可否認式配對加密系統

Abstract

我們提出了一個名為可否認式配對加密系統的新加密系統，這個加密系統是建立在配對加密系統的基礎上，並新增了可否認式加密系統的特性，使其在一些受到脅迫而必須公開密文或金鑰內容的場合，依舊能夠保護寄件者、收件者以及密文本身的安全性，這是一套能同時否認寄件者、收件者身分以及訊息內容的加密系統。在可否認式配對加密系統中，寄件者以及收件者皆可以透過指定身分來保護密文，只有當雙方的身分皆符合加密時的指定身分時，密文才能被正確的解密，而對於任何非指定身分的一方，此密文皆不會洩漏任何資訊，並且，若今天發生了一些脅迫事件，迫使任一方或建立金鑰的公正第三方必須公開金鑰或公開原文時，因為此加密系統藉由變色龍雜湊函數的性質，可以產生出另一個不同寄件者、不同收件者以及不同原文的加密訊息，使得除了當事人雙方以外，其他人皆沒有辦法判定哪一組密文才是真正的密文，以此來保護當事人雙方的安全。在理論方面，我們定義了可否認式配對加密系統的安全性，提供了完整的可否認式配對加密系統的架構，並證明了在配對加密系統是安全的情況下，我們的可否認式配對加密系統是安全的。而在實作方面，我們計算了可否認式配對加密系統的計算時間需求與計算空間需求並與配對加密系統進行比較。We introduce a new encryption scheme, which is called Deniable Matchmaking Encryption (DME). This encryption scheme is based on Matchmaking Encryption (ME) and adds deniability on it. In some situations that users or the trusted third parties are coercered to reveal the plaintext or even the secret keys, this scheme can still protect the message and the identity of the sender and receiver. This is a Bi-identity-deniability encryption scheme.In DME, The sender and the receiver can protect the message by specifying the other user's identity. Only when both the sender and the receivers' identities are matched, the ciphertext can be decrypted correctly, and for anyone does not match the identity acquirement, the ciphertext leaks no information.With the help of chameleon hash function, DME can generate an indistinguishable fake ciphertext, which the sender identity, receiver identity and the message are all fake, to protect the true ciphertext. So that if any malicious adversary coercers the users or trusted third partiesto reveal the ciphertext or the secret keys, the adversary can not distinguish whether the ciphertext is true.On the theoretical side, we define the security of DME and provide a DME encryption scheme. We prove that if ME is secure, our DME is also secure. On the practical side, we compute the space cost and computation cost of DME and compare it to ME.