信息理论安全比特承诺

承诺方案是构造现代密码学中大部分协议的核心工具。给出了离散无记忆噪声信道模型中的一种带交互的比特承诺方案,引入哈希函数,从信息理论安全的角度介绍了比特承诺的速率和容量,并分析了方案的安全性能。     

一种通用可组合安全的非交互式承诺方案

承诺方案是密码学中最基本的组件之一,是许多密码协议的基础,如零知识证明和安全多方计算协议。通用可组合安全在设计安全协议中具有重要意义,如果一种协议在通用可组合框架中可证明安全,那么即使该协议与任意（甚至不安全的）协议并发运行,它仍然保持安全性。现有的几种高效的通用可组合安全的承诺方案都是交互式协议,而非交互式的通用可组合承诺方案具有较高的协议计算量和通信复杂度。针对于此,本文在公共参考串模型下,提出一种高效的通用可组合安全的非交互式承诺方案。通用可组合承诺方案的关键设计思想在于同时实现可提取性和模棱两可性。在承诺阶段使用一种选择密文安全加密方案实现可提取性,在承诺打开阶段使用一种非交互式零知识证明,并利用一种双模式承诺方案保持协议的模棱两可性。该方案将承诺打开阶段的多轮通信改进为一轮,实现了非交互性。与现有的非交互式承诺方案相比,大大减少了计算量和通信量,提高了协议的效率。     

基于双线性群的同态承诺方案

承诺方案是一种基本而用途广泛的密码学原语,其在数学签名方案、电子支付协议、零知识协议以及安全多方计算协议等方面有着重要应用,因而成为密码学领域重要的研究课题之一.从设计思想来看,大多数有效承诺方案的构造都可纳入q单向群同态这一框架.但q单向性是一种极强的要求,使得其在实例化时可供选择的群结构受到限制.如何突破限制寻求新途径就成为承诺方案构造方面的重要课题.首次基于合数阶双线性群分别构造了无条件隐藏的陷门承诺方案以及无条件绑定的承诺方案,同时证明了在子群判定假设下这两个承诺方案分别是计算上绑定和计算上隐藏的.由于双线性群支持双线性映射,这些承诺方案除具备通常的线性同态性质外还具备特有的乘性同态性质.     

辫群上的非平衡比特承诺协议*

为构造抗量子攻击的密码协议,以非交换的辫群为平台,基于求根问题的难解性提出了一个非平衡比特承诺协议。分析表明,协议具有绑定性和隐藏性,且协议执行过程不涉及共轭判断运算,在计算上比基于共轭搜索问题的比特承诺协议更有效。     

高效的安全多方半量子求和协议

安全多方半量子求和(SMSQS)是指多个互不信任且资源受限的参与方,借助量子第三方(TP)的帮助联合计算出他们私有秘密之和,其求和结果可以根据实际应用场景来设计是否公开,但是协议需确保参与者输入的隐私性和计算结果的正确性.本文提出一种第三方TP只需制备单量子比特就可对多个资源受限的参与方进行秘密求和的协议.协议中参与方无论执行直接返回操作或者执行测量返回操作,协议都可以对参与方的秘密进行求和计算,从而提高协议中量子比特的使用效率.其次基于一种d维的量子叠加态给出将参与方秘密数值的维度扩展到高维的SMSQS协议,并通过数学证明和具体实例验证其协议的正确性.通过对所提出的协议进行安全性分析可知它们能够防范拦击重发攻击、测量重发攻击、双CNOT门攻击和TP攻击等典型的攻击行为.     

基于多比特全同态加密的安全多方计算

本文中,我们首先证明了李增鹏等人提出的多比特多密钥全同态加密方案(MFHE)满足密钥同态性质,利用此性质,可以通过门限解密得到最终解密结果.使用该方案,我们设计了一个在CRS模型下和半恶意攻击者模型下安全的三轮多方计算协议(MPC).该安全多方计算协议的安全性是基于容错学习问题(LWE)的两个变种问题Ferr-LWE和...     

一种适用于高度易失传输环境的群钥分发协议

构造一个具有自恢复能力和抵御合谋攻击能力的组群密钥发布协议,该协议特别适合于高度易失传输环境,例如无线传感器网络．基本方法是在时域上应用拉格朗日插值技术实现秘密分割—重构方案．本文精确叙述了该类协议应满足的安全性质,证明了该构造满足所要求的安全性质,分析了它对计算、存储及带宽资源的要求,并给出分别针对带宽和存储量的两种优化改进方案．论文还讨论了协议的参数选择问题．     

基于高效全同态加密的安全多方计算协议

针对目前基于全同态加密的安全多方计算协议存在的密文尺寸大、效率较低的问题,文中证明了Chen等提出的支持多比特加密的全同态加密方案满足密钥同态性,基于该方案和门限解密设计了一个在公共随机串模型下的3轮交互的高效安全多方计算协议。该协议由非交互的零知识证明可以得出协议在恶意模型下是安全的,其安全性可归结为容错学习问题的变种问题Some-are-errorless LWE。与现有的在CRS模型下的协议相比,该协议支持多比特加密,能有效降低与非门复杂度;同时密文尺寸较小,减少了运算量,从而提高了时间与空间效率。     

基于Horn逻辑扩展模型的安全协议反例的自动构造

根据安全协议的Horn逻辑扩展模型和相应的安全协议验证方法,提出了自动构造不满足安全性质的安全协议反例的求解策略,并给出了重要定理的证明,设计了一系列自动构造协议攻击的构造算法,并在基于函数式编程语言Objective Caml开发的安全协议验证工具SPVT中实现了这些算法,给出了主要算法的优化方法,详细分析了主要算法的时间复杂度,从理论上证明了算法是线性时间算法.最后,用SPVT对一些典型的安全协议进行了验证,得到了不安全协议的反例,并对反例进行了分析.得到的反例非常方便于阅读,与Alice-Bob标记非常接近,从而使任何领域的专家都可以用这种形式化的方法检查安全协议是否存在真实的反例.     

基于Strand Space的移动计算安全协议设计与正确性证明

安全协议对移动计算的安全性质起着决定作用。根据移动计算网络环境的特点,参照安全协议设计准则,以移动银行应用为背景设计了一个移动计算安全协议——MB协议,并基于Strand空间理论给出了正确性证明。     

Simplified quantum bit commitment using single photon nonlocality

We simplified our previously proposed quantum bit commitment (QBC) protocol based on the Mach–Zehnder interferometer, by replacing symmetric beam splitters with asymmetric ones. It eliminates the need for random sending time of the photons; thus, the feasibility and efficiency are both improved. The protocol is immune to the cheating strategy in the Mayers-Lo-Chau no-go theorem of unconditionally secure QBC, because the density matrices of the committed states do not satisfy a crucial condition on which the no-go theorem holds.     

Cheat sensitive quantum bit commitment via pre- and post-selected quantum states

Cheat sensitive quantum bit commitment is a most important and realizable quantum bit commitment (QBC) protocol. By taking advantage of quantum mechanism, it can achieve higher security than classical bit commitment. In this paper, we propose a QBC schemes based on pre- and post-selected quantum states. The analysis indicates that both of the two participants’ cheat strategies will be detected with non-zero probability. And the protocol can be implemented with today’s technology as a long-term quantum memory is not needed.     

Secret sharing based on quantum Fourier transform

Secret sharing plays a fundamental role in both secure multi-party computation and modern cryptography. We present a new quantum secret sharing scheme based on quantum Fourier transform. This scheme enjoys the property that each share of a secret is disguised with true randomness, rather than classical pseudorandomness. Moreover, under the only assumption that a top priority for all participants (secret sharers and recovers) is to obtain the right result, our scheme is able to achieve provable security against a computationally unbounded attacker.     

On the impossibility of non-static quantum bit commitment between two parties

Recently, Choi et al. proposed an assumption on Mayers–Lo–Chau (MLC) no-go theorem that the state of the entire quantum system is invariable to both participants before the unveiling phase. This makes us suspect that the theorem is only applicable to static quantum bit commitment (QBC). This paper clarifies that the MLC no-go theorem can be applied to not only static QBC, but also non-static one. A non-static QBC protocol proposed by Choi et al. is briefly reviewed and analyzed to work as a supporting example. In addition, a novel way to prove the impossibility of the two kinds of QBC is given.     

基于量子Calderbank-Shor-Steane纠错码的量子安全直接通信

量子安全直接通信是继量子密钥分配之后提出的又一重要量子密码协议,它要求通信双方在预先不需要建立共享密钥的情况下就可以实现消息的保密传输.给出了一个新的量子安全直接通信方案,该方案利用量子Calderbank-Shor-Steane(CSS)纠错码和未知量子态不可克隆等性质,方案的安全性建立在求解一般的线性码的译码问题是一个NP完全问题、Goppa码有快速的译码算法和量子图灵机不能有效求解NP完全问题的基础上.在协议中,发送方Alice把要发送的秘密消息转化为一一对应的错误向量,把错误向量加到其接收到的、Bob编码过的量子态上,并发给接收方Bob.Bob利用其私钥,通过测量、解码可以得到错误向量,并可以用相应的算法恢复出秘密消息.控制量子信道的攻击者Eve不能恢复出秘密消息,因其不知道Bob的密钥.与已有的量子安全直接通信方案相比,该方案不需要交换任何额外的经典信息和建立量子纠缠信道.     

Quantum commitments from complexity assumptions

Bit commitment schemes are at the basis of modern cryptography. Since information-theoretic security is impossible both in the classical and in the quantum regime, we examine computationally secure commitment schemes. In this paper we study worst-case complexity assumptions that imply quantum bit commitment schemes. First, we show that QSZK \({\not\subseteq}\) QMA implies a computationally hiding and statistically binding auxiliary-input quantum commitment scheme. We then extend our result to show that the much weaker assumption QIP \({\not\subseteq}\) QMA (which is weaker than PSPACE \({\not\subseteq}\) PP) implies the existence of auxiliary-input commitment schemes with quantum advice. Finally, to strengthen the plausibility of the separation QSZK \({\not\subseteq}\) QMA, we find a quantum oracle relative to which honest-verifier QSZK is not contained in QCMA, the class of languages that can be verified using a classical proof in quantum polynomial time.     

基于Polar码改进的McEliece密码体制

随着量子计算机对计算能力的提高,RSA和椭圆曲线密码等经典密码方案在量子计算机时代已经不再安全,基于编码的密码方案具有抵抗量子计算的优势,在未来具有良好的应用前景。文章研究极化码的极化性质,改进密钥存储方法,提出了基于Polar码改进的McEliece密码体制。改进后的编码加密方案不再存储整个矩阵,而是存储冻结比特对应的矩阵,其密钥大小比原始密码方案减少约63.36%。采用连续消除(SC)译码算法,译码复杂度较低,并通过实验证明了提出的密码方案达到140bit的安全级别,可以抵抗目前已知存在的各种攻击。最后,文章进一步阐述了基于Polar码的密码方案未来的发展方向,拓宽了极化码在编码密码方案中的应用。     

Unconditionally secure multi-party quantum commitment scheme

A new unconditionally secure multi-party quantum commitment is proposed in this paper by encoding the committed message to the phase of a quantum state. Multi-party means that there are more than one recipient in our scheme. We show that our quantum commitment scheme is unconditional hiding and binding, and hiding is perfect. Our technique is based on the interference of phase-encoded coherent states of light. Its security proof relies on the no-cloning theorem of quantum theory and the properties of quantum information.     

基于量子密码的物联网RFID系统安全的研究

RFID系统的普及应用和计算机处理能力不断提高使得传统公钥密码体制的不足日益凸显。为了替代传统公钥密码体制,解决标签的安全问题,本文基于遍历矩阵构造多元二次多项式（Bisectional Multivariate Quadratic Equation,BMQE）的方法,建立一种新的基于量子计算机构造的公钥密码方案,并且给出物联网移动RFID安全协议模型。接着从密钥尺寸、加/解密速度等对该方案进行性能评估,表明该方案在RFID系统中应用的可行性。最后从各项攻击方法等进行分析,表明该方案的安全性。该研究成果对量子密码时代推进RFID的安全研究具有重要参考价值。     

Quantum Oblivious Transfer: a secure practical implementation

Together with bit commitment, Oblivious Transfer is a very useful cryptographic primitive with important applications, most notably in secure multiparty computations. It has been long known that secure Quantum Oblivious Transfer can be achieved from a secure implementation of Quantum Bit Commitment. Unfortunately, it is also well known that unconditionally secure Quantum Bit Commitment is impossible, so building a secure Oblivious Transfer protocol on top of Quantum Bit Commitment is ruled out. In this paper, we propose a relatively simple quantum protocol for Oblivious Transfer which does not require qubit storage, does not rely on bit commitment as a primitive and is easily implementable with current technology, if the two actors are honest. The protocol is proven to be secure against any individual measurements and entanglement-based attacks. Any cheating attempt trying to speculate collective measurements would be considerably difficult to put in practice, even in the near future. Furthermore, the number of qubits used in our scheme (embodied as photons in a physical realization of the protocol) acts as a security parameter, making it increasingly hard to cheat.