Litcius/Paper detail

Security analysis of uppercaseSM9 digital signature and key encapsulation

建昌 赖, 欣沂 黄, 德彪 何, 玮 伍

2021Scientia Sinica Informationis14 citationsDOI

Abstract

Security analysis provides strong guarantees and evidence for security cryptosystems. SM9 is an identity-based cryptosystem designed by China and has become a Chinese standard. The SM9 digital signature and encryption algorithm also became ISO/IEC International standards. However, there are few published research results on the security of SM9 cryptosystems. Based on Gap-$q$-BCAA1 assumption, Cheng gave the security analysis of SM9 key exchange protocol, key encapsulation and encryption algorithm in Inscrypt 2018. In this paper, we first give the formal security analysis for SM9 digital signature. Based on the $q$-SDH assumption, we prove that SM9 signature algorithm is EUF-CMIA secure. To eliminate the Gap assumption, we then use the technique of Twin-Hash-ElGamal to modify SM9 key encapsulation slightly without compromising its security and propose a new identity-based key encapsulation mechanism called Twin-SM9. Compared to SM9 key encapsulation, both the system public key and user private key contain one additional group element only and the ciphertext size remains the same. We prove that Twin-SM9 achieves IND-CCA security in the random oracle model based on the $q$-BDHI assumption. Our results clarify the security of SM9 and are useful for the design of SM9-based cryptosystems.

Topics & Concepts

Encapsulation (networking)Digital signatureKey encapsulationComputer securityComputer scienceKey (lock)Public-key cryptographyKey exchangeEncryptionHash functionCryptography and Residue ArithmeticCoding theory and cryptographyCryptography and Data Security
Security analysis of uppercaseSM9 digital signature and key encapsulation | Litcius