| In recent years,with the rapid development of information technology,the issues of information security are becoming increasingly significant.The applications of cryptography have become widespread along with the increasing importance on privacy protection and data security.In a cryptosystem,participants may perform encryption and decryption operations frequently by using keys,which causes a certain probability of key exposure.Therefore,in a general cryptosystem,the problem of key exposure is inevitable.Key-insulated cryptosystem is one of the effective methods to resist key exposure.In a key-insulated cryptosystem,the system lifetime is divided into N time periods.The users' public keys remain unchanged during the whole system lifetime,but their private keys are updated with the time periods alternately.In order to capture the security of the private keys' updating,each user is equipped with a unique helper,which is a physically secure but capacity-limited device called helper.The users can update their private keys only by interacting with their unique helpers.In this thesis,we show the design philosophy and mechanism of the key-insulated cryptosystem by investigating the related works.Then,we proposed two specific key-insulated encryption(KIE)schemes based on proxy re-encryption(PRE)and certificateless encryption(CLE)respectively.The contributions of this thesis are as follows:1.This thesis investigated the related works on the key-insulated cryptosystem and analyzed its internal design mechanism.Specifically,we showed the formal definition,security model and security properties of the key-insulated cryptosystem.Furthermore,we studied the internal design philosophy by analyzing some typical key-insulted encryption schemes.2.This thesis proposed a key-insulated proxy re-encryption scheme by introducing the attractive properties of KIE into proxy re-encryption cryptosystem.The problem of key exposure in PRE environment had not been solved so far,although there were many PRE schemes that had been presented.By integrating PRE and KIE,we proposed a key-insulated proxy re-encryption scheme for data sharing in a cloud environment.Moreover,we assessed its system model,security and efficiency.3.This thesis presented a multi-helper based certificateless key-insulated encryption scheme.By integrating the mechanism of multi-helper,CLE and KIE,the scheme not only avoided the problem of certificate management and the key escrow,but also further reduced the possibility of key exposure in the general key-insulated cryptosystem.It had a stronger key insulation capability.In addition,this thesis also utilized the provable security theory to analyze the security of the proposed scheme and showed the performance comparison with the related works. |
PDF Full Text Request