基于多随机信号流的密钥生成方案

基于随机信号流的密钥生成方案会在合法发送方发送随机信号时泄露部分共享随机源信息导致密钥安全性和可达密钥速率较低。针对此问题,该文提出一种基于多随机信号流的密钥生成方案。首先,发送方利用信道互易性和上行导频估计下行信道,然后发送方在各天线上发送相互独立的随机信号流。由于窃听者难以准确估计所有随机信号流,因此难以窃取接收方每根天线接收到的叠加随机信号,而发送方则可根据估计的下行信道和自身发送的随机信号流计算出接收方各天线的接收信号。因此,可以将接收天线上的叠加随机信号作为共享随机源提取密钥。进一步地,该文还推导了该方案的可达密钥速率和共享随机源的互信息量表达式,并分析了两者间的关系以及对密钥安全性的影响。最后,通过仿真验证了该方案的有效性,仿真结果表明该方案能够有效降低窃听者观察到的共享随机源互信息,从而提升可达密钥速率及密钥安全性。     

Linking information reconciliation and privacy amplification

Information reconciliation allows two parties knowing correlated random variables, such as a noisy version of the partner's random bit string, to agree on a shared string. Privacy amplification allows two parties sharing a partially secret string about which an opponent has some partial information, to distill a shorter but almost completely secret key by communicating only over an insecure channel, as long as an upper bound on the opponent’s knowledge about the string is known. The relation between these two techniques has not been well understood. In particular, it is important to understand the effect of side-information, obtained by the opponent through an initial reconciliation step, on the size of the secret key that can be distilled safely by subsequent privacy amplification. The purpose of this paper is to provide the missing link between these techniques by presenting bounds on the reduction of the Rényi entropy of a random variable induced by side-information. We show that, except with negligible probability, each bit of side-information reduces the size of the key that can be safely distilled by at most two bits. Moreover, in the important special case of side-information and raw key data generated by many independent repetitions of a random experiment, each bit of side-information reduces the size of the secret key by only about one bit. The results have applications in unconditionally secure key agreement protocols and in quantum cryptography. This research was supported by the Swiss National Science Foundation. A preliminary version of this paper was presented at Eurocrypt '94, May 9–12, Perugia, Italy.     

基于连续变量的经典-量子信息共信道同传系统拉曼散射影响分析

经典-量子共信道同传是量子保密通信关键应用技术之一,其能够解决当前量子信息与经典信息需不同光纤分别传输的难点问题,可显著降低应用成本。本文针对基于波分复用技术的连续变量量子密钥与经典信息同传的方案,定量分析了系统拉曼散射噪声特性,在前向和后向两种不同经典信息传输模式下,仿真对比研究了拉曼散射噪声对系统安全密钥率的影响。结果表明：经典信息采用前向传输模式时系统安全密钥率明显大于后向传输模式;在固定信道输入功率时,短距离通信时拉曼散射噪声对安全密钥率的影响较小,随距离的增长,拉曼噪声影响不可忽略;在固定通信距离时,在一定数值范围内的额外噪声对系统的安全密钥率影响较小,在L=50km时,此数值为0.07N0 。     

Some improved bounds on the information rate of perfect secret sharing schemes

In this paper we study secret sharing schemes for access structures based on graphs. A secret sharing scheme enables a secret key to be shared among a set of participants by distributing partial information called shares. Suppose we desire that some specified pairs of participants be able to compute the key. This gives rise in a natural way to a graphG which contains these specified pairs as its edges. The secret sharing scheme is calledperfect if a pair of participants corresponding to a nonedge ofG can obtain no information regarding the key. Such a perfect secret sharing scheme can be constructed for any graph. In this paper we study the information rate of these schemes, which measures how much information is being distributed as shares compared with the size of the secret key. We give several constructions for secret sharing schemes that have a higher information rate than previously known schemes. We prove the general result that, for any graphG having maximum degreed, there is a perfect secret sharing scheme realizingG in which the information rate is at least 2/(d+3). This improves the best previous general bound by a factor of almost two. The work of E. F. Brickell was performed at the Sandia National Laboratories and was supported by the U.S. Department of Energy under Contract Number DE-AC04-76DP00789. The research of D. R. Stinson was supported by NSERC Operating Grant A9287 and by the Center for Communication and Information Science, University of Nebraska.     

Secure implementation of identification systems

In this paper we demonstrate that widely known identification systems, such as the public-file-based Feige-Fiat-Shamir scheme, can be insecure if proper care is not taken with their implementation. We suggest possible solutions. On the other hand, identity-based versions of the Feige-Fiat-Shamir scheme are conceptually more complicated than necessary.Gilles Brassard's research is supported in part by Canada's NSERC. A part of this research was done while Yvo Desmedt was sponsored by NFWO (the Belgian NSF). A later part was done while he was visiting professor at the Département IRO, Université de Montréal. A part of his research is now supported by NSF Grants NCR-9004879 and NCR-9106327. This research was done while Jean-Jacques Quisquater was at the late Philips Research Laboratory, Belgium. Parts of this research were presented at Crypto '86, Crypto '87, and Securicom '88.     

Optimal Randomizer Efficiency in the Bounded-Storage Model

In the bounded-storage model for information-theoretically secure encryption and key-agreement one can prove the security of a cipher based on the sole assumption that the adversarys storage capacity is bounded, say by $s$ bits, even if her computational power is unlimited. Assume that a random $t$-bit string $R$ is either publicly available (e.g., the signal of a deep-space radio source) or broadcast by one of the legitimate parties. If $s < t$, the adversary can store only partial information about $R$. The legitimate sender Alice and receiver Bob, sharing a short secret key $K$ initially, can therefore potentially generate a very long $n$-bit one-time pad $X$ with $n\gg|K|$ about which the adversary has essentially no information. All \looseness = –1 previous results in the bounded-storage model were partial or far from optimal, for one of the following reasons: either the secret key $K$ had to be longer than the derived one-time pad ($n < |K|$), or $t$ had to be extremely large ($t > ns$), or the adversary was assumed to be able to store only $s$ actual bits of $R$ rather than arbitrary $s$ bits of information about $R$, or the adversary received a non-negligible amount of information about $X$. In this paper we prove the first non-restricted security result in the bounded-storage model: $K$ is short, $X$ is very long, and $t$ needs to be only moderately larger than $s + n$. In fact, $s/t$ can be arbitrarily close to $1$ and hence the storage bound is essentially optimal. The security can be proved also if $R$ is not uniformly random, provided that the min-entropy of $R$ is sufficiently greater than $s$.     

Analysis of Wireless CSMA/CA Network Using Single Station Superposition (SSS)

In this paper we introduce an analytical model to calculate the performance of the wireless LAN MAC protocol – known as Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) – taking into consideration the random exponential back off algorithm. The effects of changing the arrival rates and the number of users on normalized throughput and packet delay are demonstrated Furthermore, the effects of varying the back-off algorithm parameters – such as the number of retrials on a packet transmission before discarding it – on the throughput and delay are investigated.     

一种新的基于纠缠交换的量子秘密共享协议

分析了基于纠缠交换的量子秘密共享(QSS)协议的不安全性,提出了一种新的基于纠缠交换的QSS协议.所有的纠缠态都由发送方制备,并且随机改变发送给同一个代理两个粒子的相对顺序.接收方收到粒子后,如果是检测模式,发送方公布两个粒子的相对顺序,双方进行窃听检测;如果是信息模式,两个接收方分别对各自收到的两个粒子进行联合测量,...     

基于四粒子纠缠态的量子秘密共享方案

基于2个不同的四粒子纠缠态分别提出了三方、四方量子秘密共享方案,其中采用的秘密信息是一个相同的未知两粒子纠缠态。在量子秘密共享方案中发送者对所拥有的粒子实施适当的Bell态（或GHZ态）测量,发送者和合作者通过经典通讯把测量结果告知信息接收者,接收者在其他合作者的协助下通过实施相应的量子操作完成对初始量子态信息的重构。对所提出的2个方案进行了讨论和比较,发现四方量子秘密共享方案的安全性更加可靠。     

基于d维Bell纠缠态的量子安全直接通信方案

为提高昌燕等提出的量子安全直接通信的通信效率和安全性,设计了基于d维Bell纠缠态的量子安全直接通信方案.通信前发送方(Alice)对d维Bell态粒子进行幺正变换来编码秘密信息,将变换后的d维Bell态粒子二序列发送给接收方(Bob),利用通信双方各自的POVM测量结果和Bell态粒子的纠缠特性,结合部分经典信息实现秘密消息的传输.采用熵理论、概率论分析协议的安全性,结果表明提出方案是安全的,且比昌燕等提出方案的传输效率高,窃听探测率也提高了11％.