一个完善的秘密分享方案

可验证秘密分享在实用密码学领域内是一个非常重要的工具,它在密钥管理协议、门限或分布式签名协议、电子商务、多方安全计算及团体式密码系统等许多方面都有极为广泛的应用。针对一类突发事务须及时、安全解决的特点, 利用离散对数问题的难解性,在假设初始化阶段和秘密恢复阶段始终有一位值得信赖的分发者参与的情况下,提出了一个可公开验证的门限秘密分享方案。     

Verifiable Distributed Oblivious Transfer and Mobile Agent Security

The mobile agent is a fundamental building block of the mobile computing paradigm. In mobile agent security, oblivious transfer (OT) from a trusted party can be used to protect the agent’s privacy and the hosts’ privacy. In this paper, we introduce a new cryptographic primitive called Verifiable Distributed Oblivious Transfer (VDOT), which allows us to replace a single trusted party with a group of threshold trusted servers. The design of VDOT uses a novel technique called consistency verification of encrypted secret shares. VDOT protects the privacy of both the sender and the receiver against malicious attacks of the servers. We also show the design of a system to apply VDOT to protect the privacy of mobile agents. Our design partitions an agent into the general portion and the security-sensitive portion. We also implement the key components of our system. As far as we know, this is the first effort to implement a system that protects the privacy of mobile agents. Our preliminary evaluation shows that protecting mobile agents not only is possible, but also can be implemented efficiently. This work was supported in part by the DoD University Research Initiative (URI) program administered by the Office of Naval Research under grant N00014-01-1-0795. Sheng Zhong was supported by ONR grant N00014-01-1-0795 and NSF grants ANI-0207399 and CCR-TC-0208972. Yang Richard Yang was supported in part by NSF grant ANI-0207399. A preliminary version of this paper was presented at the DialM-POMC Joint Workshop on Foundations of Mobile Computing in 2003. Sheng Zhong received his Ph.D. in computer science from Yale University in the year of 2004. He holds an assistant professor position at SUNY Buffalo and is currently on leave for postdoctoral research at the Center for Discrete Mathematics and Theoretical Computer Science (DIMACS). His research interests, on the practical side, are security and incentives in data mining, databases, and wireless networks. On the theoretical side, he is interested in cryptography and game theory. Yang Richard Yang is an Assistant Professor of Computer Science at Yale University. His research interests include computer networks, mobile computing, wireless networking, sensor networks, and network security. He leads the LAboratory of Networked Systems (LANS) at Yale. His recent awards include a Schlumberger Fellowship and a CAREER Award from the National Science Foundation. He received his B.E. degree from Tsinghua University (1993), and his M.S. and Ph.D. degrees from the University of Texas at Austin (1998 and 2001).     

Method for using the blockchain to protect data privacy of IoV

With the rapid development of the Internet of Things,vehicle industry is undergoing a rapid transformation from the early vehicle Ad-Hoc network to the Internet of Vehicles (IoV) in which massive vehicles and on-board smart devices can realize data sharing and interaction.However,this brings about a big challenge for the security of shared data in a huge volume containing a lot of user privacy,especially the issues of access control,trust and key escrow.To address these problems,we propose an efficient blockchain-based distributed data sharing method in IoV.In our scheme,blockchain transactions are utilized for trustworthily data storage and access as well as user revocation.To realize end device verification,we introduce certificateless cryptography for transaction verification of blockchain nodes and the ease of the key escrow problem.Moreover,we propose an efficient partial policy-hidden CP-ABE scheme for data fine-grained access control with efficient user revocation.Security analysis and experiments demonstrate that our scheme is secure,efficient and practical.     

实例依赖的可验证随机函数的高效构造*

实例依赖的可验证随机函数是由文献[1]提出的一个新的密码学概念,它也是构造高安全性的零知识协议（如可重置零知识论证系统）的一个强有力的工具,而这些高安全性的零知识协议在智能卡和电子商务中有着重要的潜在价值。基于非交互ZAP证明系统和random oracle模型中∑OR-协议,给出了实例依赖的可验证伪随机函数的两个高效的实现和相应的安全性证明,提升了这一工具的应用价值。     

基于多方排序协议的安全电子投票方案

与传统投票相比较, 电子投票拥有许多优势, 也存在重要的安全问题. 电子投票的全隐私性是评估投票方案安全的重要指标, 它是指对投票者的隐私保护和候选者的隐私保护, 特别是落选者的得票数的保护. 利用可验证秘密共享的思想提出了一个安全多方排序协议, 并将它运用到电子投票中, 设计了一个新的安全的电子投票协议, 本协议具有全隐私性.     

一种安全增强的无线Ad Hoc网络门限签名方案

在椭圆曲线可验证门限签名的基础上,结合Feldman可验证秘密共享和一种新型的可验证密钥重分派算法,提出一种具有前摄安全性、参数可调节的椭圆曲线可验证门限签名方案。该方案通过周期地在不同的访问结构中重新分派密钥分片,增强了签名密钥的安全性,同时使签名方案中的门限和签名服务器个数都可动态调整,增强了灵活性和可伸缩性。     

基于移动代理和密钥共享的发布/订阅系统的研究与设计

发布/订阅系统中信息的安全传输一直被忽视,一些保密的重要消息可能由于在传输过程中被人窃取而使得订阅者受到一定的损失.针对该问题,提出了一种基于移动代理的发布/订阅系统,该系统在传统的基于内容的发布/订阅系统中引入移动代理技术,从而有效地提高了系统的灵活性和可扩展性,使用可验证密钥共享算法能够进一步保证秘密信息的安全传输.最后,通过对各方面的性能分析,结果表明,该系统具备较高的安全性和灵活性.     

基于ECC可公开验证的多方秘密共享方案

通过结合椭圆曲线密码(ECC)和可公开验证秘密共享(PVSS),提出一种新的多方秘密共享方案.该方案不需要参与者之间存在秘密通道,通信在公共信道上进行,且认证过程是非交互的,除了能够有效防止管理者和参与者欺骗以外,还能够忍受管理者攻击,具有更好的安全性、鲁棒性和高效性.     

可验证的多等级门限多秘密共享方案

目前的多等级门限共享方案中,高等级用户的作用可以被若干个低等级用户联合取代,而多秘密门限共享方案中,所有秘密只能在同一级门限下共享。为克服这两个问题,利用Birkhoff插值法和离散对数的困难性,提出了一个可认证的多等级门限多秘密共享方案。该方案可以同时划分多个等级,而每级门限下可以共享多个秘密。每个参与者只需持有一个子秘密,方便管理与使用。     

一种适合云数据共享的身份代理重加密方案

目前云数据安全存储方案中,数据拥有者加密数据上传到云中,但却不能很好的支持加密数据分享,尤其是分享给多个用户时,可扩展性不强。针对这个问题本文提出一种基于身份的代理重加密方案,该方案不需要云完全可信但却又能灵活地进行数据安全共享。在具体构造上,结合基于身份的加密,用一个强不可伪造的一次签名方案使被转化后的密文具有公开验证性,且能达到被转化后的密文在标准模型下具有选择密文安全性。由于该类方案无需使用公钥证书、能支持细粒度的访问控制且可扩展性较好,因此可以较好的适用于安全云数据共享。