SM9 Identity-Based Encryption Scheme with Equality Test and Cryptographic Reverse Firewalls

Xiong Hu; Lin Ye; Yao Ting

doi:10.7544/issn1000-1239.202220809

Journal of Computer Research and Development > 2024 > 61(4): 1070-1084. > DOI: 10.7544/issn1000-1239.202220809 CSTR: 32373.14.issn1000-1239.202220809

Xiong Hu, Lin Ye, Yao Ting. SM9 Identity-Based Encryption Scheme with Equality Test and Cryptographic Reverse Firewalls[J]. Journal of Computer Research and Development, 2024, 61(4): 1070-1084. DOI: 10.7544/issn1000-1239.202220809

Citation:

PDF (1767 KB)

SM9 Identity-Based Encryption Scheme with Equality Test and Cryptographic Reverse Firewalls

1.
School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054
2.
Network and Data Security Key Laboratory of Sichuan Province (University of Electronic Science and Technology of China), Chengdu 610054

Funds: This work was supported by the National Key Research and Development Program of China (2022YFB2701402) and the Open Project of Intelligent Terminal Key Laboratory of Sichuan Province (SCITLAB-1019).

More Information

Author Bio:
Xiong Hu: born in 1982. PhD, professor, PhD supervisor. His main research interests include cryptography and privacy-preserving computation

Lin Ye: born in 2000. Master candidate. His main research interests include public key cryptography and blockchain

Yao Ting: born in 1997. Master candidate. Her main research interest includes public key cryptography
Received Date: September 13, 2022
Revised Date: May 21, 2023
Available Online: November 13, 2023

Graphical Abstract

Abstract

Abstract

The identity-based encryption with equality test (IBEET) scheme solves the problem of certificate management in traditional equality test schemes and gets wide attention. However, the existing IBEET systems are difficult to resist penetration attacks and based on foreign cipher algorithm designs without independent intellectual property rights. To deal with this challenge, we propose a SM9 identity-based encryption scheme with equality test and cryptographic reverse firewalls (SM9-IBEET-CRF). The cipher reverse firewalls (CRF) which are deployed in the upstream channel between users and cloud server can re-randomize the information to protect against penetration attacks. This scheme expands SM9 identity-based encryption algorithm to IBEET, improves its efficiency and enriches the research of secret algorithm in cloud computing. We give the definition of SM9-IBEET-CRF and corresponding security models. In random oracle model, the scheme formalizes the IBE-IND-CCA and IBE-OW-CCA security into the BDH difficulty assumption by considering two different opponents. At the same time, we demonstrate that CRF deployment provides functionality-maintaining, security-preserving and exfiltration-resistant by considering the third opponent. The experimental simulation and analysis results show the effectiveness of the scheme.
- SM9,
- equality test,
- cryptographic reverse firewall (CRF),
- identity-based encryption,
- penetration attack

FullText(HTML)

References (33)

References

[1]	Armbrust M, Fox A, Griffith R, et al. A view of cloud computing[J]. Communications of the ACM, 2010, 53(4): 50−58 doi: 10.1145/1721654.1721672
[2]	Wang Wei, Xu Peng, Liu Dongli, et al. Lightweighted secure searching over public-key ciphertexts for edge-cloud-assisted industrial IoT devices[J]. IEEE Transactions on Industrial Informatics, 2020, 16(6): 4221−4230 doi: 10.1109/TII.2019.2950295
[3]	Boneh D, Di Crescenzo G, Ostrovsky R, et al. Public key encryption with keyword search[C] //Proc of the 2004 Cryptology-EUROCRYPT. Berlin: Springer, 2004: 506−522
[4]	Zeng Ming, Qian Haifeng, Chen Jie, et al. Forward secure public key encryption with keyword search for outsourced cloud storage[J]. IEEE Transactions on Cloud Computing, 2022, 10(1): 426−438 doi: 10.1109/TCC.2019.2944367
[5]	Xu Peng, Susilo W, Wang Wei, et al. ROSE: Robust searchable encryption with forward and backward security[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 1115−1130 doi: 10.1109/TIFS.2022.3155977
[6]	Huang Qiong, Li Hongbo. An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks[J]. Information Sciences, 2017, 403: 1−14
[7]	He Kun, Chen Jing, Zhou Qinxi, et al. Secure dynamic searchable symmetric encryption with constant client storage cost[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 1538−1549 doi: 10.1109/TIFS.2020.3033412
[8]	Xu Peng, Wu Qianhong, Wang Wei, et al. Generating searchable public-key ciphertexts with hidden structures for fast keyword search[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(9): 1993−2006 doi: 10.1109/TIFS.2015.2442220
[9]	Yang Guomin, Tan C, Huang Qiong, et al. Probabilistic public key encryption with equality test[C] //Proc of the 2010 Cryptology-CT-RSA: The Cryptographers’Track at the RSA Conf 2010. Berlin: Springer, 2010: 119−131
[10]	Tang Qiang. Public key encryption supporting plaintext equality test and user‐specified authorization[J]. Security and Communication Networks, 2012, 5(12): 1351−1362 doi: 10.1002/sec.418
[11]	Ma Sha, Huang Qiong, Zhang Mingwu, et al. Efficient public key encryption with equality test supporting flexible authorization[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(3): 458−470 doi: 10.1109/TIFS.2014.2378592
[12]	Lee H T, Ling S, Seo J H, et al. Semi-generic construction of public key encryption and identity-based encryption with equality test[J]. Information Sciences, 2016, 373: 419−440 doi: 10.1016/j.ins.2016.09.013
[13]	Qu Haipeng, Yan Zhen, Lin Xijun, et al. Certificateless public key encryption with equality test[J]. Information Sciences, 2018, 462: 76−92 doi: 10.1016/j.ins.2018.06.025
[14]	Wang Yujue, Pang H, Deng R H, et al. Securing messaging services through efficient signcryption with designated equality test[J]. Information Sciences, 2019, 490: 146−165 doi: 10.1016/j.ins.2019.03.039
[15]	Xiong Hu, Zhao Yanan, Hou Yingzhe, et al. Heterogeneous signcryption with equality test for IIOT environment[J]. IEEE Internet of Things Journal, 2021, 8(21): 16142−16152 doi: 10.1109/JIOT.2020.3008955
[16]	Alrawais A, Alhothaily A, Cheng Xiuzhen, et al. SecureGuard: A certificate validation system in public key infrastructure[J]. IEEE Transactions on Vehicular Technology, 2018, 67(6): 5399−5408 doi: 10.1109/TVT.2018.2805700
[17]	Ma Sha. Identity-based encryption with outsourced equality test in cloud computing[J]. Information Sciences, 2016, 328: 389−402 doi: 10.1016/j.ins.2015.08.053
[18]	Shamir A. Identity-based cryptosystems and signature schemes[C] //Proc of the 1984 Cryptology-CRYPTO. Berlin: Springer, 1984: 47−53
[19]	Patsakis C, Charemis A, Papageorgiou A, et al. The market's response toward privacy and mass surveillance: The Snowden aftermath[J]. Computers & Security, 2018, 73: 194−206
[20]	Bellare M, Paterson K G, Rogaway P. Security of symmetric encryption against mass surveillance[C/OL] //Proc of the 2014 Cryptology-CRYPTO. Berlin: Springer, 2014[2023-01-01].https://link.springer.com/chapter/10.1007/978-3-662-44371-2_1
[21]	Mironov I, Stephens-Davidowitz N. Cryptographic reverse firewalls[C] //Proc of the 2015 Cryptology-EUROCRYPT. Berlin: Springer, 2015: 657−686
[22]	Dodis Y, Mironov I, Stephens-Davidowitz N. Message transmission with reverse firewalls-secure communication on corrupted machines[G] //LNCS 9814: Proc of the 2016 Cryptology-CRYPTO. Berlin: Springer, 2016: 341–372
[23]	Ma Hui, Zhang Rui, Yang Guomin. Concessive online/offline attribute based encryption with cryptographic reverse firewalls-secure and efficient fine-grained access control on corrupted machines[C] //Proc of the 2018 European Symp on Research in Computer Security. Berlin: Springer, 2018: 507−526
[24]	Chen Rongmao, Mu Yi, Yang Guomin, et al. Cryptographic reverse firewall via malleable smooth projective Hash functions[C] //Proc of the 2016 Cryptology-ASIACRYPT. Berlin: Springer, 2016: 844−876
[25]	Tang Qiang. Towards public key encryption scheme supporting equality test with fine-grained authorization[C] //Proc of the 16th Australasian Conf on Information Security and Privacy. Berlin: Springer, 2011: 389−406
[26]	Tang Qiang. Public key encryption schemes supporting equality test with authorisation of different granularity[J]. International Journal of Applied Cryptography, 2012, 2(4): 304−321 doi: 10.1504/IJACT.2012.048079
[27]	Zhou Yuyang, Guan Yuanfeng, Li Fagen, et al. Cryptographic reverse firewalls for identity-based encryption[G] // CCIS 1105: Proc of the 2nd Int Conf on Frontiers in Cyber Security. Berlin: Springer, 2019: 36–52
[28]	Boneh D, Franklin M. Identity-based encryption from the weil pairing[C] //Proc of the 2001 Cryptology-CRYPTO. Berlin: Springer, 2001: 213–229
[29]	Boyen X, Mei Qixiang, Waters B, Direct chosen ciphertext security from identity-based techniques[C] //Proc of the 12th ACM Conf on Computer and Communications Security. New York: ACM, 2005: 320–329
[30]	Boneh D, Boyen X. Short signatures without random oracles[C] //Proc of the 2004 Cryptology-EUROCRYPT. Berlin: Springer, 2004: 56–73
[31]	Crossbow. MICAz datasheet[DB/OL]. [2023-01-01]. http://bullseye.xbow.com:81/Products/Product_pdf_files/Wireless_pdf/MICAz_Datasheet.pdf
[32]	Moteiv Corporation. Tmote Sky datasheet[DB/OL]. [2023-01-01]. www. moteiv. com/ products/docs/tmote-sky-datasheet. pdf
[33]	Shim K A. BASIS: A practical multi-user broadcast authentication scheme in wireless sensor networks[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(7): 1545−1554 doi: 10.1109/TIFS.2017.2668062