加密方案定义与安全性定义.docxVIP

摘 要代理重加密是近年来密码学领域的一个热点研究话题，在数字版权保护、加密电子邮件转发和云计算等众多场合都有着广泛的应用。在传统的代理重加密体制中，代理者可以将授权者的所有密文都转换为针对被授权者的密文，授权者无法在细粒度层次上对代理者转换权限进行控制。为了改进这一点，Weng等人构造了一个高效的CCA安全条件代理转换加密方案。目前所有条件代理重加密方案只能支持简单的AND条件关系，应用能力受到限制。最近，蓝才会等人提出了一个新的基于秘密共享的条件代理重加密方案，支持多条件“与”和“或”的条件关系，宣称其方案在随机预言机模型下满足不可区分选择密文安全。遗憾的是，本文通过两种具体攻击方法指出其方案并不满足其所宣称的不可区分选择密文安全。第二种攻击方法表明其方案甚至没有达到不可区分选择明文安全。为了满足“与”、“或”条件同时又能够阻止上述攻击，本文基于蓝等人的方案，给出了一个改进的条件代理重加密方案。本文对新方案的安全性进行了详细的分析，指出改进的新方案之所以能够抵抗上述两种攻击的原因。然而，美中不足的是本文所提出的新方案在安全方面也存在一些问题，这需要在今后进一步探讨和研究。关键词：秘密共享；不可区分性；选择密文安全；条件代理重加密AbstractAbstract: Proxy re-encryption became hot topic in cryptography research area recent years, and widely applied on occasions such like digital copyright protection, encrypted email forward, cloud computing etc. In traditional proxy re-encryption system, the proxy can transfer all delegators ciphertexts to delegatees ciphertexts, which means that the delegator cannot control proxys delegation in a fine-grained level. To improve this, Weng et al. constructed an efficient CCA-secure conditional proxy re-encryption. Currently all the proposed schemes can only support simple “AND” operation which limited application ability. Recently, Lan et al. proposed a new condition proxy re-encryption scheme on secret sharing, and claimed that their scheme supports multiple conditions AND and OR operation meanwhile obtaining the security of indistinguishability against chosen-ciphertext attacks in random oracle model. However, by giving two concrete attacks, the essay indicates that Lan et al.s scheme cannot obtain IND-CPRE-CCA security as they claimed. The second attack indicates that Lan et al.s scheme cannot even obtain IND-CPA security. In order to satisfy AND and OR operation meanwhile preventing the two attacks mentioned above, the essay proposed an improved conditional proxy re-encryption scheme based on Lan et al.’s scheme, analyzed the security of the new scheme in detail, and point out the reason why the new scheme can defend the two attacks. However, th