KR101727691B1 - Server and system for identity-based revocation - Google Patents

Server and system for identity-based revocation Download PDF

Info

Publication number
KR101727691B1
KR101727691B1 KR1020150173472A KR20150173472A KR101727691B1 KR 101727691 B1 KR101727691 B1 KR 101727691B1 KR 1020150173472 A KR1020150173472 A KR 1020150173472A KR 20150173472 A KR20150173472 A KR 20150173472A KR 101727691 B1 KR101727691 B1 KR 101727691B1
Authority
KR
South Korea
Prior art keywords
key
user
encryption
private key
server
Prior art date
Application number
KR1020150173472A
Other languages
Korean (ko)
Inventor
엄지은
이광수
Original Assignee
고려대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 고려대학교 산학협력단 filed Critical 고려대학교 산학협력단
Priority to KR1020150173472A priority Critical patent/KR101727691B1/en
Application granted granted Critical
Publication of KR101727691B1 publication Critical patent/KR101727691B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed is a password server for implementing an ID based recipient restriction encryption technique. The password server comprises: a setup part generating a master key and a public parameter by using a security constant and the depth of a binary tree; and a key generation part generating a private key for a user and transmitting the private key to a terminal of the user. The password server can support an unlimited number of users and provide higher security.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to an ID-

An embodiment according to the concept of the present invention relates to an ID based receiver limit cipher server and system, and more particularly, to a receiver limit cipher server and system capable of generating a ciphertext by designating a receiver in a broadcast environment.

Conventionally, a receiver limited cryptosystem (revocation system) is known. In particular, Public-Key Revocation (PKR) system based on public key is a variant of Public-Key Broadcast Encryption (PKBE) based on a set of users whose ciphertext is excluded from the receiver do. In other words, each user has his / her public key / private key, and the cipher text is generated so that only the users other than those having a specific public key can decrypt it. Similar to public key based broadcast cryptography, it combines the complete subtree (CS) / subset difference (SD) scheme with identity-based ciphers, hierarchical identity-based ciphers, Techniques can be designed. An Identity-based Revocation (IBR) system is a variant of Identity-based Broadcast Encryption (IBBE) that is created for a set of users whose ciphertext is excluded from the recipient.

However, the existing receiver limited cryptosystem limits the maximum number of users of the system. To support infinitely many devices in the Internet of Things (IoT) environment, there should be no limit on the number of system users.

In addition, although the proof is proved in a strong assumption such as q-type assumption, in case of q-type assumption, the size of q depends on the attacker's ability. It is easy to see that the safety of the technique is lowered. On the other hand, since the standard / simple assumption is not affected by the conditions occurring in the proof model, but depends only on the security parameters, .

In addition, most of the existing technologies have been proved to be safe in a random oracle model. Such a proof can be said to be theoretically safe, but it does not directly reflect the safety in reality.

Korean Patent No. 10-1533950 Korean Patent No. 10-1533422

D. Naor, M. Naor and J. Lotspiech, "Revocation and tracing schemes for stateless receivers ", Proceedings of the CRYPTO 2001, Vol.2139 of LNCS, pp. 41-62, Feb. 2001.

SUMMARY OF THE INVENTION It is an object of the present invention to provide an efficient ID-based receiver limit crypto server and system capable of supporting an infinite number of users and providing higher safety.

The encryption server according to an embodiment of the present invention includes a security constant

Figure 112015119720943-pat00001
) And a binary tree
Figure 112015119720943-pat00002
) Depth
Figure 112015119720943-pat00003
) To the master key (
Figure 112015119720943-pat00004
) And an open parameter (
Figure 112015119720943-pat00005
) And a user ' s private key < RTI ID = 0.0 >
Figure 112015119720943-pat00006
), And the private key (
Figure 112015119720943-pat00007
) To the user's terminal.

In the case of the ID based receiver limit cipher server and system according to the embodiment of the present invention, the receiver limit cipher scheme can be implemented for an infinite number of users.

In addition, because it is proven in the standard / simple assumption, it can provide higher security than existing technologies, and it can be proved safe in a model without random Oracle, so it can be guaranteed realistic security.

Further, since the public parameters used in the present invention are small in size and efficient in decoding operation, the present invention can be easily applied to a mobile device with a small amount of resources.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to more fully understand the drawings recited in the detailed description of the present invention, a detailed description of each drawing is provided.
1 is a conceptual diagram for explaining an encryption method according to an embodiment of the present invention.
2 shows an encryption system according to an embodiment of the present invention.
3 is a functional block diagram of the encryption server shown in FIG.

It is to be understood that the specific structural or functional description of embodiments of the present invention disclosed herein is for illustrative purposes only and is not intended to limit the scope of the inventive concept But may be embodied in many different forms and is not limited to the embodiments set forth herein.

The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that it is not intended to limit the embodiments according to the concepts of the present invention to the particular forms disclosed, but includes all modifications, equivalents, or alternatives falling within the spirit and scope of the invention.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element, The component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like are used to specify that there are features, numbers, steps, operations, elements, parts or combinations thereof described herein, But do not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings attached hereto. Prior to describing the present invention in detail, the background art will be described as follows.

<Bilinear Map>

Figure 112015119720943-pat00008
Wow
Figure 112015119720943-pat00009
Is a prime number
Figure 112015119720943-pat00010
If a group is a circulating group, the function satisfying the following three properties
Figure 112015119720943-pat00011
Is called a folded linear function.

1) Bilinearity: arbitrary

Figure 112015119720943-pat00012
Wow
Figure 112015119720943-pat00013
about
Figure 112015119720943-pat00014
.

2) Non-degeneracy:

Figure 112015119720943-pat00015
Asleep
Figure 112015119720943-pat00016
Lt; / RTI &gt;

3) Computability:

Figure 112015119720943-pat00017
about
Figure 112015119720943-pat00018
There is an efficient algorithm to calculate

<Decisional Bilinear Diffie Hellman assumption>

Gastric count

Figure 112015119720943-pat00019
Two multiplicative cyclic groups such as
Figure 112015119720943-pat00020
Wow
Figure 112015119720943-pat00021
And a folded linear function
Figure 112015119720943-pat00022
When there is
Figure 112015119720943-pat00023
To
Figure 112015119720943-pat00024
Let's say you're a generator. At this time,
Figure 112015119720943-pat00025
With a non-negligible probability within the polynomial time for
Figure 112015119720943-pat00026
If there is no attacker able to determine the DBDH problem is defined as difficult to solve.

<SD (Subset Difference) Technique>

The SD scheme refers to a technique for selecting only leaf nodes except for a certain number of leaf nodes of a binary tree. The Setup, Assign, Cover, , And Match (Match).

Binary tree

Figure 112015119720943-pat00027
Each node of
Figure 112015119720943-pat00028
Let's say. depth
Figure 112015119720943-pat00029
From the root node
Figure 112015119720943-pat00030
Means the length of the path or path up to the node and the depth of the root node
Figure 112015119720943-pat00031
Is zero.
Figure 112015119720943-pat00032
The
Figure 112015119720943-pat00033
Is a subtree having root as a root,
Figure 112015119720943-pat00034
end
Figure 112015119720943-pat00035
When the node is a descendant of &lt; RTI ID = 0.0 &gt;
Figure 112015119720943-pat00036
Gt;
Figure 112015119720943-pat00037
. In other words,
Figure 112015119720943-pat00038
Except for the child nodes of
Figure 112015119720943-pat00039
Quot; node &quot;
Figure 112015119720943-pat00040
The
Figure 112015119720943-pat00041
Quot; leaf nodes &quot; of &lt; / RTI &gt;
Figure 112015119720943-pat00042
The
Figure 112015119720943-pat00043
Of the leaf node. In other words,
Figure 112015119720943-pat00044
to be.
Figure 112015119720943-pat00045
To
Figure 112015119720943-pat00046
Let's say a fixed label of. You can assign 0 (left node) or 1 (right node) to each node,
Figure 112015119720943-pat00047
The labels assigned to the nodes on the path up to &lt; RTI ID = 0.0 &gt;
Figure 112015119720943-pat00048
Can be generated.

In the setup algorithm,

Figure 112015119720943-pat00049
And each user is assigned to a leaf node.

In the assignment algorithm, a private set corresponding to the user node

Figure 112015119720943-pat00050
. Specifically, all nodes on the path from the root node to the user-assigned node
Figure 112015119720943-pat00051
Wow
Figure 112015119720943-pat00052
, And the subset
Figure 112015119720943-pat00053
.

In the cover algorithm,

Figure 112015119720943-pat00054
. A node that is revoked or one step higher node
Figure 112015119720943-pat00055
And an uppermost node on the path including the corresponding node, which does not include another excluded node as a lower node,
Figure 112015119720943-pat00056
. At this time,
Figure 112015119720943-pat00057
Excluded from
Figure 112015119720943-pat00058
The value of
Figure 112015119720943-pat00059
.

In the match algorithm,

Figure 112015119720943-pat00060
And a secret set
Figure 112015119720943-pat00061
in
Figure 112015119720943-pat00062
,
Figure 112015119720943-pat00063
, And
Figure 112015119720943-pat00064
A subset satisfying
Figure 112015119720943-pat00065
Wow
Figure 112015119720943-pat00066
. If there is a subset that satisfies the condition, the user is not included in the exclusion list, otherwise the user is included in the exclusion list.

&Lt; Broadcast Encryption (BE) >

A symmetric key-based broadcast cryptosystem is a scheme that generates and transmits a ciphertext to a plurality of sets of users rather than a single user in a trust authority. A typical example is Naor et al. Using a binary subtree (CS) and a subset difference (SD) technique. Public-Key Broadcast Encryption (PKBE) is a technique in which a non-trusting user generates a cipher text for a set of users using a public key of each user. Identity-based Broadcast Encryption (IBBE) is a technique that does not limit the number of users participating in the system by using the public key in the PKBE as the user's ID.

Further details of the SD technique and the broadcast cryptographic technique described above can be found in D. Naor, M. Naor and J. Lotspiech, "Revocation and tracing schemes for stateless receivers (Proceedings of the CRYPTO 2001, Vol.2139 of LNCS, pp. 41-62, Feb. 2001.) "can be referred to.

<Revocation System>

Public-Key Revocation (PKR) system is a variant of PKBE that is generated for a set of users whose ciphertext is excluded from the recipient. In other words, each user has his / her public key / private key, and the cipher text is generated so that only the users other than those having a specific public key can decrypt it. Similar to public key-based broadcast cryptography, we can design a PKR scheme by combining CS / SD with ID-based cryptography (IBE), hierarchical ID-based cryptography (HIBE), and SRE techniques. Identity-based Revocation (IBR) The Identity-based Revocation (IBR) system is a variation of IBBE that generates a set of identities for users whose ciphertexts are excluded from the recipient.

In the present invention, a Single Revocation Encryption (SRE) scheme, which is more secure than a conventional scheme (which can be proved in a weak assumption), is designed first, and an ID based recipient- -based revocation, IBR). Hereinafter, the SRE technique and the IBR technique will be described in detail.

First, a detailed description of the SRE technique is as follows.

A cipher text generation method capable of decrypting only the remaining users except for one user in the group,

Figure 112015119720943-pat00067
And revoked member labels
Figure 112015119720943-pat00068
Lt; / RTI &gt;
Figure 112015119720943-pat00069
The
Figure 112015119720943-pat00070
and
Figure 112015119720943-pat00071
The ciphertext can be decrypted. This technique can be extended to design a receiver-restricted cryptosystem that restricts the decryption of multiple users. The SRE technique consists of a setup step, a key generation step, an encryption step, and a decryption step.

In the setup step (SRE.Setup), a security parameter

Figure 112015119720943-pat00072
As the input,
Figure 112015119720943-pat00073
In-line linear group
Figure 112015119720943-pat00074
And the generation source
Figure 112015119720943-pat00075
. At this time,
Figure 112015119720943-pat00076
The size of
Figure 112015119720943-pat00077
to be. Any index
Figure 112015119720943-pat00078
And hash function
Figure 112015119720943-pat00079
, And any element
Figure 112015119720943-pat00080
And the master key
Figure 112015119720943-pat00081
And disclosure parameters
Figure 112015119720943-pat00082
Is output as follows.

Figure 112015119720943-pat00083

Master key

Figure 112015119720943-pat00084
Lt; RTI ID = 0.0 &gt;
Figure 112015119720943-pat00085
Is open to the public.

In the key generation step SRE.GenKey,

Figure 112015119720943-pat00086
And the master key
Figure 112015119720943-pat00087
, And open parameters
Figure 112015119720943-pat00088
As an input,
Figure 112015119720943-pat00089
Private key for
Figure 112015119720943-pat00090
Is output as follows.

Figure 112015119720943-pat00091

Private key

Figure 112015119720943-pat00092
Is securely issued to the user.

In the encryption step (SRE.Encrypt)

Figure 112015119720943-pat00093
And messages
Figure 112015119720943-pat00094
, And open parameters
Figure 112015119720943-pat00095
As an input,
Figure 112015119720943-pat00096
For ciphertext
Figure 112015119720943-pat00097
Is output as follows.

Figure 112015119720943-pat00098

In the decryption step (SRE.Decrypt), a cipher text

Figure 112015119720943-pat00099
And private key
Figure 112015119720943-pat00100
, And open parameters
Figure 112015119720943-pat00101
As an input,
Figure 112015119720943-pat00102
, The following operation is performed to determine whether the message
Figure 112015119720943-pat00103
. If the condition is not satisfied
Figure 112015119720943-pat00104
.

Figure 112015119720943-pat00105

The accuracy of SRE can be confirmed by the following formula.

Figure 112015119720943-pat00106

The above-described SRE technique is safe for selective plaintext attacks in the selective safety model under the assumption of a simple assumption (Decisional Bilinear Diffie Hellman). Based on the above technique, it is possible to design a technique that can demonstrate safety in a full model using the technique of Dual System Encryption based on the synthetic number group, and CHK (Ran Canetti, Shai Halevi, and Jonathan Katz ) Transformation techniques can be used to modify the technique to be secure against selective cipher attacks and to prove its safety.

A detailed description of the IBR technique is as follows.

SD scheme and Symmetric Key Encryption (SKE) scheme as a primitive for designing IBR scheme are defined as SD = (SD.Setup, SD.Assign, SD.Cover, SD.Match) and SKE = SKE.Gen, SKE.Enc, SKE.Dec). The IBR scheme consists of a setup step (IBR.Setup), a key generation step (IBR.GenKey), an encryption step (IBR.Encrypt) and a decryption step (IBR.Decrypt). Hereinafter, a conceptual diagram for explaining an encryption method according to an embodiment of the present invention will be described with reference to FIG.

In the setup phase (IBR.Setup), the security constant

Figure 112015119720943-pat00107
And binary tree
Figure 112015119720943-pat00108
Depth of
Figure 112015119720943-pat00109
As input
Figure 112015119720943-pat00110
A binary tree from an algorithm
Figure 112015119720943-pat00111
Lt; / RTI &gt;
Figure 112015119720943-pat00112
From the algorithm,
Figure 112015119720943-pat00113
And the first disclosure parameter
Figure 112015119720943-pat00114
. IBR master key
Figure 112015119720943-pat00115
And stored securely, and the disclosure parameter
Figure 112015119720943-pat00116
.

In the key generation step IBR.GenKey,

Figure 112015119720943-pat00117
And master keys
Figure 112015119720943-pat00118
, And open parameters
Figure 112015119720943-pat00119
As an input,
Figure 112015119720943-pat00120
A secret set from an algorithm
Figure 112015119720943-pat00121
. At this time,
Figure 112015119720943-pat00122
And the labels of the leaf nodes match, each user is assigned to the corresponding leaf node. bracket
Figure 112015119720943-pat00123
About
Figure 112015119720943-pat00124
Is extracted
Figure 112015119720943-pat00125
From an algorithm
Figure 112015119720943-pat00126
Key for
Figure 112015119720943-pat00127
. here
Figure 112015119720943-pat00128
Label
Figure 112015119720943-pat00129
&Lt; / RTI &gt;
Figure 112015119720943-pat00130
. Finally, the user's private key
Figure 112015119720943-pat00131
.

In the encryption phase (IBR.Encrypt), first,

Figure 112015119720943-pat00132
And messages
Figure 112015119720943-pat00133
, And open parameters
Figure 112015119720943-pat00134
As input
Figure 112015119720943-pat00135
Covering set from algorithm
Figure 112015119720943-pat00136
. Session key
Figure 112015119720943-pat00137
Is selected, and each
Figure 112015119720943-pat00138
About
Figure 112015119720943-pat00139
Is extracted
Figure 112015119720943-pat00140
Label from algorithm
Figure 112015119720943-pat00141
And session key
Figure 112015119720943-pat00142
Ciphertext for
Figure 112015119720943-pat00143
. And
Figure 112015119720943-pat00144
Messages from the algorithm
Figure 112015119720943-pat00145
Ciphertext for
Figure 112015119720943-pat00146
. Finally,
Figure 112015119720943-pat00147
.

In the decryption step (IBR.Decrypt), a cipher text

Figure 112015119720943-pat00148
And private key
Figure 112015119720943-pat00149
, And open parameters
Figure 112015119720943-pat00150
As input
Figure 112015119720943-pat00151
If
Figure 112015119720943-pat00152
Matching tuples from an algorithm
Figure 112015119720943-pat00153
To find
Figure 112015119720943-pat00154
From the algorithm to the session key
Figure 112015119720943-pat00155
, Otherwise
Figure 112015119720943-pat00156
. Finally
Figure 112015119720943-pat00157
Messages from the algorithm
Figure 112015119720943-pat00158
And outputs the decoded data.

Figure 2 illustrates an encryption system in accordance with an embodiment of the present invention.

1 and 2, a cryptographic system 10 applicable to a broadcast environment includes a cryptographic server 100, at least one transmitting terminal 300, and a plurality of receiving terminals 500.

The encryption server 100, which may be called a key generation server or a key management server, performs a setup step (or a setup algorithm)

Figure 112015119720943-pat00159
And disclosure parameters
Figure 112015119720943-pat00160
And generates the generated public parameters
Figure 112015119720943-pat00161
. In addition, the password server 100 performs a key generation step (or a key generation algorithm)
Figure 112015119720943-pat00162
And generates the generated private key
Figure 112015119720943-pat00163
To the receiving terminal 500, which is the terminal of the user.

The transmitting terminal 300 performs an encryption step (or an encryption algorithm)

Figure 112015119720943-pat00164
And generates the generated ciphertext
Figure 112015119720943-pat00165
To each of the plurality of receiving terminals (500). That is, the transmitting terminal 300 transmits a cipher text
Figure 112015119720943-pat00166
Can be &lt; / RTI &gt;

Each of the plurality of receiving terminals 500 performs a decryption step (or a decryption algorithm) to transmit the cipher text received from the transmitting terminal 300

Figure 112015119720943-pat00167
Can be decoded. That is, each of the plurality of receiving terminals 500 receives the private key
Figure 112015119720943-pat00168
, A cipher text received from the transmitting terminal
Figure 112015119720943-pat00169
, And the disclosure parameter
Figure 112015119720943-pat00170
The ciphertext
Figure 112015119720943-pat00171
Can be decoded. At this time, among the plurality of receiving terminals 500,
Figure 112015119720943-pat00172
The terminals not included in the cipher text
Figure 112015119720943-pat00173
Can be successfully decoded, but the set of excluded users
Figure 112015119720943-pat00174
The terminals included in the cipher text
Figure 112015119720943-pat00175
Can not be decoded.

FIG. 3 shows the encryption server shown in FIG. 2. FIG.

1 to 3, the encryption server 100 includes a setup unit 110 and a key generation unit 130.

The setup unit 110 performs a setup step (or a setup algorithm)

Figure 112015119720943-pat00176
, Master key
Figure 112015119720943-pat00177
, And the disclosure parameter
Figure 112015119720943-pat00178
Lt; RTI ID = 0.0 &gt;
Figure 112015119720943-pat00179
. The generated master key
Figure 112015119720943-pat00180
Can be safely stored. Since the specific operation of the setup unit 110 has been described in detail above, the description thereof will be omitted.

The key generation unit 130 performs a key generation step (or a key generation algorithm)

Figure 112015119720943-pat00181
Lt; / RTI &gt; The key generation unit 130 generates the generated private key
Figure 112015119720943-pat00182
To the user's terminal. Since the specific operation of the key generating unit 130 has been described in detail in the foregoing, description thereof will be omitted.

Each of the configurations of the encryption server 100 shown in FIG. 3 represents functions and logically separable, and does not necessarily mean that each configuration is divided into separate physical devices or written in separate codes The average expert in the field of the invention will readily be able to deduce.

Also, in this specification, "part" may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and does not necessarily mean a physically connected code or a kind of hardware.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: Cryptographic system
100: Password server
110: Setup section
130:
300: transmitting terminal
500: receiving terminal

Claims (8)

delete delete delete delete 1. A cryptosystem comprising a cryptographic server and a transmitting terminal,
The encryption server comprises:
Security Constants (
Figure 112017019052504-pat00271
) And a binary tree
Figure 112017019052504-pat00272
) Depth
Figure 112017019052504-pat00273
) To the master key (
Figure 112017019052504-pat00274
) And an open parameter (
Figure 112017019052504-pat00275
); And
The user's private key (
Figure 112017019052504-pat00276
), And the private key (
Figure 112017019052504-pat00277
To the user's terminal,
The transmitting terminal may include a set of users excluded from the receiver
Figure 112017019052504-pat00230
), message(
Figure 112017019052504-pat00231
), And the disclosure parameters (
Figure 112017019052504-pat00232
) To generate a cipher text (
Figure 112017019052504-pat00233
),
The transmitting terminal includes:
The user set (
Figure 112017019052504-pat00278
), The message
Figure 112017019052504-pat00279
), And the disclosure parameters (
Figure 112017019052504-pat00280
(Subset difference) scheme with the input
Figure 112017019052504-pat00281
), The covering set (
Figure 112017019052504-pat00282
),
The session key (
Figure 112017019052504-pat00283
) Is selected,
bracket
Figure 112017019052504-pat00284
Label for (
Figure 112017019052504-pat00285
) Is extracted,
The first encryption algorithm (
Figure 112017019052504-pat00286
) To label (
Figure 112017019052504-pat00287
) And the session key (
Figure 112017019052504-pat00288
) &Lt; / RTI &gt;
Figure 112017019052504-pat00289
),
The second encryption algorithm (
Figure 112017019052504-pat00290
) &Lt; / RTI &gt;
Figure 112017019052504-pat00291
The second cipher text (
Figure 112017019052504-pat00292
),
The ciphertext defined by equation (3)
Figure 112017019052504-pat00293
),
Equation (3)
Figure 112017019052504-pat00294
sign,
Cryptographic system. delete 6. The method of claim 5,
The first encryption algorithm is a process of encrypting the input label (
Figure 112017019052504-pat00251
), The session key (
Figure 112017019052504-pat00252
), And the disclosure parameters (
Figure 112017019052504-pat00295
The first public parameter &lt; RTI ID = 0.0 &gt;
Figure 112017019052504-pat00253
) To obtain an arbitrary index (
Figure 112017019052504-pat00254
The first ciphertext (
Figure 112017019052504-pat00255
),
Wherein the second encryption algorithm is an encryption algorithm of a symmetric key encryption scheme,
Cryptographic system. 6. The method of claim 5,
And transmitting the ciphertext (
Figure 112015119720943-pat00256
) From the encryption server, and transmits the private key
Figure 112015119720943-pat00257
), And the private key
Figure 112015119720943-pat00258
) And the disclosure parameter (
Figure 112015119720943-pat00259
) Using the cipher text (
Figure 112015119720943-pat00260
Further comprising a terminal of the user for decrypting the encrypted data.
KR1020150173472A 2015-12-07 2015-12-07 Server and system for identity-based revocation KR101727691B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150173472A KR101727691B1 (en) 2015-12-07 2015-12-07 Server and system for identity-based revocation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150173472A KR101727691B1 (en) 2015-12-07 2015-12-07 Server and system for identity-based revocation

Publications (1)

Publication Number Publication Date
KR101727691B1 true KR101727691B1 (en) 2017-04-19

Family

ID=58705997

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150173472A KR101727691B1 (en) 2015-12-07 2015-12-07 Server and system for identity-based revocation

Country Status (1)

Country Link
KR (1) KR101727691B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20210073390A (en) 2019-12-10 2021-06-18 국방과학연구소 Method for Constructing for Revocable Identity Based Encryption with Subset Difference Methods

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101533422B1 (en) * 2013-06-21 2015-07-10 고려대학교 산학협력단 Broadcast encryption method and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101533422B1 (en) * 2013-06-21 2015-07-10 고려대학교 산학협력단 Broadcast encryption method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20210073390A (en) 2019-12-10 2021-06-18 국방과학연구소 Method for Constructing for Revocable Identity Based Encryption with Subset Difference Methods

Similar Documents

Publication Publication Date Title
Wei et al. Secure data sharing in cloud computing using revocable-storage identity-based encryption
US8290146B2 (en) Ciphertext generating apparatus, cryptographic communication system, and group parameter generating apparatus
US9992177B2 (en) Method and system for modifying an authenticated and/or encrypted message
KR20060095077A (en) The hierarchial threshold tree-based broadcast encryption method
US10411885B2 (en) Method and system for group-oriented encryption and decryption with selection and exclusion functions
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
KR101516114B1 (en) Certificate-based proxy re-encryption method and its system
Bayat et al. A lightweight and efficient data sharing scheme for cloud computing
Karati et al. Provably secure threshold-based abe scheme without bilinear map
CN110784314A (en) Certificateless encrypted information processing method
KR101308023B1 (en) Broadcast encryption method for securing recipient privacy
JP5325755B2 (en) Ciphertext decryption authority delegation system, ciphertext decryption authority delegation method, ciphertext conversion apparatus, decryption authority holder apparatus, and ciphertext conversion program
KR101533422B1 (en) Broadcast encryption method and system
Luo et al. Hierarchical identity-based encryption without key delegation in decryption
Azaim et al. Design and implementation of encrypted SMS on Android smartphone combining ECDSA-ECDH and AES
KR101695361B1 (en) Terminology encryption method using paring calculation and secret key
Seo et al. Zigbee security for visitors in home automation using attribute based proxy re-encryption
Li et al. Mathematical model and framework of physical layer encryption for wireless communications
KR101727691B1 (en) Server and system for identity-based revocation
JP2005198189A (en) Key updating method, encryption system, encryption server, terminal device and external device
KR101373577B1 (en) Apparatus of id based dynamic threshold encryption and method thereof
Doshi An enhanced approach for CP-ABE with proxy re-encryption in IoT paradigm
Madhuravani et al. A novel secure authentication approach for wireless communication using chaotic maps
KR101793528B1 (en) Certificateless public key encryption system and receiving terminal
KR100388059B1 (en) Data encryption system and its method using asymmetric key encryption algorithm

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant