摘要
格式保留加密具有加密后数据格式和数据长度不变的特点,不会破坏数据格式约束,从而降低改造数据格式的成本。分析现有敏感信息格式保留加密方案,均基于对称加密体制,存在密钥传输安全性低和密钥管理成本较高等问题。提出了身份密码环境下基于格式保留的敏感信息加密方案,与现有的格式保留加密方案相比,通信双方不需要传递密钥,通过密钥派生函数来生成加密密钥和解密密钥,利用混合加密的方式提高了敏感信息传输的安全性。并且证明了该方案满足基于身份的伪随机置换安全,在适应性选择明文攻击下具有密文不可区分性。
Format preserving encryption has the characteristics of unchanged data format and data length after encryption,and does not destroy the data format constraints,thereby reducing the cost of modifying the data format.The existing format preserving encryption schemes for sensitive information are based on the symmetric encryption system,which has problems such as low key transmission security and high key management cost.This paper proposes a format preserving encryption scheme for sensitive information in identity cryptosystems.Compared with the existing format preserving encryption schemes,the two parties do not need to transmit a key,and the key derivation function is used to generate an encryption key and a decryption key.The use of hybrid encryption improves the security of sensitive information transmission.It is proved that the scheme satisfies the security of identity-based pseudo-random permutation.At the same time,the scheme has cipher text indistinguishability under adaptive selective plaintext attack.
作者
张玉磊
骆广萍
张永洁
张雪微
刘祥震
王彩芬
ZHANG Yu-lei;LUO Guang-ping;ZHANG Yong-jie;ZHANG Xue-wei;LIU Xiang-zhen;WANG Cai-fen(College of Computer Science and Engineering,Northwest Normal University,Lanzhou 730070;Gansu Health Vocational College,Lanzhou 730000;Shenzhen Technology University,Shenzhen 518000,China)
出处
《计算机工程与科学》
CSCD
北大核心
2020年第2期236-240,共5页
Computer Engineering & Science
基金
国家自然科学基金(61662069)
甘肃省高等学校科研项目(2017A-003,2018A-207)。
关键词
格式保留加密
敏感信息
基于身份
密钥派生
混合加密
format preserving encryption
sensitive information
identity-based
key derivation
hybrid encryption