Study On Public Key Cryptosystem Based On Multilinear Maps

With the rapid development of information technology, information security has become one of the biggest concerns in the information society. Cryptography plays an important role in information security, and its continued development provides the necessary theoretical basis and key technologies. As the generation of bilinear pairings cryptography, the multilinear maps cryptosystem with the unique structure has a broad application prospects in public key cryptography, and it has become one of the hotspots of the current public-key cryptography research. In this dissertation, we carry out an in-depth research into the design of pubic key cryptography schemes based on multilinear maps and their security. The main contents and contributions are as follows:1. The construction of multi-reciever public key encryption(MRPKE) is studied from multilinear maps. A multi-reciever public key encryption system consists of a sender and multiple recipients, in which both the sender and recipient have their own public and private keys. The sender can encrypt the messages by using their own private key and the public keys of the recipients, while any authorized recipient can decrypt ciphertext and get messages. First, we propose a new MRPKE scheme by using the structural characteristics of multilinear maps while in the standard model its security is proved under the chosen plaintext attack. Then, since the security of the current identity-based MPRKE scheme is proved in the random oracle model, we construct a new identity-based MPRKE scheme by using the programmable hash functions based on multilinear maps without random oracle, and prove its security under the multilinear decisional Diffie-Hellman secure assumption.2. The ring signature based on multilinear maps is studied. In a ring signature, any member in the ring can sign on behalf of the whole ring. As a result, the verifier is convinced that this signature is from a ring in which the signer is a member, but it is hard to know which member in the ring actually generates the signature. First, we propose a new ring signature by using full domain hash from multilinear maps in the standard model, which satisfies the unforgeability under the chosen message attack and unconditional anonymity. Meanwhile, the proposed ring signature is further extended to the identity-based cryptography, and we construct a new identity-based ring signature with the random oracle, which satisfies not only the unforgeability under the chosen sub-ring attack and chosen message attack, but the unconditional anonymity.3. The attribute-based signature(ABS) based on multilinear maps is studied. Compared with the ring signature, the ABS can provide a more extensive access policy in addition to considering the unforgeability and anonymity. In an ABS for circuits, the user can deploy information in accordance with any desired access policy. By using the two-to-one recoding mechanism from multilinear maps, we construct a novel attribute-based signature for the general circuits. In the selective security model, the proposed scheme holds the unforgeability and privacy. Compared with the existing ABS for circuits from multilinear maps, although the amount of the private keys of internal circuit in the new proposed scheme has not decreased, the private key generation and circuit calculation process are simplified.4. On the basis of multi-reciever public key encryption and ring signature studies, we design the multi-reciever ring signcryption(MRRSC) based on multilinear maps. Ring signcryption is a special signcryption which holds the anonymous property of ring signature, so it is also known as anonymous signcryption. A novel MRRSC scheme based on multilinear maps is proposed, and it is proved that in the random oracle model the proposed scheme has the confidentiality, unforgeability and unconditional anonymity. Compared with the existing MRRSC scheme from multilinear maps, the number of levels required in the proposed scheme is fewer, and consequently the size of public parameters, the length of ciphertext and the number of pairing operations are reduced considerably. Finally, we implement the proposed MRRSC scheme by using the existing multilinear map instances, such as GGH-MRRSC and Gu-Map1-MRRSC. Meanwhile, the performance of the scheme is analyzed in details.