At present, the concept of security in public key cryptography has been greatly expanded. Like the famous RSA public key cryptosystem, Rabin public key cryptosystem and ElGamal public key cryptosystem, they have been widely used. However, some public key cryptography algorithms are secure in theory, but not in practical application. Because in practical application, not only the algorithm itself needs mathematical security, but also the algorithm needs security in practical application. For example, according to different applications, public key encryption algorithms need to consider three types: plaintext security, non-adaptive ciphertext security and adaptive password security. Digital signature also needs to consider resisting non-message attacks and selective message attacks as needed. Therefore, in recent years, it can be proved that secure cryptography, as an important content of public key cryptography, is committed to this research.
Public key cryptography plays an important role in information security such as key agreement, digital signature and message authentication, and has become the core password. At present, the core subject of cryptography is mainly to study various provable security systems against various active attacks on the basis of combining specific network environment and improving operational efficiency. Among them, the research on ID-based cryptosystem and provable security model of cryptosystem attracts people's attention and has made important achievements so far. These achievements have a great impact on network security and information security. For example, public key infrastructure (PKI) will be more reasonable, making it ID-PKI. With the continuous improvement of cryptanalysis and attack means, the continuous improvement of computer operation speed and the increasing demand for cryptographic applications, it is urgent to develop cryptographic theory and innovate cryptographic algorithms.
At the International Conference on Information Security in 2004, Professor Cao Zhenfu, the first author of this paper, gave a keynote speech on "Some Problems in Cryptography", which also introduced the latest progress in cryptography. This represents the development direction of cryptography to varying degrees.
1. Online/offline encryption
Public key encryption enables both parties to exchange information securely on insecure channels. In the past few years, public key cryptography technology has greatly accelerated the application of the network. However, unlike symmetric cryptosystem, the execution efficiency of asymmetric cryptosystem can not meet the needs of speed well. Therefore, how to improve efficiency has become one of the key issues in public key cryptography.
Aiming at the efficiency problem, the concept of online/offline is put forward. Its main idea is to divide a cryptographic system into two stages: online execution stage and offline execution stage. In the offline execution stage, some time-consuming calculations can be performed in advance. In the online stage, perform some low-computational work.
2. Conic curve cryptography
Conic curve cryptography was first proposed by the first author in this paper in 1998. C.Schnorr thinks this is the most interesting cryptographic algorithm besides elliptic curve cryptography. Calculations on conic curves are simpler than those on elliptic curves. An exciting feature is that it is easy to encode and decode them. At the same time, we can also establish the cone group of module n and construct the cipher equivalent to the decomposition of large integers. Now it is known that when the order of the conic is the same as that of the elliptic curve, the discrete logarithm problem on the conic group is not easier than that of the elliptic curve. Therefore, conic cryptography has become an important research content in cryptography.
3. Proxy encryption
The proxy password includes proxy signature and proxy password system. Both of them provide proxy function, and provide proxy signature and proxy decryption function respectively.
At present, there are two important problems to be solved urgently in proxy password. One is to construct a proxy cryptosystem without conversion, which has been studied by the first author of this paper and scholars from Tsukuba University in Japan. The second is how to construct a reasonable provable security model of proxy cryptosystem, and give the proof of system security. Some researchers have begun to work in this field.
4. Key escrow problem
In modern secure communication, there are two contradictory requirements: one is to conduct secure communication between users, and the other is to supervise users' communication in order to resist cyber crimes and protect national security. Key escrow system is put forward to meet this demand. In the original key escrow system, the key of user communication will be managed by a master key escrow agent, and when it is legally authorized, the escrow agent can hand it over to the monitoring organization of go-vern-ment. However, this practice has obviously created a new problem: the listening organization of go-vern-ment can listen to the user's communication at will after obtaining the key, which is the so-called "once listening, always listening" problem. In addition, it is not advisable to "the user's key depends entirely on the trusted hosting institution" in this hosting system, because the hosting institution is trustworthy today, which does not mean that it will be trustworthy tomorrow.
In the key escrow system, the law enforcement access domain (LEAF) is an extra information block encrypted and stored by communication, which is used to ensure that legitimate government entities or authorized third parties can obtain clear communication messages. For a typical key escrow system, LEAF can be constructed by obtaining the decryption key of communication. In order to be more reasonable, we can divide the key into several key fragments, encrypt the key fragments with the public keys of different key escrow agents, and then threshold the encrypted key fragments. This can solve the problems of "once monitoring, always monitoring" and "the user's key depends entirely on the trusted trustee". Now, the research on this problem has produced the problem of constructing the security form of online information, and the general form of online information is defined by establishing the model of provable security information form.
5. Identity-based cryptography
Identity-based cryptography was proposed by Shamir in 1984. The main idea is that there is no need for certificates in the system, and the user's identity, such as name, IP address and email address, can be used as the public key. The user's private key is calculated by a trusted third party called PKG (private key generator). Identity-based digital signature scheme was obtained in Shamir at 1984. However, it was not until 200 1 that Boneh and others got Shamir's identity-based encryption scheme (IBE) by using bilinear pairing of elliptic curves. Before this, Cocks proposed a more traditional identity-based encryption scheme, but the efficiency was extremely low. At present, ID-based schemes include ID-based encryption system, ID-identifiable encryption and signcryption system, signature system, key agreement system, authentication system, threshold cryptosystem and hierarchical cryptosystem.
6. Multi-party key agreement problem
Key agreement is another basic problem in cryptography.
Diffie-Hellman protocol is a well-known protocol to establish session keys by exchanging messages on insecure channels. Its security is based on Diffie-Hellman discrete logarithm problem. However, the main problem of Diffie-Hellman protocol is that it cannot provide user authentication, so it cannot resist man-in-the-middle attacks.
At present, the existing key agreement protocols include two-party key agreement protocol, two-party non-interactive static key agreement protocol, two-round key agreement protocol, two-party verifiable key agreement protocol and three-party corresponding types of protocols.
How to design multi-party key agreement protocol? Is there a multivariate linear function (the generalization of bilinear pairs)? If it exists, we can construct a round of multi-party key agreement protocol based on multivariate linear function. Moreover, if this function exists, there will definitely be more password applications. However, until now, in cryptography, this problem is far from being solved. At present, some people have begun to do related research, and given some related applications and the direction of establishing this function, and given the reasons why this function must exist.
7. Provable security cryptography
At present, there are two widely accepted definitions of security in existing public key cryptosystems, namely semantic security and non-extended security. Semantic security, also known as Indifference Security (IND), was first proposed by Goldwasser and Micali in 1984, which means that the attacker is unable to obtain any information about plaintext from a given cipher text. The inextensibility of NM(NM) was put forward by Dolev, Dwork and Naor in 199 1, which means that the attacker can't establish the ciphertext of plaintext related to the meaning of plaintext from a given cipher text. On most interesting research issues, indistinguishable security and non-extended security are equivalent.
For schemes such as public key encryption and digital signature, we can establish corresponding security models. Under the corresponding security model, various required security features are defined. For the security of the model, the best method available at present is random prediction model (ROM). In recent years, provable security has become the focus of extensive research. As the name implies, it can prove the effectiveness of cryptographic algorithm design. Now, all emerging standard algorithms are widely accepted if they can be supported by some parameters that can prove their security. We know that a secure cryptographic algorithm ultimately depends on NP problem, and the real security proof is far from being realized. However, various security models and assumptions can explain the security of the proposed new scheme, and confirm that there is no error in the basic design according to relevant mathematical results.
The stochastic prediction model was put forward by Bellare and Rogaway in 1993 from the suggestion of Fiat and Shamir. It is a non-standardized calculation model. In this model, any concrete object, such as hash function, is regarded as a random object. It allows people to specify parameters to make corresponding calculations. Hash function is used as a predicted return value, and every new query will get a random response. The protocol uses an opponent as a subroutine of the program, but this subroutine conflicts with mathematical assumptions, such as the assumption that RSA is a one-way algorithm. Probability theory and technology are widely used in stochastic forecasting models.
However, the validity of the stochastic forecasting model is controversial. Because the hash function is deterministic, it is not always possible to return a random response. In 1998, Canetti et al. gave a digital signature system, which was proved to be secure in ROM model, but not in the case of random prediction model.
However, the random prediction model is very useful for analyzing many encryption and digital signature schemes. To some extent, it can guarantee that a scheme is defect-free.
However, without ROM, the problem of provable security is questionable and can not be ignored. Up to now, there is little research in this field.
There are many such problems in cryptography. At present, the development of cryptography is facing challenges and opportunities. The development of computer network communication technology and the arrival of the information age provide unprecedented opportunities for the development of cryptography. It is our pursuit to think creatively in cryptography theory, cryptography technology, cryptography protection and cryptography management to create a new era of cryptography development. /xxl/dzjg7.htm