基於儲存限制模型的私密通訊系統

Abstract

在一般的公開金鑰系統中都是基於一些困難的計算假設上(如RSA assumption)。而限制儲存空間的模型(Bounded Storage Model)並不限制攻擊者的計算能力，它是假設限制攻擊者的儲存空間。而基於這種模型所設計出來的加密系統，如果攻擊者無法完全儲存在加密過程中所使用的隨機字串時，即使日後金鑰被洩露了，密文仍不會被解密，這樣的特性又稱為永久性的安全(Everlasting Security)。 在此我們應用了Lu在[10]中所用的證明，將Dziembowski跟Maurer 的方法[8]其安全性做了一個延伸，使其能夠抵擋動態攻擊(adaptive attack)，即使金鑰重覆的被使用，而系統仍是安全的。並利用訊息驗證的觀念來得到一個不可捏造(non-malleable)的加密系統。最後設計並模擬了一個基於儲存限制的訊息傳送系統，並分析我們所得到的效能。

In pulic-key cyptosystems are based on computational assumptions(i.e. RSA assumption). But there is no restirction of computational power in the bounded storage model. It just limited the adversary’s storage. We can construct a encryption scheme by using this model. If the adversry can’t store all the random bits which are used in the communication. Then he can’t decrypt the ciphertext, even he get the initial key after communication. This property is so called everlasting security. We apply the proof which was proposed by Lu[10] to extend the security of Dziembowski and Maurer’s scheme[8]. Then we make the security of DM’s scheme to against adaptive attack, even the same initial key is reused in communication. We also use the concept of message authentication to extend the scheme to get the non-malleable encryption system. Then we design a private communication system based on bounded storage model.