- 學位論文
具密文等值測試代理重加密之改善方案
Improved Proxy Re-encryption Scheme with Equality Test
摘要
在網路的普及促使雲端的發展,人們開始習慣儲存資料到雲端系統上。如何有效率與其他人共享密文成為了一個問題。代理重加密(Proxy re-encryption, PRE)機制,透過委託可信第三方或是半誠實代理器將自己公鑰加密的密文轉化為可用另一方私鑰解開的密文從而實現密文共享機制。雖然該方案解決上述問題。但是,隨著資料量的急遽上升,若能利用搜尋關鍵字,直接篩選出有興趣的資料能在使用上作廣泛的應用,進而發展出具關鍵字搜索代理重加密(Proxy re-encryption with keywords search, PRES)機制,這個概念比傳統方式,透過執行「搜索-下載-解密-利用對方公鑰加密-傳送」的步驟更有效率。但是,PRES只能搜索相同公鑰下的關鍵字。為了解決該限制,Li's 等人利用了密文相等性驗證(Public key encryption with equality test, PKEET)的性質,提出了第一篇結合了PRE以及PKEET的新機制稱為密文相等性驗證代理重加密(Proxy re-encryption with equality test, PREET), 該方案提供不同公鑰下關鍵字的相等性測試,不幸的是,我們發現他們提出的架構在解密步驟的驗證過程中,該驗證方法無法有效驗證密文的完整性,因此我們提出了改進驗證的方案,使驗證有效達到密文的完整性,這將使該機制可以更廣泛地應用於實踐。此外,本文還給出了隨機預言機模型下基於Diffie-Hellman假設的安全性證明,證明了所提出的方案能夠抵禦選定的密文攻擊。
並列摘要
The popularity of the Internet has created the development of the cloud. Many people are used to storing data on the cloud. How to efficiently share the ciphertext with others has become an application problem. A proxy re-encryption (PRE) delegates trusted third party or a semi-honest proxy to convert the ciphertext encrypted by its own public key into the ciphertext that can be decrypt by the other user's private key to realize the ciphertext sharing mechanism. Although this solution solves the above problems. However, the amount of data is rising rapidly. If user can use the keyword search to directly filter out the materials of interest, it can be widely used in scenarios. So, the development of proxy re-encryption with keyword search (PRES) provides flexible ciphertext sharing and keyword search functions. This concept is more effective than traditional data sharing methods, which by performing ``search-download-decryption-encryption.'' However, PRES can only search keywords under the same public key. In order to solve this problem, Li et al. used the properties of Public key encryption with equality test (PKEET) to proposed a new scheme called Proxy Re-encryption with Equality Test (PREET). It can search for ciphertext under different public keys. Unfortunately, we found that their scheme was unable to effectively verify the integrity of the ciphertext during the verification process of the decryption step. Therefore, we propose an improved scheme to make the verification effectively verify the integrity of the ciphertext. In addition, a security proof is provided to show that our proposed scheme is secure against chosen-ciphertext attacks based on the Diffie--Hellman assumptions under random oracle models.
參考文獻
延伸閱讀
- 鄭彥宏(2011)。具代理密文轉換特性之屬性加密機制之研究〔碩士論文,崑山科技大學〕。華藝線上圖書館。https://doi.org/10.6828/KSU.2011.00052
- Chien, T. H. (2014). 碼率相容之縮短低密度校驗碼與結合重覆編碼之混合式重傳技術 [master's thesis, National Chiao Tung University]. Airiti Library. https://doi.org/10.6842/NCTU.2014.00905
- 黃仁志(2021)。適應於NuCypher之代理門檻廣播重加密機制〔碩士論文,國立政治大學〕。華藝線上圖書館。https://doi.org/10.6814/NCCU202101410
- Deng, Y. X. (2004). 兩階段可重組態計算架構及其在密碼系統上之應用 [doctoral dissertation, Yuan Ze University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0009-0112200611351329
- 蔡哲民、曾正男、陳以德(2015)。Re-Encryption Method Based on Parameter Row-Complete Matrix。資訊安全通訊,21(4),22-31。https://www.airitilibrary.com/Article/Detail?DocID=a0000270-201510-201511180021-201511180021-22-31