高级检索

    基于LWE的高效身份基分级加密方案

    Efficient Hierarchical Identity-Based Encryption Scheme from Learning with Errors

    • 摘要: 格上可固定维数陷门派生的身份基分级加密(hierarchical identity-based encryption, HIBE)体制,因其具有在陷门派生前后格的维数保持不变的特性而受到广泛关注,但这种体制普遍存在陷门派生复杂度过高的问题.针对这一问题,分别给出随机预言模型和标准模型下的改进方案.首先利用MP12陷门函数的特性提出一种优化的Z\-q可逆矩阵提取算法,再基于该优化算法结合固定维数的陷门派生算法和MP12陷门函数完成方案的建立和陷门派生阶段,然后与对偶Regev算法相结合完成随机预言模型下HIBE方案的构造.并且利用二进制树加密系统将该方案改进为标准模型下的HIBE方案.两方案安全性均可归约至LWE问题的难解性,其中随机预言模型下的方案满足适应性安全,而标准模型下的方案满足选择性安全,并给出严格的安全性证明.对比分析表明:在相同的安全性下,随机预言模型下的方案较同类方案在陷门派生复杂度方面显著降低,而标准模型下的方案是同类最优方案的1/6,且格的维数、陷门尺寸和密文扩展率等参数均有所降低,计算效率明显优化.

       

      Abstract: Hierarchical identity-based encryption (HIBE) in fixed dimension has drawn wide attention because its lattice dimension keeps unchanged upon delegation, but there is a common defect of high complexity in trapdoor delegation stage of these schemes. Aiming at this problem, we propose two improved HIBE schemes under random oracle model and standard model respectively. We first use the MP12 trapdoor function to construct an optimized Z\-q-invertible matrix sample algorithm. Based on this optimized algorithm, combined with trapdoor delegation algorithm in fixed dimension and MP12 trapdoor function, we design system setup and trapdoor delegation stages. And we complete the HIBE scheme under random oracle model in conjunction with Dual-Regev algorithm. And then, we remove the random oracle by employing binary tree encryption system. The security of both proposed schemes strictly reduce to the hardness of learning with errors (LWE) problem, in which the scheme under random oracle model satisfies the adaptive security while the scheme under standard model satisfies selective security. Comparative analysis shows that, under the same security level, the overhead of trapdoor delegation in our scheme under random oracle model is reduced significantly compared with the relevant schemes, while the overhead of our scheme under standard model is reduced nearly 6 times compared with the relevant optimal schemes. Furthermore, the parameters such as lattice dimension, trapdoor size and ciphertext expansion rate etc., all decrease in some degree, and the computational cost is reduced obviously.

       

    /

    返回文章
    返回