一种基于EPID的安全OA系统

文章对OA系统中存在的安全问题进行了讨论,引人了一种新的基于远程匿名身份认证EPID模式,它能通过保存设备拥有者私密信息的硬件设施进行身份鉴定。一个嵌入EPID私密的硬件设备可以向远程机构证实它的有效性,而不必暴露自己的身份和其他私密信息。可以撤消一个签名的EPID私钥,即使不知道密钥的身份。同时,把EPID和其它的一些方法进行了对比。     

A case study in the mechanical verification of fault tolerance

To date, there is little evidence that modular reasoning about fault-tolerant systems can simplify the verification process in practice. This question is studied using a prominent example from the fault tolerance literature: the problem of reliable broadcast in point-to-point networks subject to crash failures of processes. The experiences from this case study show how modular specification techniques and rigorous proof re-use can indeed help in such undertakings.     

零知识证明的新进展

本文介绍零知识证明方面的两个最新成果，多验证者的广播式证明协议（ＭＶＢＩＰ）与非交互式的知识的零知识证明（ＮＩＺＫＰＫ），给出它们的定义和主要结论，以及在密码体制设计中的应用。     

Simpler Reasoning About System Properties: a Proof-by-Refinement Technique

Proofs about system specifications are difficult to conduct, particularly for large specifications. Using abstraction and refinement, we propose a proof technique that simplifies these proofs. We apply the technique to Circus (a combination of Z and CSP) specifications of different complexities. Interestingly, all the proofs are conducted in Z, even those concerning reactive behaviour.     

Parallel programming: An axiomatic approach

This paper develops some ideas expounded in [1]. It distinguishes a number of ways of using parallelism, including disjoint processes, competition, cooperation, and communication. In each case an axiomatic proof rule is given.     

MP2P中的一种简单安全身份认证

本文介绍了一种应用于移动计算环境的P2P网络架构,即MP2P网络,该架构采用混合方式进行组网,能够使各移动终端之间通过自组织连接方式使用P2P技术进行通信。本文主要研究了采用单轮零知识证明方式进行身份认证,来实现移动计算环境中P2P网络的安全通信,并分析了与其相关的性能及效率。     

ElGamal数字签名的零知识证明

零知识证明是一种协议,ElGamal数字签名广泛应用.给出ElGamal签名的一个零知识证明的GMR模型,该模型计算量小,可靠性高,实现简单.     

On the communication complexity of zero-knowledge proofs

The fact that there are zero-knowledge proofs for all languages in NP (see [15], [6], and [5]) has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer “which languages in NP have zeroknowledge proofs” but rather “which languages in NP have practical zeroknowledge proofs.” Thus, the concrete complexity of zero-knowledge proofs for different languages must be established. In this paper we study the concrete complexity of the known general methods for constructing zero-knowledge proofs. We establish that circuit-based methods, which can be applied in either the GMR or the BCC model, have the potential of producing proofs which can be used in practice. Then we introduce several techniques which greatly reduce the concrete complexity of circuit-based proofs, and we show that these techniques lead to zero-knowledge proofs of knowledge. Finally, we show how to combine the techniques of Kilian, Micali, and Ostrovsky, for designing zero-knowledge proofs with only two envelopes, with some of our techniques for reducing the number of bits which the prover must commit to. Supported in part by NSA Grant No. MDA90488-H-2006. Supported in part by NSF Grant No. CCR-8909657.     

Quantifying knowledge complexity

One of the many contributions of the paper of Goldwasser, Micali and Rackoff is the introduction of the notion of knowledge complexity. Knowledge complexity zero (also known as zero-knowledge) has received most of the attention of the authors and all the attention of their followers. In this paper, we present several alternative definitions of knowledge complexity and investigate the relations between them. Received: July 22, 1997.     

Zero-knowledge proofs of identity

In this paper we extend the notion of interactive proofs of assertions to interactive proofs of knowledge. This leads to the definition of unrestricted input zero-knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions). We show the relevance of these notions to identification schemes, in which parties prove their identity by demonstrating their knowledge rather than by proving the validity of assertions. We describe a novel scheme which is provably secure if factoring is difficult and whose practical implementations are about two orders of magnitude faster than RSA-based identification schemes. The advantages of thinking in terms of proofs of knowledge rather than proofs of assertions are demonstrated in two efficient variants of the scheme: unrestricted input zero-knowledge proofs of knowledge are used in the construction of a scheme which needs no directory; a version of the scheme based on parallel interactive proofs (which are not known to be zero knowledge) is proved secure by observing that the identification protocols are proofs of knowledge.