可撤销与更新密钥/密文的广义身份基密码算法研究

项目名称： 可撤销与更新密钥/密文的广义身份基密码算法研究

项目编号： No.61472470

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 刘振华

作者单位： 西安电子科技大学

项目金额： 60万元

中文摘要： 密钥的撤销与更新是密码系统的核心问题之一，尤其是对于传统公钥密码和身份基密码系统．属性密码、谓词密码等广义身份基密码是新出现的公钥密码范例，适合于云存储系统中数据的细粒度访问控制．在实际的应用中，广义身份基密码不仅面临着密钥的撤销与更新问题，而且还面临着密文的撤销与更新问题．这使得设计具有密钥/密文撤销与更新功能的广义身份基密码算法，既有重要的理论意义，又有广阔的应用价值． 本项目拟在数学困难问题假设和密码算法设计新工具基础上，系统地研究可撤销与更新密钥/密文的广义身份基密码算法与可证明安全性，包括：（1）设计基本的身份基密码算法、属性密码算法和谓词加密算法等，（2）嵌入高效的密钥/密文的撤销与更新技术，（3）建立合理的具有撤销更新功能的广义身份基密码形式化安全模型，（4）构建高效可证明安全的具有撤销更新功能的广义身份基密码算法，（5）针对应用场景调整安全参数以获得实用的密码算法.

中文关键词： 基于身份密码；属性密码；谓词密码；密钥撤销；密文更新

英文摘要： Key revocation and update are central issues in cryptography, and especially in traditional public key infrastructure and identity-based cryptography. Attribute-based cryptography and predicate cryptography, which can be called generalized identity-based cryptography, are emerging paradigms for public key cryptography, and are applicable for fine-grained data access control in cloud storage system. For practical applications, generalized identity-based cryptography is confronted with not only key revocation and update problem, but also ciphertext revocation and update problem. And thus, it is of great theoretical and practical significance to design generalized identity-based cryptographic algorithms with revocable and updatable key/ciphertext functionality. Based on mathematical hard problem assumptions and new cryptographic design tools, this work will systematically study revocable and updatable key/ciphertext generalized identity-based cryptographic algorithms with provable security in the following: (1) to present basic identity-based cryptographic algorithms, attribute-based cryptographic algorithms and predicate encryption algorithms, (2) to embed efficient key/ciphertext revocation and update techniques, (3) to formalize reasonable security model for generalize identity-based cryptography with revocation and update functionality, (4) to construct efficient and provably secure generalized identity-based cryptographic algorithms with revocation and update functionality, (5) to adjust security parameters to obtain practical cryptographic algorithms for different scenarios. The resulting works will enrich generalized identity-based cryptography, and support some secure solution for data access control in cloud storage environments.

英文关键词： identity-based cryptography;attribute-based cryptography;predicate cryptography;key revocation;ciphertext update