There is a great demand for publicly verifiable encryption in key escrow, optimistic fair exchange, publicly verifiable secret sharing and secure multiparty computation, but the current schemes are either chosen plaintext secure or chosen ciphertext secure in the random oracle model, which obviously are not secure enough to be applied in the complicated circumstances. Based on the analysis of the current schemes and application of the reality, this paper proposed a new publicly verifiable encryption scheme by combining the CS encryption scheme with the non-interactive zero knowledge proof protocol. The new scheme enabled any third party other than the sender and receiver to verify the validity of the ciphertext, but leaked no information about the message. Finally, without using the random oracle, the adaptively chosen ciphertext security of the scheme is proved in the standard model.%在密钥托管、电子公平交易、可公开分享和安全多方计算中,对可公开验证加密有广泛的应用需求,但是已有的可公开验证加密方案或者是选择明文安全的,或者是在随机预言机模下是选择密文安全的,显然不满足诸多复杂应用环境的安全需求.在对已有可公开验证方案的分析和现实应用需求的基础上,结合CS加密方案,利用非交互性零知识证明协议提出了一个新的可公开验证的加密方案,新方案使得除发送方和接收方外的任何第三方都可以验证密文的有效性,且不会泄露消息的其他任何信息.最后,相对于随机预言机模型,在标准模型下证明了新方案是适应性选择密文安全的.
展开▼
