SM9 was established in 2016 as a Chinese ofcial identity-based cryptographic (IBC) standard, and became an ISO standard in 2021. It is well-known that IBC is suitable for Internet of Things (IoT) applications, since a...SM9 was established in 2016 as a Chinese ofcial identity-based cryptographic (IBC) standard, and became an ISO standard in 2021. It is well-known that IBC is suitable for Internet of Things (IoT) applications, since a centralized processing of client data (e.g. IoT cloud) is often done by gateways. However, due to limited computation resources inside IoT devices, the performance of SM9 becomes a bottleneck in practical usage. The existing SM9 implementa-tionsare often CPU-based, with relatively low latency and low throughput. Consequently, a pivotal challenge for SM9 in large-scale applications is how to reduce the latency while maximizing throughput for numerous concurrent inputs. After a systematic analysis of the SM9 algorithms, we apply optimization techniques including precomputa-tion,resource caching and parallelization to reduce the overhead of SM9. In this work, we introduce the frst prac-ticalimplementation of SM9 and its underlying SM9_P256 curve on GPU. Our GPU implementation combines multiple algorithms and low-level optimizations tailored for GPU’s single instruction, multiple threads architecture in order to achieve high throughput for SM9. Based on these, we propose GAPS, a high-performance Cryptog-raphyas a Service (CaaS) for SM9. GAPS adopts a heterogeneous computing architecture that fexibly schedules the inputs across two implementation platforms: a CPU for the low-latency processing of sporadic inputs, and a GPU for the high-throughput processing of batch inputs. According to our benchmark, GAPS only takes a few milliseconds to process a single SM9 request in idle mode. Moreover, when operating in its batch processing mode, GAPS can generate 2,038,071 private keys, 248,239 signatures or 238,001 ciphertexts per second. The results show that GAPS scales seamlessly across inputs of diferent sizes, preliminarily demonstrating the efcacy of our solution.展开更多
As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE ...As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE currently lacks revocation mechanism,which is vital for a real system.Worse still,we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE.Given the widespread use of SM9-IBE,an efficient and robust user revocation mechanism becomes an urgent issue.In this work,we propose a dedicated server-aided revocation mechanism,which for the first time achieves the secure,immediate and robust user revocation for SM9-IBE.Provided with a compact system model,the proposed method leverages an existing server to perform all heavy workloads during user revocation,thus leaving no communication and computation costs for the key generation center and users.Moreover,the mechanism supports key-exposure resistance,meaning the user revocation mechanism is robust even if the revocation key leaks.We then formally define and prove the security.At last,we present theoretical comparisons and an implementation in terms of computational latency and throughput.The results indicate the efficiency and practicability of the proposed mechanism.展开更多
As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE ...As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE currently lacks revocation mechanism,which is vital for a real system.Worse still,we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE.Given the widespread use of SM9-IBE,an efficient and robust user revocation mechanism becomes an urgent issue.In this work,we propose a dedicated server-aided revocation mechanism,which for the first time achieves the secure,immediate and robust user revocation for SM9-IBE.Provided with a compact system model,the proposed method leverages an existing server to perform all heavy workloads during user revocation,thus leaving no communication and computation costs for the key generation center and users.Moreover,the mechanism supports key-exposure resistance,meaning the user revocation mechanism is robust even if the revocation key leaks.We then formally define and prove the security.At last,we present theoretical comparisons and an implementation in terms of computational latency and throughput.The results indicate the efficiency and practicability of the proposed mechanism.展开更多
基金supported by National Natural Science Foundation of China(Nos.62172411,62172404,61972094,and 62202458).
文摘SM9 was established in 2016 as a Chinese ofcial identity-based cryptographic (IBC) standard, and became an ISO standard in 2021. It is well-known that IBC is suitable for Internet of Things (IoT) applications, since a centralized processing of client data (e.g. IoT cloud) is often done by gateways. However, due to limited computation resources inside IoT devices, the performance of SM9 becomes a bottleneck in practical usage. The existing SM9 implementa-tionsare often CPU-based, with relatively low latency and low throughput. Consequently, a pivotal challenge for SM9 in large-scale applications is how to reduce the latency while maximizing throughput for numerous concurrent inputs. After a systematic analysis of the SM9 algorithms, we apply optimization techniques including precomputa-tion,resource caching and parallelization to reduce the overhead of SM9. In this work, we introduce the frst prac-ticalimplementation of SM9 and its underlying SM9_P256 curve on GPU. Our GPU implementation combines multiple algorithms and low-level optimizations tailored for GPU’s single instruction, multiple threads architecture in order to achieve high throughput for SM9. Based on these, we propose GAPS, a high-performance Cryptog-raphyas a Service (CaaS) for SM9. GAPS adopts a heterogeneous computing architecture that fexibly schedules the inputs across two implementation platforms: a CPU for the low-latency processing of sporadic inputs, and a GPU for the high-throughput processing of batch inputs. According to our benchmark, GAPS only takes a few milliseconds to process a single SM9 request in idle mode. Moreover, when operating in its batch processing mode, GAPS can generate 2,038,071 private keys, 248,239 signatures or 238,001 ciphertexts per second. The results show that GAPS scales seamlessly across inputs of diferent sizes, preliminarily demonstrating the efcacy of our solution.
基金This work was partially supported by National Natural Science Foundation of China(Nos.61772520,61802392,61972094,61472416,61632020)Key Research and Development Project of Zhejiang Province(Nos.2017C01062,2020C01078)Beijing Municipal Science&Technology Commission(Project Number.Z191100007119007,Z191100007119002).
文摘As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE currently lacks revocation mechanism,which is vital for a real system.Worse still,we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE.Given the widespread use of SM9-IBE,an efficient and robust user revocation mechanism becomes an urgent issue.In this work,we propose a dedicated server-aided revocation mechanism,which for the first time achieves the secure,immediate and robust user revocation for SM9-IBE.Provided with a compact system model,the proposed method leverages an existing server to perform all heavy workloads during user revocation,thus leaving no communication and computation costs for the key generation center and users.Moreover,the mechanism supports key-exposure resistance,meaning the user revocation mechanism is robust even if the revocation key leaks.We then formally define and prove the security.At last,we present theoretical comparisons and an implementation in terms of computational latency and throughput.The results indicate the efficiency and practicability of the proposed mechanism.
基金partially supported by National Natural Science Foundation of China(Nos.61772520,61802392,61972094,61472416,61632020)Key Research and Development Project of Zhejiang Province(Nos.2017C01062,2020C01078)Beijing Municipal Science&Technology Commission(Project Number.Z191100007119007,Z191100007119002).
文摘As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO,SM9-IBE has been widely adopted in many real-world applications.However,similar to other IBE standard algorithms,SM9-IBE currently lacks revocation mechanism,which is vital for a real system.Worse still,we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE.Given the widespread use of SM9-IBE,an efficient and robust user revocation mechanism becomes an urgent issue.In this work,we propose a dedicated server-aided revocation mechanism,which for the first time achieves the secure,immediate and robust user revocation for SM9-IBE.Provided with a compact system model,the proposed method leverages an existing server to perform all heavy workloads during user revocation,thus leaving no communication and computation costs for the key generation center and users.Moreover,the mechanism supports key-exposure resistance,meaning the user revocation mechanism is robust even if the revocation key leaks.We then formally define and prove the security.At last,we present theoretical comparisons and an implementation in terms of computational latency and throughput.The results indicate the efficiency and practicability of the proposed mechanism.
