Page 280 - 《软件学报》2021年第10期

P. 280

3252 Journal of Software 软件学报 Vol.32, No.10, October 2021

求逆运算的复杂性远大于高斯采用和矩阵向量乘法运算(陷门生成、原像抽样和带陷门的求逆算法的复杂度是
影响格密码实用性的重要原因),因此,方案 M的计算效率较高.
从表 5 和表 7 可以看出:当发送 N 个消息到 N 个接收方的情况下,由于 LWJ13 和 ZXX18 的密文量和计算
量呈 N 倍增加,而本文方案 M密文量与计算量不变,因此,方案 M的密文量只近似为 LWJ13 和 ZXX18 方案的
3/N,计算效率更胜于 LWJ13 和 ZXX18 方案.

5 结论

随机数重用在构造多接收方密码方案时可以有效地节约系统开销,但容易导致方案的安全问题.研究如何
进行安全的随机数重用,是一个非常有意义的研究课题.随机数全重用和随机数无重用可以看成是随机数部分
重用的两种情况:当重用的随机数个数为 0 时,随机数重用退化成随机数无重用;当重用的随机数个数为方案中
所有随机数时,随机数重用演化成随机数全重用.本文将随机数重用的概念丰富到另一种更常见的情况——随
机数部分重用,研究了安全重用部分随机数的相关理论,将该理论应用到基于格的多接收方签密中,首次构造了
一个基于格的可证明安全的 PRRU-MM-MR 签密方案.与直接构造方式相比,该方案的计算开销得到一定的节
约,密文量节约了近 25%.本文的工作为构造多接收方签密方案提供了一种通用方法,即:先构造或选定一个可
再生的标准签密方案;然后再借鉴定义 5 的方法,基于标准签密方案构造相应的部分随机数重用的多接收方签
密方案.另外,本文的方法不仅限于签密,也可适用于签名或者加密的情况.

References:
[1] Hastad J. Solving simultaneous modular equations of low degree. SIAM Journal on Computing, 1988,17(2):336341.
[2] Baudron O, Pointcheval D, Stern J. Extended notions of security for multicast public key cryptosystems. In: Proc. of the Int’l
Colloquium on Automata, Languages, and Programming. Berlin, Heidelberg: Springer-Verlag, 2000. 499511.
[3] Bellare M, Boldyreva A, Micali S. Public-key encryption in a multi-user setting: Security proofs and improvements. In: Proc. of the
Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg: Springer-Verlag, 2000. 259274.
[4] Kurosawa K. Multi-recipient public-key encryption with shortened ciphertext. In: Proc. of the Int’l Workshop on Public Key
Cryptography. Berlin, Heidelberg: Springer-Verlag, 2002. 4863.
[5] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. on Information Theory,
1985,31(4):469472.
[6] Cramer R, Shoup V. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Proc. of the
Annual Int’l Cryptology Conf. Berlin, Heidelberg: Springer-Verlag, 1998. 1325.
[7] Bellare M, Boldyreva A, Staddon J. Randomness re-use in multi-recipient encryption schemeas. In: Proc. of the Int’l Workshop on
Public Key Cryptography. Berlin, Heidelberg: Springer-Verlag, 2003. 8599.
[8] Bellare M, Boldyreva A, Kurosawa K, et al. Multirecipient encryption schemes: How to save on bandwidth and computation
without sacrificing security. IEEE Trans. on Information Theory, 2007,53(11):39273943.
[9] Wei P, Zheng Y, Wang W. Multi-recipient encryption in heterogeneous setting. In: Proc. of the Int’l Conf. on Information Security
Practice and Experience. Cham: Springer-Verlag, 2014. 462480.
[10] Hajiabadi M, Kapron BM. Reproducible circularly secure bit encryption: Applications and realizations. Journal of Cryptology,
2017,30(4):11871237.
[11] Zhang J, Ou P. Privacy-preserving multi-receiver certificateless broadcast encryption scheme with de-duplication. Sensors, 2019,
19(15):3370.
[12] Cheng H, Li X, Qian H, et al. CCA secure multi-recipient KEM from LPN. In: Proc. of the Int’l Conf. on Information and
Communications Security. Cham: Springer-Verlag, 2018. 513529.
[13] Zheng Y. Digital signcryption or how to achieve cost (signature &encryption) ≪ cost (signature)+ cost (encryption). In: Proc. of
the Annual Int’l Cryptology Conference. Berlin, Heidelberg: Springer-Verlag, 1997. 165179.
[14] Han Y, Gui X. Adaptive secure multicast in wireless networks. Int’l Journal of Communication Systems, 2009,22(9):12131239.

275 276 277 278 279 280 281 282 283 284 285