Research On Key Techniques Of Identity-based Cryptography System For Trustworthy Networks

Identity-based Cryptography(IBC)is an important means to implement authentication and authorization mechanism in network so as to guarantee network controllability and trustworthy networks construction.However,due to the need to rely on third-party to generate private keys for the users,the IBC is inherently with key escrow problem primarily which hinders the widespread adoption of the cryptographic scheme in practice.In addition,the key distribution problem is also a traditional problem in public key cryptography,and it is also necessary to implement an effective and secure key distribution scheme for IBC application.From a security point of view,it is indispensable to measure its ability to resist attacks while deploying a cryptography mechanism.In particular,it is necessary to analyze the formally provable security of the cryptographic mechanisms.In order to solve the above problems and implement the security mechanisms,this thesis focuses on the key escrow problem of hierarchical identity encryption mechanism and signature mechanism based on summarizing the existing works.The main results are as follows:1.A formally provable security hierarchical identity-based encryption system is proposed.This thesis proposes a trustworthy and secure HIBE mechanism named T-HIBE.It generates private keys in a hierarchical and distributed manner.By using the user blinding index,user private key index and PKG private key index,T-HIBE can achieve the trustworthy private key generation and secure private key distribution.Moreover,the T-HIBE system needs one single user authentication whose accountability is traceable.Based on the assumption of indiscernibility of mixed polynomials,we prove that the T-HIBE scheme has the IND-ID-CCA security.2.An escrow-free hierarchical identity-based signature model is proposed.This thesis proposes an EF-HIBS model,which divides the key escrow problem into the problem of PKG's abusing user's private key and the user's slandering PKG,and solves the two subproblems.According to the EF-HIBS model,this thesis implements a escrow-free hierarchical signature-signing scheme.In order to prove the security of the EF-HIBS model,we propose three attack game models,including EF-ID-CMA,EKA-IDCMA and EUS-ID-CMA.The full security of the EF-HIBS mechanism is demonstrated based on the standard CDH assumption.3.A hierarchical identity-based signature acceleration scheme is proposed.This thesis introduces the online/offline signature model,and proposes the hierarchical identity-based online/offline signature scheme HIBOOS,and the escrow-free hierarchical identity-based online/offline signature scheme EF-HIBOOS.For the two mechanisms,this thesis proposes the selective-identity and adaptive selection of message existence forged attack EF-sID-CMA and the selective-identity and adaptive selection message existence of user slander attack EUS-sID-CMA.We formally prove the security of the two mechanisms under the standard CDH assumption.4.The three hierarchical signature schemes proposed in this thesis are implemented and evaluated.In this thesis,EF-HIBS scheme,HIBOOS scheme and EF-HIBOOS scheme are implemented by using different bilinear pairing-based cryptographic libraries,and the computational cost of the signing and verification algorithms are analyzed and evaluated from theory and experiment.The evaluation results show that the escrow-free model proposed in this thesis can effectively solve the key escrow problem of the identity signature scheme,and the online/offline signature model can significantly improve the computational efficiency of the identity-based signing algorithm.