• No results found

Efficient Revocable Multi-Receiver ID-Based Encryption

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "Efficient Revocable Multi-Receiver ID-Based Encryption"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

(IILFLHQW5HYRFDEOH0XOWL5HFHLYHU,'%DVHG(QFU\SWLRQ

7XQJ7VR7VDL

<XK0LQ7VHQJ

7VX<DQJ:X

1Department of Mathematics, National Changhua University of Education,

Jin-De Campus, Chang-Hua City 500, Taiwan

2School of Computer Science and Technology, Shenzhen Graduate School,

Harbin Institute of Technology, Shenzhen 518055, P.R. China e-mail: [email protected]

KWWSG[GRLRUJMLWF

$EVWUDFW 4XLWH UHFHQWO\ 7VHQJ DQG 7VDL SURSRVHG D UHYRFDEOH LGHQWLW\ ,'EDVHG HQFU\SWLRQ 5,%( ZLWK D SXEOLFFKDQQHOLQZKLFKWKHSULYDWHNH\ JHQHUDWRU3.*FDQHIILFLHQWO\UHYRNH PLVEHKDYLQJFRPSURPLVHGXVHUVE\ XVLQJ D SXEOLF FKDQQHO &RQVLGHULQJ WKH SUREOHP ZKHUH D VHQGHU ZRXOG OLNH WR HQFU\SW DQ LGHQWLFDO PHVVDJH IRUn UHFHLYHUV WKH VHQGHU PXVW UHHQFU\SW WKH PHVVDJHnWLPHV XVLQJ 7VHQJ DQG 7VDL¶V 5,%( VFKHPH ,Q VXFK DFDV Hn H[SHQVLYH SDLULQJ RSHUDWLRQV DUH UHTXLUHG IRU WKH UHHQFU\SWLQJ SURFHGXUH ,Q WKLV SDSHU IRU UHGXFLQJ WKH SDLULQJ RSHUDWLRQVZH H[WHQG 7VHQJ DQG 7VDL¶V 5,%( WR SURSRVH DQ HIILFLHQW UHYRFDEOH PXOWLUHFHLYHU ,'EDVHG HQFU\SWLRQ 50,%(VFKHPH2XUVFKHPHRQO\QHHGVRQHSDLULQJRSHUDWLRQWRHQFU\SWDQLGHQWLFDOPHVVDJHIRUnUHFHLYHUVZKLOH UHPDLQLQJWKHPHULWRIXVHUUHYRFDELOLW\LQ7VHQJDQG7VDL¶V5,%(VFKHPH:HGHPRQVWUDWHWKDWWKH50,%(VFKHPHLV VHPDQWLFDOO\VHFXUHDJDLQVWDGDSWLYHFKRVHQFLSKHUWH[WDWWDFNV&&$LQWKHUDQGRPRUDFOHPRGHO

.H\ZRUGVUHYRFDWLRQPXOWLUHFHLYHU,'EDVHGHQFU\SWLRQELOLQHDUSDLULQJUDQGRPRUDFOHPRGHO

&RUUHVSRQGLQJDXWKRU

,QWURGXFWLRQ

7KHFRQFHSWRILGHQWLW\,'EDVHGHQFU\SWLRQZDV ILUVW SUHVHQWHG E\ 6KDPLU >@ $ XVHU¶V LGHQWLW\ e.g. QDPH HPDLO DGGUHVV RU VRFLDO VHFXULW\ QXPEHU PD\ EHYLHZHGDVWKHXVHU¶VSXEOLFNH\7KLVDSSURDFKFDQ HOLPLQDWH WKH QHHG RI FHUWLILFDWHV WKDW PDNH SXEOLFO\ DYDLODEOH WKH PDSSLQJ EHWZHHQ LGHQWLWLHV DQG SXEOLF NH\V +RZHYHU 6KDPLU¶V FRQVWUXFWLRQ VXIIHUV IURP LPSOHPHQWLQJ DQG VHFXULW\ SUREOHPV 8QWLO %RQHK DQG )UDQNOLQ >@ GHILQHG WKH IRUPDO VHFXULW\ PRGHORI,'EDVHGHQFU\SWLRQ,%(DQGSURSRVHGWKH ILUVW SUDFWLFDO ,%( VFKHPH IURP WKH :HLO SDLULQJ GHILQHG RQ VXSHUVLQJXODU HOOLSWLF FXUYHV RU DEHOLDQ YDULHWLHV 6XEVHTXHQWO\ WKH VWXG\ RI ,'EDVHG FU\SWRJUDSK\ KDV UHFHLYHG D JUHDW DWWHQWLRQ IURP UHVHDUFKHUV DQG D ODUJH QXPEHU RI ,'EDVHG FU\SWRJUDSKLF VFKHPHV DQG SURWRFROV KDYH EHHQ SXEOLVKHG>@

$Q\SXEOLF NH\ V\VWHP PXVW SURYLGHD UHYRFDWLRQ PHFKDQLVP WR UHPRYH PLVEHKDYLQJFRPSURPLVHG XVHUVIURPWKHV\VWHPV6LQFHWKH,'EDVHGSXEOLFNH\ V\VWHPVHOLPLQDWHWKHQHHGRIFHUWLILFDWHPDQDJHPHQW WKH UHYRNLQJ PHWKRG RI FHUWLILFDWH UHYRFDWLRQ OLVW &5/ >@ XVHG LQ FHUWLILFDWHGEDVHG SXEOLF NH\

V\VWHPVZLOOQRWEHWKHJRRGVROXWLRQWRWKH,'EDVHG V\VWHP )RU WKH UHYRFDWLRQ SUREOHP %RQHK DQG )UDQNOLQ>@ DOVR VXJJHVWHG D UHYRFDWLRQ PHFKDQLVP LQ ZKLFK DOO QRQUHYRNHG XVHUV PXVW REWDLQ QHZ SULYDWH NH\V IRU HDFK SHULRG 7KXV D VHFXUH FKDQQHO PXVWEHHVWDEOLVKHGEHWZHHQWKHSULYDWHNH\JHQHUDWRU 3.* DQG HDFK QRQUHYRNHG XVHU WR WUDQVPLW WKH SHULRGLF SULYDWH NH\V ,Q VXFK DFDV H WKH 3.* DQG HDFK QRQUHYRNHG XVHU PXVW HQFU\SW DQG GHFU\SW WKH SHULRGLF SULYDWH NH\V UHVSHFWLYHO\ ,Q DGGLWLRQ WKH WRWDO VL]H RI NH\ XSGDWH JURZV OLQHDUO\ ZLWK WKH QXPEHURIQRQUHYRNHGXVHUV

(2)

DGDSWLYH,' VHFXUH 5,%( VFKHPH +RZHYHU ERWK 5,%( VFKHPHV VWLOO UHTXLUH DV HFXUH FKDQQHO WR WUDQVPLW XVHU¶V SHULRGLF SULYDWH NH\V $GGLWLRQDOO\ HDFKXVHUKROGVORJnSULYDWHNH\VDQGWKH3.*PXVW PDLQWDLQDELQDU\WUHHRInOHDIQRGHVZKHUHnGHQRWHV WKHQXPEHURIDOOXVHUV

5HFHQWO\7VHQJDQG7VDL>@SURSRVHGDQHIILFLHQW UHYRFDEOH,'EDVHGHQFU\SWLRQ5,%(VFKHPHZLWKD SXEOLF FKDQQHO 7KH\ SURYHG WKDW WKH 5,%( VFKHPH SURYLGHV DGDSWLYH FKRVHQ FLSKHUWH[W &&$ VHFXULW\ ,Q WKHLU VFKHPH WKH UHTXLUHPHQW RI VHFXUH FKDQQHO LV UHOHDVHGDQGWKHSULYDWHNH\VL]HNHSWE\HDFKXVHULV FRQVWDQW 7KH FRPSXWDWLRQDO FRVWV IRU HQFU\SWLRQ DQG GHFU\SWLRQSURFHGXUHVDUHDOVRLPSURYHGDVFRPSDUHG WR WKH 5,%( VFKHPHV LQ > @ +RZHYHU WKH\ GLG QRWDGGUHVVWKHSUREOHPZKHUHDVHQGHUZRXOGOLNHWR HQFU\SWDQLGHQWLFDOPHVVDJHIRUnUHFHLYHUV&HUWDLQO\ WKH VHQGHU PD\ UHHQFU\SW WKH LGHQWLFDO PHVVDJHn WLPHV XVLQJ 7VHQJ DQG 7VDL¶V 5,%( VFKHPH $V D UHVXOWnH[SHQVLYHSDLULQJRSHUDWLRQVDUHUHTXLUHGIRU WKHUHHQFU\SWLQJSURFHGXUH

&RQVLGHULQJWKHVLWXDWLRQZKHUHDQ\XVHUFDQVHQG D PHVVDJH WR PXOWLSOH LGHQWLWLHV LQ WKLV SDSHU ZH H[WHQG7VHQJDQG7VDL¶V5,%(>@VFKHPHWRSURSRVH DQ HIILFLHQW UHYRFDEOH PXOWLUHFHLYHU ,'EDVHG HQFU\SWLRQ VFKHPH ZKLOH UHPDLQLQJ WKHLU PHULWV RI UHYRNLQJPLVEHKDYLQJFRPSURPLVHGXVHUVYLDDSXEOLF FKDQQHO :H ILUVW SUHVHQW WKH IUDPHZRUN RI UHYRFDEOH PXOWLUHFHLYHU ,'EDVHG HQFU\SWLRQ 50,%( ZLWK D SXEOLF FKDQQHO 7KHQ ZH GHILQH WKH VHFXULW\ QRWLRQV RI50,%(WKDWIRUPDOL]HSRVVLEOHWKUHDWVDQGDWWDFNV )ROORZLQJ WKH IUDPHZRUN RI 50,%( D FRQFUHWH FRQVWUXFWLRQLVSURSRVHGLQZKLFKDVHQGHURQO\QHHGV RQH SDLULQJ RSHUDWLRQ WR HQFU\SW D PHVVDJH IRUn UHFHLYHUV $V D UHVXOW WKH SHUIRUPDQFH LV JUHDWO\ LPSURYHG DV FRPSDUHG WR WKH FRQVWUXFWLRQ RI UH HQFU\SWLQJ WKH LGHQWLFDO PHVVDJH XVLQJ 7VHQJ DQG 7VDL¶V 5,%( VFKHPH )RU VHFXULW\ DQDO\VLV ZH SURYH WKDW WKH SURSRVHG 50,%( VFKHPH SURYLGHV DGDSWLYH FKRVHQ FLSKHUWH[W &&$ VHFXULW\ XQGHU WKH JDS ELOLQHDU'LIILH+HOOPDQDVVXPSWLRQ>@

7KH UHPDLQGHU RI WKH SDSHU LV RUJDQL]HG DV IROORZV 3UHOLPLQDULHV DUH JLYHQ LQ 6HFWLRQ ,Q 6HFWLRQ ZH IRUPDOO\ SUHVHQW WKH GHILQLWLRQV DQG VHFXULW\ QRWLRQV RI UHYRFDEOH PXOWLUHFHLYHU ,'EDVHG HQFU\SWLRQ 50,%( ZLWK D SXEOLF FKDQQHO 7KH FRQFUHWH50,%(VFKHPHLVSURSRVHGLQ6HFWLRQ:H DQDO\]H WKH VHFXULW\ RI WKH SURSRVHG 50,%( VFKHPH LQ 6HFWLRQ 6HFWLRQ GHPRQVWUDWHV SHUIRUPDQFH DQDO\VLV DQG FRPSDULVRQV &RQFOXVLRQV DUH JLYHQ LQ 6HFWLRQ

3UHOLPLQDULHV

,QWKLVVHFWLRQZHEULHIO\LQWURGXFHWKHFRQFHSWRI ELOLQHDU SDLULQJV DQG WKH UHODWHG PDWKHPDWLFDO DVVXPSWLRQV%LOLQHDUSDLULQJVVXFKDV:HLO7DWHDQG $WHSDLULQJVGHILQHGRQHOOLSWLFFXUYHVKDYHEHHQXVHG WRHVWDEOLVKHIILFLHQW,'EDVHGHQFU\SWLRQ>@

%LOLQHDU3DLULQJV

/HWGDQGGEHDGGLWLYHDQGPXOWLSOLFDWLYHF\FOLF JURXSV RI ODUJH SULPH RUGHU q UHVSHFWLYHO\ ,Q SDUWLFXODUGLVDVXEJURXSRIWKHJURXSRISRLQWVRQ DQ HOOLSWLF FXUYH RYHU D ILQLWH ILHOG DQGG LV D VXEJURXS RI WKH PXOWLSOLFDWLYH JURXS RYHU D ILQLWH ILHOG /HWP EH DJ HQHUDWRU RIG $Q DGPLVVLEOH ELOLQHDU PDS ê GuG o G PXVW VDWLVI\ WKH IROORZLQJSURSHUWLHV

%LOLQHDUêaPbQ êPQabIRUDOOPQGDQG abZq*

1RQGHJHQHUDWH 7KHUH H[LVWPQG VXFK WKDW êPQz

&RPSXWDELOLW\ )RU P QG WKHUH H[LVWV DQ HIILFLHQWDOJRULWKPWRFRPSXWHêPQ

:H FDQ UHIHU WR > @ IRU IXOO GHVFULSWLRQV RI JURXSV PDSV DQG RWKHU SDUDPHWHUV 7KH UHODWLRQVKLS EHWZHHQ WKH VHFXULW\ OHYHOV DQG VSHHG RI SDLULQJ FRPSXWDWLRQVDUHUHIHUUHGWR>@

5HODWHG0DWKHPDWLFDO$VVXPSWLRQV

+HUHZHSUHVHQWWKUHHPDWKHPDWLFDOSUREOHPVDQG GHILQH WZR VHFXULW\ DVVXPSWLRQV IRU ELOLQHDU SDLULQJV RQZKLFKRXUVFKHPHVDUHEDVHG

Ɣ%LOLQHDU'LIILH+HOOPDQ%'+SUREOHP*LYHQ PaPbP FPG IRU XQNQRZQabcZq FRPSXWH êPPabc G

Ɣ %LOLQHDU 'HFLVLRQ 'LIILH+HOOPDQ %''+ SUREOHP*LYHQPaPbPcPGIRUVRPHabc ZqDQGkGGHFLGHZKHWKHUk êPPabc

Ɣ *DS%LOLQHDU 'LIILH+HOOPDQ *DS%'+ SUREOHP*LYHQPaPbPcPGIRUVRPHabc Zq FRPSXWH D %LOLQHDU 'LIILH+HOOPDQ SDLULQJêP Pabc ZLWK WKH KHOS RI WKH %LOLQHDU 'HFLVLRQ 'LIILH +HOOPDQRUDFOH

'HILQLWLRQ%''+DVVXPSWLRQ>@*LYHQPaP bPcPGIRUVRPHabcZqDQGkG WKHUH H[LVWV QR SUREDELOLVWLF SRO\QRPLDOWLPH 337 DGYHUVDU\ A ZLWK QRQQHJOLJLEOH SUREDELOLW\ ZKR FDQ GHFLGH ZKHWKHU k êP Pabc 7KH VXFFHVVIXO SUREDELOLW\DGYDQWDJHRIWKHDGYHUVDU\ A LVSUHVHQWHG DV

$GYA 3U>APaPbPFPêPPabc @炼3U>A

PaPbPcPk @

ZKHUHkGLVFKRVHQ XQLIRUPO\DWUDQGRPDQGWKH SUREDELOLW\ LV RYHU WKH UDQGRP FKRLFH FRQVXPHG E\ WKHDGYHUVDU\A

'HILQLWLRQ *DS%'+DVVXPSWLRQ>@*LYHQP aPbPcPGIRUVRPHabcZqWKHUHH[LVWVQR SUREDELOLVWLFSRO\QRPLDOWLPH337DGYHUVDU\ A ZLWK QRQQHJOLJLEOH SUREDELOLW\ WKDW FDQ FRPSXWH WKH %LOLQHDU 'LIILH+HOOPDQ SDLULQJêPPabc ZLWK WKH KHOSRIWKH'HFLVLRQ%LOLQHDU'LIILH+HOOPDQ'%'+ RUDFOH.7KH VXFFHVVIXO SUREDELOLW\ DGYDQWDJH RI WKH DGYHUVDU\ A LVSUHVHQWHGDV

(3)

ZKHUH WKH SUREDELOLW\ LV RYHU WKH UDQGRP FKRLFH FRQVXPHGE\WKHDGYHUVDU\A

1RWDWLRQV

:H GHILQH WKH IROORZLQJ QRWDWLRQV WKDW DUH XVHG WKURXJKRXWWKLVSDSHU

x êDQDGPLVVLEOHELOLQHDUPDSêGuGoG x PDJHQHUDWRURIWKHJURXSG

x sWKHV\VWHPVHFUHWNH\

x PpubWKHV\VWHPSXEOLFNH\Ppub s˜P x IDWKHLGHQWLW\RIDXVHU

x DIDWKHXVHU¶VLQLWLDOVHFUHWNH\

x iDWLPHSHULRGiZKHUH” i”zDQGzGHQRWHVWKH WRWDOQXPEHURIWLPHSHULRGV

x TIDiDXVHU¶VWLPHXSGDWHNH\ IRUWLPHSHULRGi x DIDiDXVHU¶VHQWLUHGHFU\SWLRQNH\IRUWLPHSHULRG

iZKHUHDIDi DID TIDi

x HDPDSWRSRLQWIXQFWLRQH^`oG x HDPDSWRSRLQWIXQFWLRQH^`oG x HDKDVKIXQFWLRQ HGo^`xZKHUHxLV

DIL[HGOHQJWK

x HD KDVK IXQFWLRQ HGuGu«uGuGu^ `xo^`yZKHUHyLVDIL[HGOHQJWK

)UDPHZRUNDQGVHFXULW\QRWLRQVRI50,%(

,Q >@ 7VHQJ DQG 7VDL SUHVHQWHG WKH IUDPHZRUN DQGVHFXULW\QRWLRQVRIUHYRFDEOH,'EDVHGHQFU\SWLRQ 5,%(ZLWKDSXEOLFFKDQQHO8QGHUWKHLUIUDPHZRUN RI 5,%( D XVHU¶V GHFU\SWLRQ NH\ LV GLYLGHG LQWR WZR FRPSRQHQWV LQFOXGLQJ D IL[HG LQLWLDO VHFUHW NH\ DQG D FKDQJHG WLPH XSGDWH NH\ DORQJ ZLWK WLPH SHULRG :H H[WHQG WKHLU FRQFHSW WR GHILQH DQ HZ IUDPHZRUN RI UHYRFDEOH PXOWLUHFHLYHU ,'EDVHG HQFU\SWLRQ 50,%(ZLWKDSXEOLFFKDQQHO

:HILUVWGHVFULEHLWLQIRUPDOO\,QWKHV\VWHPWKHUH DUH WZR UROHV D WUXVWHG SULYDWH NH\ JHQHUDWRU 3.* DQG XVHUV :LWKRXW ORVV RI JHQHUDOLW\ WKH ZKROH OLIHWLPH RI WKH V\VWHP LV GLYLGHG LQWR GLVWLQFW WLPH SHULRGV « z7KH3.*NHHSVDV\VWHPVHFUHWNH\ DQG DQQRXQFHV WKH SXEOLF SDUDPHWHUV )RU D JLYHQ XVHU¶V LGHQWLW\ ID WKH 3.* FRPSXWHV KLVKHU DVVRFLDWHGLQLWLDOVHFUHWNH\DQGVHQGVLWWRWKHXVHUYLD D VHFXUH FKDQQHO $W WKH EHJLQQLQJ RI HDFK WLPH SHULRGWKH3.*XVHVWKHV\VWHPVHFUHWNH\WRJHQHUDWH D WLPH XSGDWH NH\ IRU HDFK QRQUHYRNHG XVHU FDOOHG WKH NH\ XSGDWH SURFHVV 7KH 3.* PD\ VHQG WKHP WR XVHUV E\ XVLQJ D SXEOLF FKDQQHO e.g. (PDLO )RU 50,%( LW LV ZRUWK QRWLQJ WKDW DQ\ VHQGHU ZLWKRXW FRQFHUQLQJZLWKWKHNH\XSGDWHSURFHVVFDQHQFU\SWD PHVVDJH IRU PXOWLSOH UHFHLYHUV GXULQJ WLPH SHULRGi 8SRQUHFHLYLQJWKHFLSKHUWH[WCRQHVHOHFWHGUHFHLYHU ZLWKWKHYDOLGGHFU\SWLRQNH\FDQUHFRYHUWKHPHVVDJH )UDPHZRUN

,Q WKLV VXEVHFWLRQ ZH IRUPDOO\ GHILQH WKH IUDPHZRUN RI UHYRFDEOH PXOWLUHFHLYHU ,'EDVHG HQFU\SWLRQZLWKDSXEOLFFKDQQHO

'HILQLWLRQ $ UHYRFDEOH PXOWLUHFHLYHU ,'EDVHG HQFU\SWLRQ50,%(ZLWKDSXEOLFFKDQQHOKDVWXSOH RISRO\QRPLDOWLPHDOJRULWKPVGIKETKUEDDV IROORZV

7KHsystem setup algorithmG 7KH SUREDELOLVWLF DOJRULWKPWDNHVDVLQSXWDVHFXULW\SDUDPHWHUlDQG WKHWRWDOQXPEHUzRIDOOWLPHSHULRGV,WUHWXUQVD V\VWHP VHFUHW NH\ s DQG WKH SXEOLF SDUDPHWHUV Parms 7KH SXEOLF SDUDPHWHUV Parms DUH PDGH SXEOLF DQG LPSOLFLWO\ LQSXWWHG WR DOO WKH IROORZLQJ DOJRULWKPV

7KH initial key extract algorithm IKE 7KLV GHWHUPLQLVWLF DOJRULWKP WDNHV DV LQSXW WKH V\VWHP VHFUHW NH\s DQG D XVHU¶V LGHQWLW\ID^ ` DQG UHWXUQVWKHXVHU¶VLQLWLDOVHFUHWNH\DID

7KH time key update algorithm TKU 7KLV GHWHUPLQLVWLF DOJRULWKP WDNHV DV LQSXW WKH V\VWHP VHFUHW NH\s D XVHU¶V LGHQWLW\ID^ ` DQG D WLPH SHULRGi WKHQ UHWXUQV WKH XVHU¶V WLPH XSGDWH NH\TIDi

7KHencryption algorithmE 2QH VHQGHU WDNHV DV LQSXW D WLPH SHULRGi WKH PXOWLSOH LGHQWLWLHVID ID«IDn DQG D PHVVDJHm ,W WKHQ JHQHUDWHV D FLSKHUWH[WC

7KHdecryption algorithmD2QHUHFHLYHUWDNHVDV LQSXW D FLSKHUWH[W C DQG WKH XVHU¶V HQWLUH GHFU\SWLRQNH\DID,i,WUHWXUQVDSODLQWH[Wm1RWH WKDW WKH XVHU¶V HQWLUH GHFU\SWLRQ NH\ DID,i LV REWDLQHGE\DID,i DIDTIDiZKHUHDIDDQGTIDi DUH JHQHUDWHG E\ WKHinitialkey extract algorithm DQGWKHtime key update algorithmUHVSHFWLYHO\

6HFXULW\1RWLRQV

)RU,'EDVHGHQFU\SWLRQLWVKRXOGEHVHPDQWLFDOO\ VHFXUH DJDLQVW DGDSWLYH FKRVHQ FLSKHUWH[W DWWDFNV &&$ >@ ,Q %DHNet al. >@ GHILQHG WKH VHFXULW\PRGHOIRUPXOWLUHFHLYHU,'EDVHGHQFU\SWLRQ FDOOHGVHOHFWLYH,'YHUVLRQZKLFKLVDZHDNHUVHFXULW\ SURSRVHG E\ &DQHWWL et al >@ WKDQ DGDSWLYH,' YHUVLRQ7KHVHOHFWLYH,'PRGHOPHDQVWKDWEHIRUHWKH V\VWHP EHJLQV WR EH RSHUDWHG WKH DGYHUVDU\ KDV WR GHFLGH ZKLFK LGHQWLWLHV LW ZRXOG OLNH WR DWWDFN 5HFHQWO\ 7VHQJ DQG 7VDL >@ GHILQHG WKH VHFXULW\ PRGHO RI 5,%( :H PRGLI\ WKH DERYH GHILQLWLRQV WR VD\ WKDW DU HYRFDEOH PXOWLUHFHLYHU ,'EDVHG HQFU\SWLRQ 50,%( LV VHPDQWLFDOO\ VHFXUH DJDLQVW VHOHFWLYH PXOWL,' DGDSWLYH FKRVHQ FLSKHUWH[W DWWDFNV ,1'V50,'&&$DVIROORZV

(4)

x Phase . A RXWSXWV WDUJHW PXOWLSOH LGHQWLWLHV GHQRWHGE\IDID*«IDnDQGDWDUJHWSHULRG WLPHGHQRWHGE\ i

x Setup 7KH FKDOOHQJHU B UXQV WKH system setup algorithmGRI50,%(WRSURGXFHDV\VWHPVHFUHW NH\s DQG WKH SXEOLF SDUDPHWHUVParms 7KHQ WKH FKDOOHQJHU B JLYHVParms WR A DQG NHHSV WKH V\VWHPVHFUHWNH\ sWRLWVHOI

x Phase 7KH DGYHUVDU\ A PD\ PDNH DQ XPEHU RI GLIIHUHQWTXHULHVWRWKHFKDOOHQJHU B DVIROORZV Initial key extract query ID.8SRQ UHFHLYLQJ

WKLV TXHU\ ZLWKID WKH FKDOOHQJHU B UXQV WKH initial key extract algorithm IKEWR UHWXUQ WKH XVHU¶VLQLWLDOVHFUHWNH\DIDWRA

Time key update query ID i.8SRQUHFHLYLQJ WKLVTXHU\ZLWKID iWKHFKDOOHQJHU B UXQVWKH time key update algorithm TKU WR UHWXUQ WKH XVHU¶VWLPHXSGDWHNH\TID,iWRA

Decryption queryIDiC8SRQUHFHLYLQJWKH TXHU\ WKH FKDOOHQJHU B DFFHVVHV WKH HQWLUH GHFU\SWLRQNH\DIDi7KHHQWLUHGHFU\SWLRQNH\ DIDiLVLPSOLFLWO\REWDLQHGE\LVVXLQJWKHinitial key extract query IDDQGWKHtime key update query ID i 7KH FKDOOHQJHU B UXQV WKH decryption algorithm D WR GHFU\SW WKH FLSKHUWH[WC7KHQLWUHWXUQVDDIDi, CWRA$ UHVWULFWLRQKHUHLVWKDWID iCIDjiC IRUj «n

x Challenge7KHDGYHUVDU\ A JLYHVDWDUJHWSODLQWH[W SDLU mm WRB 7KH FKDOOHQJHU B FKRRVHV D UDQGRPȕ^`DQGFRPSXWHVCE\UXQQLQJWKH encryption algorithm EParms ID ID« IDnimȕ7KHQB VHQGVCWRA

x Phase 7KHDGYHUVDU\ A PD\LVVXH PRUHTXHULHV DVLQPhase $UHVWULFWLRQLVWKDWID iCIDj iCIRUj «n

x Guess 7KH DGYHUVDU\ A RXWSXWVȕ´^ ` DQG ZLQVWKLVJDPHLIȕ´ ȕ

%\ WKH DERYH ,1'V50,'&&$ JDPH ZH UHIHU WRVXFKDQDGYHUVDU\ A DVDSRO\QRPLDOWLPHDGYHUVD U\:HGHILQHWKHDGYHUVDU\A¶VDGYDQWDJHLQDWWDFNLQJ WKH50,%(VFKHPHDV$GYAl _3U>ȕ ȕƍ@䠉㻝㻛㻞㻌㼨㻚

&RQFUHWH50,%(VFKHPH

)ROORZLQJ WKH IUDPHZRUN RI 50,%( GHILQHG LQ 6HFWLRQKHUH ZHFRQVWUXFW WKH50,%(VFKHPH WKDW RIIHUV WKH ,1'V50,'&&$ VHFXULW\ ,Q RUGHU WR HQKDQFHWKHVHFXULW\RIWKHSURSRVHG50,%(VFKHPH ZHHPSOR\WKHWHFKQLTXHXVHGLQWKH5($&7VFKHPH SURSRVHG E\ 2NDPRWR DQG 3RLQWFKHYDO >@ WR FRQVWUXFW D5 0,%( VFKHPH 7KH SURSRVHG 50,%( VFKHPH FRQVLVWV RI ILYH DOJRULWKPV WKDW LQFOXGH WKH system setup WKH initialkey extract WKH time key update WKH encryption DQG WKH decryption :H GHVFULEHWKHPDVIROORZV

System setup *LYHQ D VHFXULW\ SDUDPHWHUl D WUXVWHG SULYDWH NH\ JHQHUDWLRQ 3.* JHQHUDWHV WZR JURXSVG G RI SULPH RUGHUq ! l DQ DGPLVVLEOH ELOLQHDU PDSêGuGoG DQG D JHQHUDWRU P RI G 7KH 3.* SHUIRUPV WKH IROORZLQJWDVNV

5DQGRPO\ FKRRVH DV \VWHP VHFUHW NH\sZq DQGFRPSXWHPpub s˜PGDVWKHV\VWHPSXEOLF NH\

&KRRVH D UDQGRPQ



G DQG SLFN IRXU KDVK IXQFWLRQV H^ `oG H^ `oG

HG o ^ `x DQG H

GuGu«uGuGu^ `xo^ `y ZKHUHx DQGyDUHIL[HGOHQJWKV

7KHQ WKH SXEOLF SDUDPHWHUV DQG IXQFWLRQV DUH SUHVHQWHGDVParms ^GGêPQPpubH HHH`

7KH initialkey extract)RUDJLYHQXVHU¶VLGHQWLW\ ID^`WKH3.*SHUIRUPVWKHIROORZLQJWDVNV &RPSXWHQID= HIDDQGWKHLQLWLDOVHFUHW

NH\DID s˜QID G

7UDQVPLW DID WR WKH XVHU YLD DV HFXUH FKDQQHO

7KHtime key update)RUDJLYHQWLPHSHULRGiDQG D QRQUHYRNHG XVHU¶V ID



^` WKH 3.* SHUIRUPVWKHIROORZLQJWDVNV

&RPSXWHRID,i= HIDi DQG WKH WLPH XSGDWH NH\TID,i s˜RID,i G

6HQGTID,iWRWKHXVHUYLDDSXEOLFFKDQQHO 7KXVWKHQRQUHYRNHGXVHUFDQFRPSXWHKLVKHU HQWLUHGHFU\SWLRQNH\DID,i DIDTID,iIRUWLPH SHULRGi

7Ke encryption,QWLPHSHULRGiJLYHQDPHVVDJH m DQG PXOWLSOH UHFHLYHUV ZLWK LGHQWLWLHVIDj IRUj «n D VHQGHU SHUIRUPV WKH IROORZLQJ WDVNV

&RPSXWH QIDj,i QIDj RIDj,i HIDj HIDj, iIRU j «n

&KRRVHUDQGRPr  ZqDQGWKHQFRPSXWHU r·PDQGVj r˜QIDjiQIRU j «n

5DQGRPO\FKRRVHR GDQGWKHQFRPSXWHW êQPpubr˜R DQGW mʂHR

&RPSXWHV HRmUVV« VnW W L ZKHUH L FRQWDLQV LQIRUPDWLRQ DERXW KRZ³Vj´LVDVVRFLDWHGZLWKHDFKUHFHLYHU 7KHQ WKH FLSKHUWH[W IRU WKH PHVVDJHm LVC U VV« VnWW LV

7KHdecryption *LYHQ DFL SKHUWH[WC U V V« VnWW LVWKHUHFHLYHUIDjXVHV LWR ILQGWKHDSSURSULDWHVj7KHQWKHUHFHLYHUXVHVWKH DVVRFLDWHGVjWRSHUIRUPWKHIROORZLQJWDVNV

&RPSXWH R Ö

Ö

W V P e

D U e

j pub

i IDj

DQG m

WʂHR

(5)

,IV  V WKH UHFHLYHU UHWXUQVm DV D SODLQWH[W DQG³Reject´RWKHUZLVH

6HFXULW\DQDO\VLV

$V PHQWLRQHG LQ 6HFWLRQ WKH DGYHUVDU\ LV DOORZHG WR REWDLQ HLWKHU WKH LQLWLDO VHFUHW NH\ RU WKH WLPHXSGDWHNH\6LQFHWKHXVHU¶VHQWLUHGHFU\SWLRQNH\ FRQVLVWV RI WKH LQLWLDO VHFUHW NH\ DQG WKH WLPH XSGDWH NH\WKHDGYHUVDU\ZKRJHWVRQHRIWKHPLVVWLOOXQDEOH WR FRPSXWH WKH XVHU¶V HQWLUH GHFU\SWLRQ NH\ )RU VLPSOLFLW\RIVHFXULW\SURRIZHFRQVLGHUWZRFDVHVDQ LQVLGH DGYHUVDU\ RU DU HYRNHG XVHU DQG DQ RXWVLGH DGYHUVDU\ ,I WKH 3.* VWRSV WR LVVXH WKH QHZ WLPH XSGDWHNH\IRUDXVHUWKHXVHULVXQDEOHWRREWDLQWKH WLPH XSGDWH NH\LQWKHSUHVHQWWLPHSHULRG6LQFH WKH XVHUVWLOORZQVWKHLQLWLDOVHFUHWNH\WKLVXVHUPD\EH YLHZHGDVDQLQVLGHUDGYHUVDU\RUDUHYRNHGXVHU2Q WKH RWKHU KDQG DQ\ XVHU LV DEOH WR REWDLQ WKH WLPH XSGDWH NH\ VLQFH WKH WLPH XSGDWH NH\ LV WUDQVPLWWHG YLD D SXEOLF FKDQQHO 7KLV NLQG RI DWWDFNHU PD\ EH YLHZHGDVDQRXWVLGHUDGYHUVDU\$QLQVLGHUDGYHUVDU\ DQG DQ RXWVLGH DGYHUVDU\ DUH DOORZHG WR LVVXH DOO TXHULHV LQ WKH ,1'V50,'&&$ JDPH H[FHSW IRU WKH time key updatequery RQ ID*, i* DQG WKHinitial key extract query RQID* UHVSHFWLYHO\ ,Q WKH IROORZLQJ ZHJLYHIRUPDOVHFXULW\DQDO\VLVRIWKHSURSRVHG5,%( VFKHPHLQWKHUDQGRPPRGHO>@

+HUH ZH GHPRQVWUDWH WKDW WKH SURSRVHG 50,%( VFKHPHLVVHPDQWLFDOO\VHFXUHDJDLQVWVHOHFWLYHPXOWL ,' DGDSWLYH FKRVHQ FLSKHUWH[W DWWDFNV ,1'V50,' &&$IRUWKHRXWVLGHUDQGLQVLGHUDGYHUVDU\:HDGRSW WKHVDPHSURYLQJWHFKQLTXHDVLQ%DHNet al¶V0,%( VFKHPH >@ 7KH\ ILUVW FRQVWUXFWHG D QRUPDO SXEOLF NH\ HQFU\SWLRQ FDOOHG WKH %LOLQHDU (O*DPDO VFKHPH 7KHFRQFUHWH%LOLQHDU(O*DPDOVFKHPHLVGHVFULEHGDV IROORZV

KeyGen&KRRVHWZRJURXSVG GRISULPHRUGHU qDQDGPLVVLEOHELOLQHDUPDSêGuGoGDQGD JHQHUDWRUP RIG &KRRVHsZq XQLIRUPO\ DW UDQGRP DQG FRPSXWHPpub s˜PG &KRRVH D UDQGRPQG 7KH SXEOLF NH\ LV SUHVHQWHG DV PK ^GGêPQPpub`DQGWKHSULYDWHNH\DUH SUHVHQWHGDVSK ^GGêPPpubs`

Encrypt *LYHQ D PHVVDJHmG DQG WKH SXEOLF NH\PKFKRRVHDUDQGRPrZqDQGFRPSXWHC UW rPêQPpubr˜m5HWXUQWKLVFLSKHUWH[W C

Decrypt*LYHQDFLSKHUWH[WCDQGWKHSULYDWHNH\

SK FRPSXWHm s Q U e

W

Ö DQG UHWXUQm DV D SODLQWH[W

%DHNet al >@ SURYHG WKDW WKH DERYH %LOLQHDU (O*DPDO VFKHPH LV ³2QH:D\QHVV XQGHU SODLQWH[W FKHFNLQJDWWDFN´2:3&$VHFXUHDVVXPLQJWKDWWKH *DS%'+ SUREOHP LV LQWUDFWDEOH LQ ZKLFK WKH 2: 3&$ VHFXULW\ ZDV GHILQHG E\ 2NDPRWR DQG 3RLQWFKHYDO >@ :H SUHVHQW DQ LQIRUPDO GHVFULSWLRQ DERXWWKH2:3&$VHFXULW\6XSSRVHWKDWWKHUHH[LVWV

DPlaintext Checking PC oracle ZKLFK JLYHQ D FLSKHUWH[WSODLQWH[W PHVVDJH SDLU C M RXWSXWV LI C HQFU\SWVM DQG RWKHUZLVH :H VD\ WKDW D SXEOLF NH\ HQFU\SWLRQ VFKHPH LV t qRݍ2:3&$ VHFXUH DVVXPLQJ WKDW DQ\tWLPH DWWDFNHU B PD\ PDNHqo TXHULHVWRWKHPlaintext Checking PCoracleDQGB¶V DGYDQWDJHWKDWILQGVDSUHLPDJHRIDJLYHQFLSKHUWH[W LVOHVVWKDQݍ

Theorem 1. Suppose that the hash functions H1, H2, H3 and H4are the random oracles. Then the proposed RMIBE scheme is a semantically outsider-secure RMIBE scheme (IND-O-sRMID-CCA) assuming that the Gap-BDH problem is hard. Concretely, assume that there is an outsider adversary A that has an advantage İagainst the proposed RMIBE scheme. Suppose A makes at most qE> 0 initial key extract queries, qU > 0 time key update queries, qd > 0 decryption queries and qi > 0 queries to hash functions Hi (i = 1, 2, 3, 4). Here we denote qo = q3+ q4 (PC oracle queries). Then the proposed RMIBE scheme is (t, q1, q2, q3, q4, qE, qU, qd, İ )-IND-O-sMRID-CCA secure assuming that the Gap-%'+LV Wƍ qo,İƍ-intractable, where

İƍ!İ–qdy

DQGWƍWT1+ q2 + qE+

qU)˜O(IJ1) + qd˜O(IJ2) + (q3 + q4)˜O(1), where IJ1and IJ2denote the executing time for a multiplication in G1 and a pairing computation, respectively.

ź3URRI$VVXPH WKDW DQ DGYHUVDU\ A FDQ EUHDN WKH SURSRVHG50,%(VFKHPHLQWKH,1'V05,'&&$ JDPH%\XVLQJWKHDGYHUVDU\AZHPD\FRQVWUXFW DQ 2:3&$ DGYHUVDU\ B WR EUHDN WKH %LOLQHDU (O*DPDO VFKHPH :H DVVXPH WKDW FKDOOHQJHU B LV JLYHQ^GGêPQPpub`DVSXEOLFNH\VRIWKH %LOLQHDU (O*DPDO VFKHPH DQG U* W* r*P êQ Ppubr*˜R* DV DW DUJHW FLSKHUWH[W RI WKH %LOLQHDU (O*DPDO VFKHPH 6XSSRVH WKDW B PDNHV qR q+ qTXHULHVWRWKHPC oracleRIWKH%LOLQHDU (O*DPDO VFKHPH ZLWKLQ WLPH :H GHQRWHB¶V ZLQQLQJ SUREDELOLW\ E\ İƍ B VLPXODWHV WKH FKDOOHQJHU LQ ,1'V05,'&&$ JDPH IRU A DV IROORZV

x Phase . A RXWSXWV WDUJHW PXOWLSOH LGHQWLWLHV GHQRWHG E\ IDID« IDn DQG D WDUJHW WLPH SHULRGGHQRWHGE\ i

(6)

HTXHULHV ID:KHQ A TXHULHVWKHRUDFOHHZLWK IDWKHFKDOOHQJHU B SHUIRUPVWKHIROORZLQJWDVNV B PDLQWDLQVDOLVWRIWXSOHVIDQIDu!FDOOHG

WKHHlist1

,IWKHTXHU\IDDOUHDG\DSSHDUVRQWKHHlist1LQD WXSOH IDQIDu ! WKHQ B UHVSRQGV ZLWK HID QID

2WKHUZLVH B VHOHFWV D UDQGRPuZq DQG FRPSXWHVQIDDVIROORZV

°¯ ° ® ­

 z



 

@ > IRU

LI

@ > IRU

LI

uP G ID ID j n

n j ID ID G Q P u ID H Q

j j ID

7KHQ B DGGV WKH WXSOH IDQIDu ! WR WKH Hlist1,WUHVSRQGVWR A ZLWKHID QID HTXHULHV ID i :KHQ A TXHULHV WKH RUDFOHH

ZLWK ID i WKH FKDOOHQJHU B SHUIRUPV WKH IROORZLQJWDVNV

B PDLQWDLQVDOLVWRI WXSOHVID, iRID,i, v! FDOOHGWKHHlist2

,IWKHTXHU\ID, iDOUHDG\DSSHDUVRQWKHHlist2 LQ D WXSOH ID, iRID,iv ! WKHQ B UHVSRQGV ZLWKH2ID, i RID,i

2WKHUZLVH B UDQGRPO\VHOHFWVDYDOXHvZq* DQGFRPSXWHVRID,i vP7KHQB DGGVWKHWXSOH ID, iRID,i, v!WRWKHHlist2,WUHVSRQGVWR A ZLWKH2ID, i RID,i

HTXHULHVR:KHQ A TXHULHVWKHRUDFOHHZLWK R WKH FKDOOHQJHU B SHUIRUPV WKH IROORZLQJ WDVNV 1RWHWKDWWKLVKDVKIXQFWLRQLVUHODWHGZLWKWKHPC oracle

B PDLQWDLQVDOLVWRIWXSOHVR, K!FDOOHGWKH Hlist

,IWKHTXHU\RDOUHDG\DSSHDUVRQWKHHlistLQ DWXSOHR, K!WKHQ B UHVSRQGVZLWKH3R K 2WKHUZLVH B FKHFNVZKHWKHUU*, W*HQFU\SWV

RXVLQJWKHPCRUDFOH,ILWLV LW PHDQVWKDWB

ILQGV RXW WKH FRUUHFW PHVVDJH RI U*, W*

B

UHWXUQVRDQGWHUPLQDWHVWKHJDPH,ILWLVQRW B

UDQGRPO\VHOHFWVK^`x7KHQ B DGGVR K!WRWKHHlist,WUHVSRQGVWR A ZLWKHR K HTXHULHV RmUVV« VnWW LA

PD\LVVXHTXHULHVZLWKRmUVV« VnW W LWRHB SHUIRUPVWKHIROORZLQJWDVNV B PDLQWDLQVDOLVWRIWXSOHVRmUVV«

VnWW LFDOOHGWKHHlist4

,IWKHTXHU\RmUVV« VnWW L DOUHDG\DSSHDUVRQWKHHlist4LQDWXSOHRm UVV« VnWW LV ! WKHQ B UHVSRQGV ZLWKHRmUVV« VnW W L V

2WKHUZLVH B FKHFNVZKHWKHUU* W*HQFU\SWV R XVLQJ WKHPC oracle ,I LW LV LW PHDQV WKDW DOJRULWKP B ILQGV RXW WKH FRUUHFW PHVVDJH RI U* W*B UHWXUQVR DQGWHUPLQDWHVWKHJDPH ,I LWLV QRW B UDQGRPO\ VHOHFWVV ^ `y

7KHQ B DGGVWKHWXSOHRmUVV« Vn WW LV ! WRHlist4,W UHVSRQGV WR A ZLWK HRmUVV« VnWW L V x Phase 8SRQ UHFHLYLQJ WKH LQLWLDO NH\ H[WUDFW

TXHU\ZLWKIDDQGWKHWLPHNH\XSGDWHTXHU\ZLWK ID iWKHFKDOOHQJHU B UHVSRQGVDVIROORZV1RWH WKDW WKH DVVRFLDWHG KDVK TXHULHV KDYH EHHQ DVNHG EHIRUHWKHVHTXHULHV

7KHLQLWLDONH\H[WUDFWTXHU\ID8SRQUHFHLYLQJ WKLV TXHU\ ZLWKID WKH FKDOOHQJHU B SHUIRUPV WKH IROORZLQJWDVNV

$FFHVVWKHFRUUHVSRQGLQJWXSOHIDQIDu! IURPWKHOLVWHlist1

&RPSXWHDID uPpubG

2EVHUYHWKDWDID uPpub=ubP=bQIDWKHUHIRUH DID LV WKH LQLWLDO VHFUHW NH\ DVVRFLDWHG WR WKH LGHQWLW\ID *LYHDID WR WKH DGYHUVDU\A 7KH UHVWULFWLRQ KHUH LV WKDWIDj GLG QRW DSSHDU LQ WKLVSKDVHZKHUHj «n

7KHWLPHNH\XSGDWHTXHU\ID i8SRQUHFHLYLQJ WKLV TXHU\ ZLWK ID i WKH FKDOOHQJHU B SHUIRUPV WKHIROORZLQJWDVNV

$FFHVVWKHFRUUHVSRQGLQJWXSOHID iRIDi v!IURPWKHOLVWHlist2

&RPSXWHTIDi vPpubG

2EVHUYH WKDWTIDi vPpub= vbP bRIDi DQG WKHUHIRUHTIDiLVWKHWLPHXSGDWHNH\DVVRFLDWHG WR WKH LGHQWLW\ID DQG WKH SHULRG WLPH i *LYH TIDiWRA

7KH GHFU\SWLRQ TXHU\ ID* i* C 8SRQ UHFHLYLQJWKLVTXHU\ZLWKID*i*CZKHUHC UVV« VnWW LV WKH FKDOOHQJHU B DFFHVVHV WKH FRUUHVSRQGLQJ WXSOH RmUV V« VnWW LV!IURPWKHOLVWHlist47KHQ

B SHUIRUPVWKHIROORZLQJWDVNV

,I WKH WXSOH RmUVV« VnWW LV ! H[LVWV LQ WKHHlist4 WKHQ B FRPSXWHV HR XVLQJ WKH VLPXODWLRQ RIH3 DERYH DQG FKHFNV ZKHWKHU HRʂm W ,I QRW LW UHWXUQV³Reject´RWKHUZLVHFKHFNVZKHWKHUU WHQFU\SWVRXVLQJWKHPC oracleDQGFKHFNV êUHIDj* HIDj*, i* Q êPVj ,I ERWK RI WKH HTXDWLRQV KROG B UHWXUQV m RWKHUZLVHUHWXUQV³Reject´

,I WKH WXSOH RmUVV« VnWW LV ! GRHV QRW H[LVW LQ WKHHlist4 WKHQ B UHWXUQV³Reject´

x Challenge7KHDGYHUVDU\ A RXWSXWVmDQGmRQ ZKLFKLWZLVKHVWREHFKDOOHQJHG7KHFKDOOHQJHU B

SHUIRUPVWKHIROORZLQJSURFHGXUH

&KRRVHȕ^` DQG DFFHVV WKH WXSOH ID QIDu ! IURP WKH OLVWHlist1 DQG WKH WXSOH ID iR

IDiv!IURPWKHOLVWHlist2WRJHWuj DQGvjUHVSHFWLYHO\IRUj «n

8VHWKHWDUJHWFLSKHUWH[WU W rPêQ Ppubr˜R WR FRPSXWHu

j˜U DQGvj˜U* IRUj

(7)

&KRRVHK^`xDQGV^`yXQLIRUPO\ DWUDQGRP

6HWK H

R DQGV HRmȕ U u˜Uv˜Uu˜Uv˜U*«un˜U vn˜UWKʂmȕ L ZKHUH L LV FUHDWHG E\B

'HILQHC* U* u

˜U* v˜U* u˜U* v˜U*« un˜U* vn˜U*W*K*ʂmȕ* L

V* B JLYHVC*DVWKHFKDOOHQJHWR

A

x 3KDVH 7KHDGYHUVDU\ A PD\LVVXH PRUHTXHULHV DVLQ3KDVH

x *XHVV7KHDGYHUVDU\ A RXWSXWVLWVJXHVVȕƍ^` DQGZLQVWKLVJDPHLIȕƍ ȕ

,Q Setup DQG Phase LWLV REYLRXV WKDW WKH FKDOOHQJHU B SHUIHFWO\VLPXODWHVWKHUDQGRPRUDFOHH HH H WKH LQLWLDO VHFUHW NH\ H[WUDFWLRQ WKH WLPH NH\XSGDWHDQGWKHGHFU\SWLRQTXHULHV7KHVLPXODWLRQ RIWKHFLSKHUWH[WCLVDVIROORZV

C*= (U*, uj*˜U* + vj*˜U*, W*, K*ʂmȕ*, L*,V*) = (U*, u

j*˜r*P + vj*˜r*P, W*, K*ʂmȕ*, L*,V*)

= (U*, u

j*˜r*P – r*Q + r*Q + vj*˜r*P, W*, K*ʂmȕ*, L*,

V*)

= (U*, uj*˜ r*(uj*P – Q) + r*Q + vj*˜r*P, W*, K*

ʂmȕ*, L*,V*) = (U*, u

j*˜ r*H1(IDj*) + r*H2(IDj*,ij*) + r*Q, W*, K*ʂm

ȕ*, L*,V*),

IRUj «n +HQFH ZH NQRZ WKDWC* LV D YDOLG FLSKHUWH[W

+HUHZHDQDO\]HWKHDOJRULWKPA¶VDGYDQWDJH,I A

KDV JXHVVHG D FRUUHFW YDOXHV ZLWKRXW TXHU\LQJ WKH UDQGRP RUDFOHH DOJRULWKP B PXVW WHUPLQDWH WKLV VLPXODWLRQ ,I WKLV VLWXDWLRQ PD\ KDSSHQ WKH

SUREDELOLW\ LV y

6LQFH LQ 3KDVH A PDNHV WRWDOq d

GHFU\SWLRQ TXHULHV ZH KDYH WKH 3U>*XHVV+@ ”qdy

ZKHUH *XHVV+LV WKH HYHQW ZKLFK A JXHVVHV WKH FRUUHFWYDOXHV,IW*R* êcP, bPaZHKDYH3U>B P aPbPcP ê P, Pabc @ _ 3U>ȕ´ ȕ_ ¤*XHVV+@ ± _ DQG _ 3U>ȕ´ ȕ@ ± _! İ &RQVHTXHQWO\ZHKDYH_3U>ȕ´ ȕ_¤*XHVV+@±_ !_3U>ȕ´ ȕ_±3U>*XHVV+@±_!ݱ3U>*XHVV+@

!ݱqdy

$FFRUGLQJ WR WKH DERYH GHVFULSWLRQV IRU WKH FKDOOHQJHUBLWLVREYLRXVWKDWWKHUHTXLUHGH[HFXWLQJ WLPHIRUHDFK H HLQLWLDONH\H[WUDFW DQG WLPHNH\ XSGDWH TXHULHV QHHGV RQH PXOWLSOLFDWLRQ FRPSXWDWLRQ LQG 3HUIRUPLQJqd GHFU\SWLRQ TXHULHV UHTXLUHVqd SDLULQJFRPSXWDWLRQVHDQG HTXHULHVQHHGWKHWLPH RISHUIRUPLQJPC oracle6RZHKDYHWƍWq+ q + qE+ qU˜OIJ+ qd˜OIJ + q+ q˜O ZKHUHIJ DQGIJGHQRWHWKHH[HFXWLQJWLPHIRUDPXOWLSOLFDWLRQLQ GDQGDSDLULQJFRPSXWDWLRQUHVSHFWLYHO\Ÿ

,Q WKH IROORZLQJ ZH SURYH WKDW RXU SURSRVHG 50,%( VFKHPH LV DOVR D VHPDQWLFDOO\ LQVLGHUVHFXUH 50,%( VFKHPH 6LQFH WKH 3.* VWRSV WR LVVXH WKH FXUUHQWWLPHXSGDWHNH\IRUWKHUHYRNHGXVHUWKHXVHU LVXQDEOHWRREWDLQWKHWLPHXSGDWHNH\LQWKHSUHVHQW WLPHSHULRG:HJLYHDWKHRUHPIRUDQLQVLGHUDWWDFNHU UHYRNHG XVHU DQG SURYH WKDW LQVLGHU DGYHUVDU\ RU D UHYRNHGXVHUFDQQRWGHFU\SWWKHPHVVDJH

Theorem 2. Suppose that the hash functions H1, H2, H3 and H4are the random oracles. Then the proposed RMIBE scheme is a semantically insider-secure RMIBE scheme (IND-I-sRMID-CCA) assuming that the Gap-BDH problem is hard. Concretely, assume that there is an insider adversary A that has an advantage İagainst the proposed RMIBE scheme. Suppose A makes at most qE> 0 initial key extract queries, qU > 0 time key update queries, qd > 0 decryption queries and qi > 0 queries to hash functions Hi (i = 1, 2, 3, 4). Here we denote qo = q3+ q4 (PC oracle queries). Then the proposed RMIBE scheme is (t, q1, q2, q3, q4, qE, qU, qd, İ )-IND-O-sMRID-CCA secure assuming that the Gap-%'+LV Wƍ qo,İƍ-intractable, where

İƍ ! İ–qdy

andWƍ W T1+ q2+ qE +

qU)˜O(IJ1) + qd˜O(IJ2) + (q3 + q4)˜O(1), where IJ1and IJ2denote the executing time for a multiplication in G1 and a pairing computation, respectively.

ź3URRI$VVXPH WKDW DQ DGYHUVDU\ A FDQ EUHDN WKH SURSRVHG50,%(VFKHPHLQWKH,1'V05,'&&$ JDPH%\XVLQJWKHDGYHUVDU\AZHPD\FRQVWUXFW DQ 2:3&$ DGYHUVDU\ B WR EUHDN WKH %LOLQHDU (O*DPDO VFKHPH :H DVVXPH WKDW FKDOOHQJHU B LV JLYHQ^GGêPQPpub`DVSXEOLFNH\VRIWKH %LOLQHDU (O*DPDO VFKHPH DQG U* W* r*P êQ Ppubr*˜R* DV DW DUJHW FLSKHUWH[W RI WKH %LOLQHDU (O*DPDO VFKHPH 6XSSRVH WKDW B PDNHV qR q + q TXHULHV WR WKHPC oracle RI WKH %LOLQHDU (O*DPDO VFKHPH ZLWKLQ WLPH :H GHQRWHB¶V ZLQQLQJ SUREDELOLW\ E\İƍ B VLPXODWHV WKHFKDOOHQJHULQ,1'V05,'&&$JDPHIRU A DV IROORZV

x Phase . A RXWSXWV WDUJHW PXOWLSOH LGHQWLWLHV GHQRWHG E\ IDID« IDn DQG D WDUJHW WLPH SHULRGGHQRWHGE\ i

(8)

HTXHULHV ID:KHQ A TXHULHVWKHRUDFOHHZLWK IDWKHFKDOOHQJHU B SHUIRUPVWKHIROORZLQJWDVNV B PDLQWDLQV D OLVW RI WXSOHV IDQIDv !

FDOOHGWKHHlist1

,IWKHTXHU\IDDOUHDG\DSSHDUVRQWKHHlist1LQD WXSOH IDQIDv ! WKHQ B UHVSRQGV ZLWK HID QID

2WKHUZLVH B UDQGRPO\VHOHFWVDYDOXHvZq DQGFRPSXWHVQID vP7KHQB DGGVWKHWXSOH IDQIDv!WRWKHHlist1,WUHVSRQGVWR A ZLWK HID QID

HTXHULHV ID i :KHQ A TXHULHV WKH RUDFOHH ZLWK ID i WKH FKDOOHQJHU B SHUIRUPV WKH IROORZLQJWDVNV

B PDLQWDLQVDOLVWRIWXSOHVIDiRIDiu! FDOOHGWKHHlist2

,IWKHTXHU\ID iDOUHDG\DSSHDUVRQWKHHlist2 LQDW XSOHIDiRIDiu!WKHQ B UHVSRQGV ZLWKHID i RIDi

2WKHUZLVH B VHOHFWV D UDQGRPuZq DQG FRPSXWHVQIDDVIROORZV

°¯ ° ® ­  z    @ > IRU LI @ > IRU LI

uP G IDi ID i j n

n j i ID i ID G Q P u i ID H R j j j j i ID

7KHQ B DGGVWKHWXSOHIDiRIDiu!WRWKHHlist2,W UHVSRQGVWR A ZLWKHID i RIDi

HTXHULHVR:KHQ A TXHULHVWKHRUDFOHHZLWK R WKH FKDOOHQJHU B SHUIRUPV WKH IROORZLQJ WDVNV 1RWHWKDWWKLVKDVKIXQFWLRQLVUHODWHGZLWKWKHPC oracle

B PDLQWDLQVDOLVWRIWXSOHVRK!FDOOHGWKH Hlist3

,IWKHTXHU\RDOUHDG\DSSHDUVRQWKHHlist3LQ DWXSOHRK!WKHQ B UHVSRQGVZLWKHR K 2WKHUZLVH B FKHFNVZKHWKHUU* W*HQFU\SWV

R XVLQJWKHPC oracle,ILWLVLWPHDQVWKDWB

ILQGV RXW WKH FRUUHFW PHVVDJH RI U* W*

B

UHWXUQVR DQGWHUPLQDWHVWKHJDPH,ILWLVQRW B

UDQGRPO\VHOHFWVK^`x7KHQ B DGGVR K!WRWKHHlist3,WUHVSRQGVWR A ZLWKHR K HTXHULHV RmUVV« VnWW LA

PD\LVVXHTXHULHVZLWKRmUVV« VnW W LWRHB SHUIRUPVWKHIROORZLQJWDVNV B PDLQWDLQVDOLVWRIWXSOHVRmUVV«

VnWW LFDOOHGWKHHlist4

,IWKHTXHU\RmUVV« VnWW L DOUHDG\DSSHDUVRQWKHHlist4LQDWXSOHRm UVV« VnWW LV ! WKHQ B UHVSRQGV ZLWKHRmUVV« VnW W L V

2WKHUZLVH B FKHFNVZKHWKHUU* W*HQFU\SWV R XVLQJ WKHPC oracle ,I LW LV LW PHDQV WKDW DOJRULWKP B ILQGV RXW WKH FRUUHFW PHVVDJH RI U* W*B UHWXUQVR DQGWHUPLQDWHVWKHJDPH ,I LWLV QRW B UDQGRPO\ VHOHFWVV ^ `y 7KHQ B DGGVWKHWXSOHRmUVV« Vn WW LV ! WRHlist4,W UHVSRQGV WR A ZLWK

HRmUVV« VnWW L V x Phase 8SRQ UHFHLYLQJ WKH LQLWLDO NH\ H[WUDFW

TXHU\ZLWKIDDQGWKHWLPHNH\XSGDWHTXHU\ZLWK ID iWKHFKDOOHQJHU B UHVSRQGVDVIROORZV1RWH WKDW WKH DVVRFLDWHG KDVK TXHULHV KDYH EHHQ DVNHG EHIRUHWKHVHTXHULHV

7KHLQLWLDONH\H[WUDFWTXHU\ID8SRQUHFHLYLQJ WKLV TXHU\ ZLWKID WKH FKDOOHQJHU B SHUIRUPV WKH IROORZLQJWDVNV

$FFHVV WKH FRUUHVSRQGLQJ WXSOH IDQIDv! IURPWKHOLVWHlist1

&RPSXWHDID vPpubG

2EVHUYHWKDWDID vPpub=vbP=bQIDWKHUHIRUH DID LV WKH LQLWLDO VHFUHW NH\ DVVRFLDWHG WR WKH LGHQWLW\ID *LYHDID WR WKH DGYHUVDU\A 7KH UHVWULFWLRQ KHUH LV WKDWIDj GLG QRW DSSHDU LQ WKLVSKDVHZKHUHj «n

7KHWLPHNH\XSGDWHTXHU\ID i8SRQUHFHLYLQJ WKLV TXHU\ ZLWK ID i WKH FKDOOHQJHU B SHUIRUPV WKHIROORZLQJWDVNV

$FFHVVWKHFRUUHVSRQGLQJWXSOHID iRIDi u!IURPWKHOLVWHlist2

&RPSXWHTIDi uPpubG

2EVHUYH WKDWTIDi uPpub= ubP uRIDi DQG WKHUHIRUHTIDiLVWKHWLPHXSGDWHNH\DVVRFLDWHG WR WKH LGHQWLW\ID DQG WKH SHULRG WLPH i *LYH TIDiWRA

7KH GHFU\SWLRQ TXHU\ ID* i* C 8SRQ UHFHLYLQJWKLVTXHU\ZLWKID*i*CZKHUHC UVV« VnWW LV WKH FKDOOHQJHU B DFFHVVHV WKH FRUUHVSRQGLQJ WXSOH RmUV V« VnWW LV!IURPWKHOLVWHlist47KHQ

B SHUIRUPVWKHIROORZLQJWDVNV

,I WKH WXSOH RmUVV« VnWW LV ! H[LVWV LQ WKHHlist4 WKHQ B FRPSXWHV HR XVLQJ WKH VLPXODWLRQ RIH3 DERYH DQG FKHFNV ZKHWKHU HRʂm W ,I QRW LW UHWXUQV³Reject´RWKHUZLVHFKHFNVZKHWKHUU WHQFU\SWVRXVLQJWKHPC oracleDQGFKHFNV êUHIDj* HIDj*, i* Q êPVj ,I ERWK RI WKH HTXDWLRQV KROG B UHWXUQV m RWKHUZLVHUHWXUQV³Reject´

,I WKH WXSOH RmUVV« VnWW LV ! GRHV QRW H[LVW LQ WKHHlist4 WKHQ B UHWXUQV³Reject´

x Challenge7KHDGYHUVDU\ A RXWSXWVmDQGmRQ ZKLFKLWZLVKHVWREHFKDOOHQJHG7KHFKDOOHQJHU B

SHUIRUPVWKHIROORZLQJSURFHGXUH

&KRRVHȕ^` DQG DFFHVV WKH WXSOH ID QIDv ! IURP WKH OLVWHlist1 DQG WKH WXSOH ID iR

IDiu!IURPWKHOLVWHlist2WRJHWvj DQGujUHVSHFWLYHO\IRUj «n

8VHWKHWDUJHWFLSKHUWH[WU W rPêQ Ppubr˜R WR FRPSXWHv

j˜U DQGuj˜U* IRUj

«n

&KRRVHK^`xDQG

(9)

6HWK H

R DQGV HRmȕU v˜Uu˜Uv˜Uu˜U*«vn˜U un˜UWKʂmȕ L ZKHUH L LV FUHDWHG E\B

'HILQHC* U* v˜U* u˜U* v˜U* u˜U*« vn˜U* un˜U*W*K*ʂmȕ* L

V* B JLYHVC*DVWKHFKDOOHQJHWRA

x Phase 7KHDGYHUVDU\ A PD\LVVXHPRUHTXHULHV DVLQPhase

x Guess: 7KHDGYHUVDU\ A RXWSXWVLWVJXHVVȕƍ^` DQGZLQVWKLVJDPHLIȕƍ ȕ

,Q Setup DQG Phase LWLV REYLRXV WKDW WKH FKDOOHQJHU B SHUIHFWO\VLPXODWHVWKHUDQGRPRUDFOHH HH H WKH LQLWLDO VHFUHW NH\ H[WUDFWLRQ WKH WLPH NH\XSGDWHDQGWKHGHFU\SWLRQTXHULHV7KHVLPXODWLRQ RIWKHFLSKHUWH[WCLVDVIROORZV

C*= (U*, v

j*˜U* + uj*˜U*, W*, K*ʂmȕ*, L*,V*)

= (U*, v

j*˜r*P + uj*˜r*P, W*, K*ʂmȕ*, L*,V*)

= (U*, v

j*˜r*P – r*Q + r*Q + uj*˜r*P, W*, K*ʂmȕ*, L*,V*)

= (U*, v

j*˜ r*(vj*P – Q) + r*Q + uj*˜r*P, W*, K*ʂmȕ*, L*,V*)

= (U*, vj*˜ r*H1(IDj*) + r*H2(IDj*,ij*) + r*Q, W*, K*

ʂmȕ*, L*,V*),

IRUj «n +HQFH ZH NQRZ WKDWC* LV D YDOLG FLSKHUWH[W

7KH DQDO\VLV LV VLPLODU WR 7KHRUHP 7KH VXFFHVVIXOSUREDELOLW\DGYDQWDJHRIWKHFKDOOHQJHU B

ZKR FDQ VROYH WKH &'+ SUREOHP LV DW OHDVWݱqdy

7KHH[HFXWLQJWLPHLVt + q+ q+ qE+ qU˜OIJ + qd˜OIJ + q+ q˜O ZKHUHIJDQGIJGHQRWH WKH H[HFXWLQJWLPHIRUDPXOWLSOLFDWLRQLQ GDQGDSDLULQJ FRPSXWDWLRQUHVSHFWLYHO\Ÿ

3HUIRUPDQFHDQDO\VLVDQGFRPSDULVRQV

,QWKLVVHFWLRQZHDQDO\]HWKHSHUIRUPDQFHRIWKH SURSRVHG 50,%( VFKHPH DQG JLYH WKH FRPSDULVRQV ZLWK WKH 7VHQJ7VDL 5,%( VFKHPH >@ )RU FRQYHQLHQFH ZH GHILQH WKH IROORZLQJ QRWDWLRQV WR DQDO\]HWKHFRPSXWDWLRQDOFRVW

x TGe 7KH WLPH RI H[HFXWLQJ D ELOLQHDU SDLULQJ RSHUDWLRQêGuGoG2

x TGmul 7KH WLPH RI H[HFXWLQJ D PXOWLSOLFDWLRQ RSHUDWLRQLQG

x Texp 7KH WLPH RI H[HFXWLQJ DQ H[SRQHQWLDWLRQ RSHUDWLRQLQG2.

x TGH 7KH WLPH RI H[HFXWLQJ D PDSWRSRLQW KDVK IXQFWLRQHRUH

6RPH VLPXODWLRQ UHVXOWV LQ >@ GHPRQVWUDWH WKDWH[HFXWLQJDELOLQHDUSDLULQJRSHUDWLRQTGeLVPRUH WLPHFRQVXPLQJ WKDQ RWKHU RSHUDWLRQV ,Q RUGHU WR REWDLQPRUHSUHFLVHDQDO\VLVRIWKHHQFU\SWLRQFRVWIRU

n UHFHLYHUV ZH XVH WKH VLPXODWLRQ UHVXOWV LQ >@ WR HYDOXDWHLW7DEOHOLVWVWKHVLPXODWLRQUHVXOWVRITGe Texp DQGTGH ZLWK UHVSHFW WRTGmul UHVSHFWLYHO\ 7KH VLPXODWLRQ HQYLURQPHQW LV SUHVHQWHG DV IROORZV 7KH SURFHVVRULVDQ,QWHO&RUH'XR7*+]ZLWK *% RI 5$0 0+] 7KH FU\SWRJUDSKLF SDLULQJ V\VWHPXVHV:HLOELOLQHDUSDLULQJV\VWHPLQZKLFKWKH XVHG SDLULQJ YDOXHV EHORQJ WR D ILQLWH ILHOG RI ELWV 7KH FRPSXWDWLRQ FRVWV RITGe TGH DQGTexp DUH HTXDO WR DERXW TGmul TGmul DQG TGmul UHVSHFWLYHO\

7DEOH7KHFRVWRIWKHUHODWHGSDLULQJEDVHGRSHUDWLRQV

TGe TGH Texp

&RVW TGmul TGmul TGmul

,Q WKH IROORZLQJ ZH DQDO\]H WKH FRPSXWDWLRQDO FRVWVRIWKHSURSRVHG50,%(VFKHPH)RUHQFU\SWLQJ D PHVVDJH IRUn UHFHLYHUV LQ WKH SURSRVHG 50,%( VFKHPH LW WDNHVTGe n˜TGmul n˜TGH Texp WLPH )RU HDFK VHOHFWHG UHFHLYHU¶V GHFU\SWLRQ LQ WKH SURSRVHG50,%(VFKHPHLWUHTXLUHVTGe TexpWLPH 7DEOH OLVWV WKH FRPSDULVRQV EHWZHHQ WKH SURSRVHG 50,%(VFKHPHDQGWKH7VHQJ7VDL5,%(VFKHPH>@ LQ WHUPV RI WKH FRPSXWDWLRQDO FRVWV RI HQFU\SWLRQGHFU\SWLRQ IRUn UHFHLYHUV DQG VHFXULW\ DVVXPSWLRQ%HFDXVH7VHQJDQG7VDLGLGQ¶WDGGUHVVWKH SUREOHP ZKHUH D VHQGHU ZRXOG OLNH WR HQFU\SW D PHVVDJH IRUn UHFHLYHUV WKH VHQGHU PXVW UHHQFU\SW WKHPHVVDJHnWLPHVXVLQJWKHLU5,%(VFKHPH7KXVD VHQGHUQHHGVnH[SHQVLYHSDLULQJRSHUDWLRQVWRHQFU\SW DVLQJOHPHVVDJHIRUnUHFHLYHUV2XUSURSRVHGVFKHPH UHTXLUHV RQO\ RQH SDLULQJ RSHUDWLRQ WR HQFU\SW D PHVVDJH IRUn UHFHLYHUV 7KH UHTXLUHG FRPSXWDWLRQDO FRWVRIHQFU\SWLRQIRUnXVHUVDUHGHSLFWHGLQ)LJ,W LV REYLRXV WKDW RXU 0,%( VFKHPH LV EHWWHU WKDQ WKH 7VHQJ7VDL5,%(VFKHPHIRUHQFU\SWLQJDPHVVDJHIRU nUHFHLYHUV

7DEOH&RPSDULVRQEHWZHHQWKHSURSRVHGVFKHPHDQGWKH 7VHQJ7VDL,%(VFKHPH

7KH7VHQJ 7VDL¶V5,%( VFKHPH>@

2XUSURSRVHG 50,%(VFKHPH

6HFXULW\DVVXPSWLRQ %'+DVVXPSWLRQ *DS%'+ DVVXPSWLRQ &RPSXWDWLRQDOFRVW

RIHQFU\SWLRQIRUn UHFHLYHUV

n˜TGeTGmul n˜TGHn˜Texp

TGen˜TGmul n˜TGHTexp

n TGmul TGmul

n TGmul TGmul

n TGmul TGmul

n TGmul TGmul &RPSXWDWLRQDOFRVW

RIGHFU\SWLRQIRU HDFKXVHU

TGeTGmul

Texp TGeTexp

(10)

)LJXUH3HUIRUPDQFHFRPSDULVRQRIHQFU\SWLRQIRUnXVHUV

&RQFOXVLRQV

,QWKLVSDSHUZHDGGUHVVHGWKHSUREOHPZKHUHRQH VHQGHU HQFU\SWV DQ LGHQWLFDO PHVVDJH IRU PXOWLSOH UHFHLYHUV LQ WKH UHYRFDEOH ,'EDVHG YHUVLRQ :H GHILQHGWKHIUDPHZRUNRIUHYRFDEOHPXOWLUHFHLYHU,' EDVHG HQFU\SWLRQ 50,%( ZLWK DS XEOLF FKDQQHO 0HDQZKLOH WKH VHFXULW\ QRWLRQV ZHUH FRPSOHWHO\ GHILQHG WR IRUPDOL]H WKH SRVVLEOH WKUHDWV DQG DWWDFNV WKDW LQFOXGH DQ RXWVLGH DGYHUVDU\ DQG D UHYRNHG XVHU DQLQVLGHDGYHUVDU\:HSURSRVHGWKHFRQFUHWH5,%( VFKHPH IURP ELOLQHDU SDLULQJV %DVHG RQ WKH *DS ELOLQHDU 'LIILH+HOOPDQ DVVXPSWLRQ WKH 50,%( VFKHPH LV SURYHG WR EH VHPDQWLFDOO\ VHFXUH DJDLQVW DGDSWLYH FKRVHQ FLSKHUWH[W DWWDFNV &&$ XQGHU WKH VHOHFWLYH,' YHUVLRQ 3HUIRUPDQFH DQDO\VLV DQG FRPSDULVRQV DUH PDGH WR GHPRQVWUDWH WKDW RXU SURSRVHG VFKHPH UHTXLUHV RQO\ RQH SDLULQJ RSHUDWLRQ IRU HQFU\SWLQJ D PHVVDJH IRU PXOWLSOH LGHQWLWLHV DQG SURYLGHVUHYRFDEOHSURSHUW\

$FNQRZOHGJHPHQWV

7KLV UHVHDUFK ZDV SDUWLDOO\ VXSSRUWHG E\ 1DWLRQDO 6FLHQFH &RXQFLO 7DLZDQ 52& XQGHU FRQWUDFW QR 16&(

5HIHUHQFHV

>@ $6KDPLU,GHQWLW\EDVHGFU\SWRV\VWHPVDQGVLJQDWXUH VFKHPHV,QProc. of CRYPTO’84/1&6

SS

>@ ' %RQHK 0 )UDQNOLQ ,GHQWLW\EDVHG HQFU\SWLRQ IURP WKH :HLO SDLULQJ ,Q Proc. of CRYPTO’01

/1&6SS

>@ -& &KD -+ &KHRQ $Q LGHQWLW\EDVHG VLJQDWXUH IURPJDS'LIILH+HOOPDQJURXSV,QProc. of PKC’03

/1&6SS

>@ 0 %HOODUH & 1DPSUHPSUH * 1HYHQ 6HFXULW\ SURRIV IRU LGHQWLW\EDVHG LGHQWLILFDWLRQ DQG VLJQDWXUH VFKHPHVJournal of Cryptology9RO1R

SS

>@ %:DWHUV(IILFLHQWLGHQWLW\EDVHGHQFU\SWLRQZLWKRXW UDQGRP RUDFOHV ,Q Proceedings of Eurocrypt’05

/1&69ROSS

>@ / &KHQ = &KHQJ 13 6PDUW ,GHQWLW\EDVHG NH\ DJUHHPHQW SURWRFROV IURP SDLULQJV International Journal of Information Security 9RO 1R

SS

>@ ' %RQHK 0 +DPEXUJ *HQHUDOL]HG LGHQWLW\ EDVHG DQG EURDGFDVW HQFU\SWLRQ VFKHPHV ,Q Proc. of Asiacrypt’08/1&6SS >@ <+&KXDQJ<07VHQJ7RZDUGVJHQHUDOL]HG,'

EDVHG XVHU DXWKHQWLFDWLRQ IRU PRELOH PXOWLVHUYHU HQYLURQPHQWInternational Journal of Communication

Systems9RO1RSS

>@ <)&KDQJ:/7DL&</LQ$YHULILDEOHSUR[\ VLJQDWXUH VFKHPH EDVHG RQ ELOLQHDU SDLULQJV ZLWK LGHQWLW\EDVHG FU\SWRJUDSKLF DSSURDFKHVInformation Technology and Control 9RO 1R

SS

>@7< :X <0 7VHQJ $Q ,'EDVHG PXWXDO DXWKHQWLFDWLRQ DQG NH\ H[FKDQJH SURWRFRO IRU ORZ SRZHU PRELOH GHYLFHVThe Computer Journal

9RO1RSS

>@(- <RRQ $Q HIILFLHQW DQG VHFXUH LGHQWLW\EDVHG VWURQJ GHVLJQDWHG YHULILHU VLJQDWXUH VFKHPH Information Technology and Control 9RO

1RSS

>@7< :X <0 7VHQJ 7RZDUGV ,'EDVHG DXWKHQWLFDWHG JURXS NH\ H[FKDQJH SURWRFRO ZLWK LGHQWLI\LQJ PDOLFLRXV SDUWLFLSDQWVInformatica

9RO1RSS

>@7< :X <0 7VHQJ 77 7VDL$UHYRFDEOH,' EDVHGDXWKHQWLFDWHGJURXSNH\H[FKDQJHSURWRFROZLWK UHVLVWDQWWRPDOLFLRXVSDUWLFLSDQWVComputer Networks

>@5 +RXVOH\ : 3RON : )RUG ' 6ROR ,QWHUQHW ; SXEOLF NH\ LQIUDVWUXFWXUH FHUWLILFDWH DQG FHUWLILFDWHUHYRFDWLRQOLVW&5/SURILOH,QRFC 3280 IETF

>@$ %ROG\UHYD 9 *R\DO 9 .XPDU ,GHQWLW\EDVHG HQFU\SWLRQ ZLWK HIILFLHQW UHYRFDWLRQ ,QProceedings ofCCS’08SS

>@5 &DQHWWL 6 +DOHYL - .DW] $ IRUZDUGVHFXUH SXEOLFNH\ HQFU\SWLRQ VFKHPH ,Q Proceedings of Eurocrypt’03/1&6SS >@% /LEHUW ' 9HUJQDXG $GDSWLYH,' VHFXUH

UHYRFDEOH LGHQWLW\EDVHG HQFU\SWLRQ ,QProceedings ofCT-RSA’09/1&6SS

>@<07VHQJ777VDL(IILFLHQWUHYRFDEOH,'EDVHG HQFU\SWLRQ ZLWK D SXEOLF FKDQQHO The Computer Journal9RO1RSS

>@' %RQHK 0 )UDQNOLQ ,GHQWLW\EDVHG HQFU\SWLRQ IURP WKH :HLO SDLULQJSIAM J. of Computing

9RO1RSS

>@-%DHN 5 6DIDYL1DLQL : 6XVLOR(IILFLHQWPXOWL UHFHLYHU LGHQWLW\EDVHG HQFU\SWLRQ DQG LWV DSSOLFDWLRQ WR EURDGFDVW HQFU\SWLRQ ,QProceedings ofPKC’05

/1&6SS

>@- %DHN < =KHQJ ,GHQWLW\EDVHG WKUHVKROG GHFU\SWLRQ ,QProceedings ofPKC’04 /1&6

SS

>@56DNDL0.DVDKDUD,'EDVHGFU\SWRV\VWHPVZLWK SDLULQJ RQ HOOLSWLF FXUYH ,Q Cryptology ePrint Archive5HSRUW

>@6 *DOEUDLWK . 3DWHUVRQ 13 6PDUW 3DLULQJV IRU FU\SWRJUDSKHUVDiscrete Applied Mathematics

9RO1RSS

(11)

>@0 %HOODUH 3 5RJDZD\ 5DQGRP RUDFOHV DUH SUDFWLFDODSDUDGLJPIRUGHVLJQLQJHIILFLHQWSURWRFROV ,QProceedings of CCS’93SS

>@5 &DQHWWL 2 *ROGUHLFK 6 +DOHYL 7KH UDQGRP RUDFOHPHWKRGRORJ\UHYLVLWHGJournal of ACM

9RO1RSS

>@06FRWW&RPSXWLQJWKH7DWHSDLULQJ,QProceedings of CT-RSA’05/1&6SS >@; &DR ; =HQJ : .RX / +X ,GHQWLW\EDVHG

DQRQ\PRXV UHPRWH DXWKHQWLFDWLRQ IRU YDOXHDGGHG VHUYLFHV LQ PRELOH QHWZRUNV ,QIEEE Trans. Veh. Technol.9RO1RSS >@7< :X <0 7VHQJ $Q HIILFLHQW XVHU

DXWKHQWLFDWLRQ DQG NH\ H[FKDQJH SURWRFRO IRU PRELOH FOLHQWVHUYHU HQYLURQPHQWComputer Networks

9RO1RSS

>@* 6WHSKDQLGHV 6KRUWNH\ FHUWLILFDWHOHVV HQFU\SWLRQ ,QProceedings ofLightSec’11SS 5HFHLYHG$XJXVW

References

Download now ( PDF - 11 Page - 280.62 KB )

Related documents

A comparison of the antimicrobial activity and toxicity of six Combretum and two Terminalia species from South Africa

Similarly, the extracts also displayed good antifungal activity, inhibiting the growth of 2‑3 (66.7‑100%) of the fungal species tested, with fungal growth inhibition

Stock Price Manipulation Detection based on Autoencoder Learning of Stock Trades Affinity

Following which, a pre-trained AE (upon normal dataset) is used to process the affinity matrix and extract six encoded features before being processed by the MKDE clustering approach

Who do people trust for financial advice? Iowans rate the credibility of information channels for financial information

The goal of this study is to determine (1) what channels and sources people use to obtain information regarding personal finance, (2) who or what information sources people find to be

PRODUCT MONOGRAPH. pantoprazole enteric-coated tablets, 40 mg. (as pantoprazole magnesium) H+, K+-ATPase Inhibitor

The primary objective of this study was to compare the 24-hour intragastric pH profile under steady-state conditions following administration of pantoprazole magnesium

Unleashing Top-of-License Registered Nurse Practice: An Integrative Review

As the Doctor of Nursing Practice (DNP) student and project lead for facilitating this scholarly project integrative review process, it is imperative to concisely present the state of

Differences in Retention-Related Risk Factors and Potential Resources across First-Generation and Non-First-Generation College Students

First-generation students, or students whose parents received only a high school diploma or less, receive lower GPAs (Hottinger &amp; Rose, 2006; Inman &amp; Mayes, 1999),

Uniting Against the Tides: Filipino ‘Shefarers’ Organising Against Sexual Harassment

The Revised POEA Rules and Regulations Governing the Recruitment and Employment of Seafarers (POEA 2016), also referred to as the standard contract, is an 88-page document

How to Run a PAWS 9.0 Student Report

PAWS V9 9 9 9.0 .0 .0 .0 Training Training Training Training View &amp; Print Degree Progress and Academic Advisement Reports View &amp; Print Degree Progress and