and Security.2009:256-259.
[7]SHAO J,WEI G,LING Y,et al.Unidirectional identity-based proxy re-signature[C]//IEEE International Conference on Communications.2011:1-5.
[8]HUANG P,YANG X,YAN L I,et al.Identity-based proxy re-signature scheme without bilinear pairing[J].Journal of Computer Applications,2015,35(6):1678-1682.
[9]JIANG M M,HU Y P,WANG B C,et al.Identity-based unidirectional proxy re-signature over lattice[J].Journal of Electronics&Information Technology,2014,36(3):645-649.
[10]TIAN M M.Identity-based proxy re-signatures from lattices[J].Information Processing Letters,2015,115(4):462-467.
[11]CANETTI R,GOLDREICH O,HALEVI S.The random oracle methodology,revisited[J].Journal of the ACM,2004,51(4):557-594.
[12]BONEH D,FRANKLIN M.Identity-based encryption from the weil pairing[C]//Advances in CRYPTO.2001:213-229.
[13]BOLDYREVA A,GOYAL V,KUMAR V.Identity-based encryption with efficient revocation[C]//ACM Conference on Computer and Communications Security.2008:417-426.
[14]LEE K,LEE D H,PARK J H.Efficient revocable identity-based encryption via subset difference methods[J].Designs,Codes and Cryptography,2017,85(1):39-76.
[15]ZHANG L,SUN Z,MU Y,et al.Revocable hierarchical identity-based encryption over lattice for pay-tv systems[J].International Journal of Embedded Systems,2017,9(4):379-398.
[16]TSAI T T,TSENG Y M,WU T Y.Provably secure revocable ID-based signature in the standard model[J].Security and Communication Networks,2013,6(10):1250-1260.
[17]LIU Z,ZHANG X,HU Y,et al.Revocable and strongly unforgeable ID-based signature scheme in the standard model[J].Security and Communication Networks,2016,9(14):2422-2433.
[18]JIA X,HE D,ZEADALLY S,et al.Efficient revocable ID-based signature with cloud revocation server[J].IEEE Access,2017,5:2945-2954.
[19]YANG X,YANG P,AN F,et al.Cryptanalysis and improvement of a strongly unforgeable identity-based signature scheme[C]//International Conference on Information Security and Cryptology.Springer.2017:196-208.
[20]ZHAO J,WEI B,SU Y.Communication-efficient revocable identity-based signature from multilinear maps[J].Journal of Ambient Intelligence and Humanized Computing,2019,10(1):1-12.
[21]WEI J,HUANG X,HU X,et al.Revocable threshold attribute-based signature against signing key exposure[C]//International Conference on Information Security Practice and Experience.2015:316-330.
[22]ZHENG Q,LI Q,AZGIN A,et al.Data verification in information-centric networking with efficient revocable certificateless signature[C]//IEEE Conference on Communications and Network Security.IEEE,2017:1-9.
[23]HUNG Y H,TSENG Y M,HUANG S S.Lattice-based revocable certificateless signature[J].Symmetry,2017,9(10):242-259.
[24]XU S,YANG G,MU Y.A new revocable and re-delegable proxy signature and its application[J].Journal of Computer Science and Technology,2018,33(2):380-399.
[25]WEI J,LIU W,HU X.Forward-secure identity-based signature with efficient revocation[J].International Journal of Computer Mathematics,2017,94(7):1390-1411.
[26]NAOR D,NAOR M,LOTSPIECH J.Revocation and tracing schemes for stateless receivers[C]//The 21st Annual International Cyptology Conference.IACR,2001:41-62.