We present a new scheme to remove key escrow from the hierarchical identity-based encryption (HIBE),based on the security notion of anonymous ciphertext indistinguishability against key generation center (ACI-KGC) proposed by Chow.In view of this,we firstly describe how to equip a modified framework in the HIBE system with the ACI-KGC security.The private key generator (PKG) and identity certificate authority (ICA) cooperate in an anonymous private key generation protocol,such that the PKG can issue a private key to a user authenticated by the ICA without knowing the list of users' identities.Then,we apply the proposed scheme to the HIBE system,and theoretical analysis shows that the scheme can provide better security and maintain the performance.%为解决基于身份加密的密钥托管问题,提出了一种针对密钥生成中心的密文不可区分性ACI-KGC的安全性的改进方案.该方案首先描述了如何改进架构,以达到ACI-KGC安全性.引入第三方信任机构ICA,通过匿名密钥生成协议联合生成用户私钥,在这一过程中,可以确保私钥生成器无法获知用户身份信息,从而无法伪造用户私钥.然后将改进的机制应用到现有的基于身份的分层加密方案中,并且分析证明,在保持性能的前提下达到了更好的安全性.
展开▼
