Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (10): 968-.

Previous Articles     Next Articles

Anonymous Identitybased Broadcast Encryption Scheme Based on SM9

Pan Xuan and Yan Fen   

  1. (College of Information Engineering, Yangzhou University, Yangzhou, Jiangsu 225127)
  • Online:2023-10-17 Published:2023-10-28



  1. (扬州大学信息工程学院江苏扬州225127)
  • 通讯作者: 严芬 副教授,硕士生导师.主要研究方向为网络与信息安全.
  • 作者简介:潘璇 硕士.主要研究方向为密码学. 严芬 副教授,硕士生导师.主要研究方向为网络与信息安全.

Abstract: Identitybased broadcast encryption combines broadcast encryption with identitybased encryption, which has the characteristics of broadcast encryption and avoids the certificate management work that consumes a lot of resources. In order to meet the strategic needs of autonomous and controllable cryptography technology in China, Lai Jianchang et al. designed an efficient identity broadcast encryption scheme based on China’s SM9 identitybased encryption algorithm for the first time, and gave INDsIDCPA security analysis. However, so far, there is still a lack of research on the anonymous identitybased broadcast encryption scheme based on SM9, which can effectively avoid data recipients having the ability to judge whether other recipients are legitimate. Therefore, drawing on the construction idea of generic anonymous identitybased broadcast encryption scheme proposed by He et al. and using the bilinear pair technique, the first anonymous identitybased broadcast encryption scheme with INDnIDCCA2 security and ANOIDCCA2 security under the random oracle model based on SM9 is designed, which is more easily integrated with current systems based on SM9 identity encryption algorithm. For the security of the designed scheme, the analysis process is given. Finally, the performance analysis shows that the scheme has good security and some desirable characteristics, that is, the length and computational cost of the main public key, the main private key and the receiver private key are constant, and the decryption computational cost is constant.

Key words: identity based broadcast encryption, anonymous, SM9, IND nID CCA2 security, ANO ID CCA2 security

摘要: 标识广播加密将广播加密与标识加密相结合,在具备广播加密特点的同时,避免了耗费大量资源的证书管理工作.为满足我国密码技术自主可控的战略需求,赖建昌等人首次设计了基于我国SM9标识加密算法的高效标识广播加密方案,并给出INDsIDCPA安全性分析.但目前为止,仍缺失基于SM9的匿名标识广播加密方案的研究,匿名标识广播加密能够有效避免数据接收者具备判断其他接收者是否合法的能力.因此,借鉴He等人的通用匿名标识广播加密方案的构造思想,利用双线性对技术,设计了第1个基于国密SM9的随机谕言模型下INDnIDCCA2安全和ANOIDCCA2安全的匿名标识广播加密方案.该方案更易与当前基于国密SM9标识加密算法的系统相融合.对于所设计方案的安全性给出分析过程.性能分析表明方案安全性较好且具备一定的理想特性,即方案主公钥、主私钥、接收者私钥的长度与计算成本恒定,解密计算成本恒定.

关键词: 标识广播加密, 匿名, SM9, IND nID CCA2安全, ANO ID CCA2安全

CLC Number: