CN-116055189-B - Short public parameter identity base agent re-encryption method based on LWE problem

Abstract

The invention discloses a short public parameter identity base proxy re-encryption method based on LWE (LWE) problem, which is characterized in that a trapdoor matrix, namely a short base on a grid, is generated through a simpler and efficient trapdoor generation algorithm and is used as a main private key MSK, an identity sequence with a bit length of l is divided into l' =l/beta blocks through a blocking technology, the number of public parameters is reduced, the sizes of the main private key and the public parameters are reduced, the calculation complexity of the public parameters is reduced, the calculation efficiency is improved, and the storage cost is reduced. The invention meets the self-adaptive IND-ID-CPA security under the standard model, has unidirectionality and limited multi-hop property, and can resist collusion attack.

Inventors

• ZHANG KEYUAN
• WANG LICHENG
• LIU YUAN
• LI LIXIANG

Assignees

• 北京邮电大学

Dates

Publication Date

20260512

Application Date

20230131

Claims (1)

1. 1. The short public parameter identity base agent re-encryption method based on the LWE problem is characterized in that an identity base agent re-encryption scheme is constructed under a standard model based on a judgment LWE difficult assumption, a trapdoor matrix is generated through a trapdoor generation algorithm and is used as a main private key MSK; The blocking method is specifically that the identity id is a string with l bits, namely Dividing id into l' segments, i.e Wherein Is that A string of bits; The identity-based agent re-encryption scheme comprises the following steps: s1, setup (l n ) inputting a safety parameter n and other parameters m, q, l, k, and performing the following steps: (1) Using trapdoor generation algorithm Generating a matrix Trapdoor ; (2) Uniformly randomly selecting l' +1 matrixes And ; (3) Uniformly and randomly selecting a matrix ; (4) Outputting common parameters And a master private key ; S2, keyGen (PP, MSK, id) inputs public parameter PP, main private key MSK and identity And the following steps are carried out: (1) Order the ; (2) Using left sampling algorithm Extracting user private key And meet the following ; (3) Outputting user private key ; S3, enc (PP, id, m) input public parameter PP, identity Sum message And the following steps are carried out: (1) Order the ; (2) Uniform random selection vector ; (3) From the slave Medium uniform random selection Individual matrix Order-making ; (4) Selecting noise vectors And And calculate ; (5) Message of order And (3) calculating: ; (6) Output ciphertext ; S4, reKeyGen (PP, id A , id B , S A ) input public parameters PP, identities id A and id B and private key S A , and perform the following steps: (1) Selecting two noise matrices And ; (2) Uniformly and randomly selecting a matrix ; (3) Computing re-encryption keys ; (4) Outputting a re-encryption key ; S5, reEnc (RK A→B , c A ) inputting a re-encryption key RK A→B and a ciphertext c A of user A, and performing the following steps: (1) Computing ciphertext of user B ; (2) Outputting ciphertext c B of user B; S6, dec (c id , S id ) is to input ciphertext c id and user private key S id , and to perform the following steps: (1) Calculating plaintext For the following If (3) Order in principle Otherwise, let ; (2) Outputting plaintext 。

Description

Short public parameter identity base agent re-encryption method based on LWE problem Technical Field The invention relates to the technical field of network data security, in particular to a short public parameter identity-based proxy re-encryption method based on an LWE problem. Background The proxy re-encryption technology is a convenient and quick method for safely sharing data, and can enable a data sender to share the data to a receiver without encrypting and decrypting information, enable a third party to directly convert the data into ciphertext which can be decrypted by another receiver or multiple receivers through a re-encryption key, and enable the third party not to know any plaintext information of the converted ciphertext in the conversion process. The agent re-encryption has important application in the cloud computing environment, and the security and privacy of data in an open network are ensured. The identity-based proxy re-encryption technology directly uses the identity (unique identification feature) of the user as a public key without using a certificate, thus simplifying the key management based on the certificate in public key infrastructure (PKI, public Key Infrastructure) and having the characteristic of matching the identity information with the public key. The scheme generally has the following 6 steps: (1) Setup (1 n) is to input a security parameter n and output a public parameter PP and a master private key MSK; (2) Key Gen (PP, MSK, id) inputs public parameter PP, main private key MSK and user identity id, outputs private key Sid of user id; (3) Enc (PP, id, m) inputs public parameter PP, user identity id and message m, outputs ciphertext cid; (4)ReKeyGen(PP,id1,id2, ) Inputting public parameters PP, user identities id1, id2 and user private key Outputting a re-encryption key (5)ReEncInputting re-encryption keysAnd ciphertext of user id1Ciphertext of output user id2 (6) Dec (cid, sid), ciphertext cid of user id and private key Sid are input, and plaintext m is output. In 2016, kunwar et al first proposed an LWE-based identity-based proxy re-encryption scheme under a random prediction model in paper Lattice based identity based proxy re-encryption scheme, where the re-encryption key is structured as ska→b=ska-SKB, and has no unidirectional property. Then Kunwar et al in paper Lattice based identity based unidirectional proxy re-encryption scheme constructed an identity-based proxy re-encryption scheme with trapdoor functions in which two private keys are generated for each user, one for decryption and the other for re-encryption key generation, but this scheme is not resistant to collusion attacks. In 2016, jiang et al in the paper "Lattice-based multi-use unidirectional proxy re-encryption" proposed a multi-hop unidirectional LWE-based proxy re-encryption scheme, where re-encryption key generation does not interact with any user, can resist collusion attacks, but does not have IND-ID-CPA security. In 2019, jiang et al proposed an identity-based Proxy Re-encryption on LATTICE IN THE STANDARD Model under a standard Model in paper EFFICIENT IDENTITY-based Proxy Re-encryption on LATTICE IN THE STANDARD Model, but the scheme was based on the idea in Kunwar et al paper Lattice based identity based unidirectional Proxy Re-encryption scheme to construct a Re-encryption key without unidirectionality. In 2021 Wu et al in paper "IB-VPRE:adaptively secure identity-based proxy re-encryption scheme from LWE with re-encryption verifiability" proposed an adaptively secure verifiable identity-based proxy re-encryption scheme based on LWE problem, but the scheme had the problem of excessive public parameter and trapdoor storage overhead. In view of the existing identity-based agent re-encryption scheme based on fault tolerant learning (LEARNING WITH error, LWE) problems, mostly based on a random predictive model, the problems of no unidirectionality, no collusion attack resistance, no IND-ID-CPA security, overlarge public parameters and trapdoor storage overhead and the like exist, and therefore a new identity-based agent re-encryption method needs to be designed to solve the problems. Disclosure of Invention Aiming at the defects of the prior art, the invention provides a short public parameter identity-based proxy re-encryption method based on the LWE problem. In order to achieve the above object, the present invention provides the following technical solutions: A short public parameter identity base agent re-encryption method based on LWE problem is characterized by constructing an identity base agent re-encryption scheme under a standard model based on a deterministic LWE difficult assumption, wherein a trapdoor matrix is generated through a trapdoor generation algorithm and is used as a main private key MSK, and an identity sequence with l bit length is divided into l' =l/beta blocks through a blocking technology. Further, the blocking method is specifically that the identity id is a stri