Abstract
SM9 is a Chinese cryptography standard that defines a set of identity-based cryptographic schemes from pairings. Although the SM9 key agreement protocol and the SM9 encryption scheme have been used for years, there is no public available security analysis of these two schemes. In this paper, we formally analyze the security of these two schemes in the random oracle model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Bentahar, K., Farshim, P., Malone-Lee, J., Smart, N.P.: Generic constructions of identity-based and certificateless KEMs. J. Cryptol. 21, 178–199 (2008)
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024447
Boneh, D., Boyen, X.: Efficient Selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_14
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Chatterjee, S., Menezes, A.: On cryptographic protocols employing asymmetric pairings - the role of \(\psi \) revisited. Discret. Appl. Math. 159, 1311–1322 (2011)
Chen, L., Cheng, Z.: Security proof of Sakai-Kasahara’s identity-based encryption scheme. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 442–459. Springer, Heidelberg (2005). https://doi.org/10.1007/11586821_29
Chen, L., Cheng, Z., Smart, N.: Identity-based key agreement protocols from pairings. Int. J. Inf. Secur. 6, 213–241 (2007)
Cheng, Z., Chen, L.: On security proof of McCullagh-Barreto’s key agreement protocol and its variants. Int. J. Secur. Netw. 2, 251–259 (2007). Special Issue on Cryptography in Networks
Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33, 167–226 (2003)
Galbraith, S., Hess, F., Vercauteren, F.: Aspects of pairing inversion. IEEE Trans. Inf. Theory 54(12), 5719–5728 (2008)
Galbraith, S., Paterson, K., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156, 3113–3121 (2008)
GM/T 0044–2016. Identity-based cryptographic algorithms SM9 (2016)
ISO/IEC. Information technology - Secruity techniques - Key management - Part 3: Mechanisms using asymmetric techniques. ISO/IEC 11770–3:2015
ISO/IEC. Information technology - Secruity techniques - Digital signatures with appendix - Part 3: Discrete logarithm based mechanisms. ISO/IEC 14888–3:2018
ISO/IEC. Information technology - Security techniques - Cryptographic techniques based on elliptic curves - Part 5: Elliptic curve generation. ISO/IEC 15946–5:2009
ISO/IEC. Information technology - Security techniques - Encryption algorithms - Part 2: Asymmetric ciphers. ISO/IEC 18033–2:2006
ISO/IEC. Information technology - Security techniques - Encryption algorithms - Part 5: Identity-based ciphers. ISO/IEC 18033–5:2015
Lee, E., Lee, H., Park, C.: Efficient and generalized pairing computation on abelian varieties. IEEE Trans. Inf. Theory 55, 1793–1803 (2009)
Vercauteren, F.: Optimal pairings. IEEE Trans. Inf. Theory 56(11), 455–461 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A   Proof of Lemma 1
A   Proof of Lemma 1
Proof:
If there is a polynomial time algorithm \(\mathcal {A}\,\,\)to solve the (\(\tau \)-1)-BCAA1\(_{i,2}\) problem, we can construct a polynomial time algorithm \(\mathcal {B}\,\,\)to solve the \(\tau \)-BDHI\(_2\) problem as follows. Given an instance of the \(\tau \)-BDHI\(_2\) problem
\(\mathcal {B}\,\,\)works as follows to compute \(\hat{e}(P_1,P_2)^{1/x}\).
-
1.
Randomly choose different \(h_0,\ldots ,h_{\tau -1}\in \mathbb {Z}_{r}^{*}\). Let f(z) be the polynomial
$$ f(z)=\prod _{a=1}^{\tau -1}(z+h_a)=\sum _{a=0}^{\tau -1}c_az^a. $$The constant term \(c_0\) is non-zero because \(h_a\)’s are different and \(c_i\) is computable from \(h_a\)’s.
-
2.
Set
$$ Q_2=\sum _{a=0}^{\tau -1} [c_ax^a]P_2=[f(x)]P_2, $$and
$$ [x]Q_2=\sum _{a=0}^{\tau -1} [c_{a}x^{a+1}]P_2=[xf(x)]P_2. $$ -
3.
Set
$$ f_b(z)=\frac{z-h_0}{z+h_b}f(z)=\sum _{a=0}^{\tau -1}d_a z^a, $$and compute
$$ [\frac{x-h_0}{x+h_b}]Q_2 =[\frac{x-h_0}{x+h_b}f(x)]P_2=[f_b(x)]P_2=\sum _{a=0}^{\tau -1}[d_ax^a]P_2 $$for \(1\le b\le \tau -1\).
-
4.
Set \(Q_1=\psi (Q_2)\) and pass the following instance of the (\(\tau \)-1)-BCAA1\(_{i,2}\) problem to \(\mathcal {A}\,\,\)
$$ (Q_1, Q_2, \psi ([x-h_0]Q_2), h_0, (h_1\!+\!h_0, [\frac{x-h_0}{x+h_1}]Q_2), \ldots , (h_{\tau -1}\!+\!h_0, [\frac{x-h_0}{x+h_{\tau -1}}]Q_2)) $$if \(i=1\), or
$$ (Q_1, Q_2, [x-h_0]Q_2, h_0, (h_1+h_0, [\frac{x-h_0}{x+h_1}]Q_2), \ldots , (h_{\tau -1}+h_0, [\frac{x-h_0}{x+h_{\tau -1}}]Q_2)) $$to get
$$ T=\hat{e}(Q_1,Q_2)^{\frac{x-h_0}{x}}=\hat{e}(Q_1,Q_2)\cdot \hat{e}(Q_1,Q_2)^{-h_0/x}. $$ -
5.
Note that
$$ [\frac{1}{x}](Q_2-[c_0]P_2)=[\frac{1}{x}]([f(x)]P_2-[c_0]P_2)=\sum _{a=1}^{\tau -1}[c_ax^{a-1}]P_2. $$Set
$$ T'=\sum _{a=1}^{\tau -1}[c_ax^{a-1}]P_2=[\frac{f(x)-c_0}{x}]P_2. $$Then,
$$ T_0=\hat{e}(\psi (T'),Q_2+[c_0]P_2)=\hat{e}([f(x)-c_0]P_1,Q_2+[c_0]P_2)^{1/x} $$$$ =\,\hat{e}(Q_1, Q_2)^{1/x}\cdot \hat{e}(P_1, P_2)^{-c_0^2/x}. $$Finally, compute
$$ \hat{e}(P_1,P_2)^{1/x}=((T/\hat{e}(Q_1,Q_2))^{-1/h_0}/T_0)^{1/c_0^2}. $$\(\square \)
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Cheng, Z. (2019). Security Analysis of SM9 Key Agreement and Encryption. In: Guo, F., Huang, X., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2018. Lecture Notes in Computer Science(), vol 11449. Springer, Cham. https://doi.org/10.1007/978-3-030-14234-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-14234-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-14233-9
Online ISBN: 978-3-030-14234-6
eBook Packages: Computer ScienceComputer Science (R0)