中文摘要：

基于身份加密（Identity-Based Encryption，IBE）方案中，用户公钥直接由用户身份得到，可以避免公钥基础设施（Public Key Infrastructure，PKI）系统的证书管理负担。但IBE存在密钥托管问题，即私钥生成器（Private Key Generator，PKG）能够解密用户密文或泄漏用户私钥，而现有解决方案一般需要安全信道传输私钥，且存在用户身份认证开销大或不能彻底解决密钥托管问题的缺陷。该文提出一种安全可追责的基于身份加密方案，即SA—IBE方案，用户原私钥由PKG颁发，然后由多个密钥隐私机构并行地加固私钥隐私，使得各机构无法获取用户私钥，也不能单独解密用户密文；设计了高效可追责的单点PKG认证方案；并采用遮蔽技术取消了传输私钥的安全信道。文中基于标准的Diffie—Hellman假设证明了SA—IBE方案的安全性、解决密钥托管问题的有效性以及身份认证的可追责性。

英文摘要：

In an Identity-Based Encryption （IBE） scheme, an user＇s public key can be derived from his identity directly, which eliminates the cost of the certificate management in Public Key Infrastructure （PKI） systems. However, the IBE has the key escrow issue, that is, the trusted Private Key Generator （PKG）, can decrypt the users＇ ciphertexts and leak their secret keys. To solve this issue, most existing schemes either can only solve part of the key escrow problem, or need a secure key distribution channel and complicated identification schemes causing great performance cost. This paper proposes a Secure and Accountable Identity-Based Encryption （SA-IBE） scheme, in which user＇s initial secret key is issued by the PKG, and then its privacy is consolidated parallel by multiple Key Privacy Authorities （KPAs）, so that no single authority can get the user＇s secret key or message. In addition, an efficient and accountable single PKG identification scheme is designed, and the blinding technique is used to remove the secure channel for the key distribution. Based on the standard Diffie-Hellman assumption, it is proved that SA-IBE can efficiently address the key escrow issue while ensures its security and the accountability of the system identification.