Comments on the ‘m out of n oblivious transfer’

This paper analyses the ‘m out of n oblivious transfer’, presented at the ACISP 2002 Conference. It is shown that the schemes presented in the paper fail to satisfy the requirements of the oblivious transfer.     

N取1的可验证分布式不经意传输方案

在分布式不经意传输协议中,为便于安全性分析,通常假定所有的代理服务器都是半可信的,但如果存在某些恶意的代理服务器,将会导致接收者重构出错误的消息。针对这些恶意的代理服务器,提出了N取1的可验证分布式不经意传输方案。该方案除了具备一般形式的分布式不经意传输的特性外,还具有:接收者R可以与所有代理服务器进行交互,避免了其他方案中对门限值k的限制;接收者R能够验证所有消息的正确性,以便能够防止恶意的代理服务器通过篡改某个消息的秘密份额并监听这种篡改行为是否被发现等手段,而造成对其隐私的危害。     

n取m不经意传输协议构造研究

不经意传输协议是设计其他密码协议的基础，同样，该协议在电子商务中也有很多应用．本文首先以2取1不经意传输协议作为子协议，构造n取1不经意传输协议，再以n取1不经意传输协议为子协议构造n取m不经意传输协议．最后，我们利用在公钥密码系统中，由公钥推导出私钥难这一性质，构造出2取1不经意传输协议，从而得出推论，任意的公钥密码系统都可以用来构造n取m不经意传输协议．     

A New Efficient Protocol for k-out-of-n Oblivious Transfer

Abstract

This paper presents a new efficient protocol for k-out-of-n oblivious transfer which is a generalization of Parakh's 1-out-of-2 oblivious transfer protocol based on Diffie-Hellman key exchange. In the proposed protocol, the parties involved generate Diffie-Hellman keys obliviously and then use them for oblivious transfer of secrets.     

不经意传输协议研究综述

在互联网快速发展、大数据的挖掘与应用已渗透到各行各业的今天, 如何安全且高效地共享、使用海量数据成为新的热点研究问题. 安全多方计算是解决该问题的关键技术之一, 它允许一组参与方在不泄露隐私输入的前提下进行交互, 共同计算一个函数并得到输出结果. 不经意传输协议, 也叫茫然传输协议, 是一种保护隐私的两方通信协议, 消息发送者持有两条待发送的消息, 接收者选择一条进行接收, 事后发送者对接收者获取哪一条消息毫不知情, 接收者对于未选择的消息也无法获取任何信息. 不经意传输协议是安全多方计算技术的关键模块之一, 其效率优化可有效推动安全多方计算技术的应用落地, 对于特殊的两方安全计算协议如隐私集合交集计算尤为重要. 总结了不经意传输协议的分类及几种常见的变体, 分别阐述了基于公钥密码的不经意传输协议的构造和研究进展, 以及不经意传输扩展协议的构造和研究进展, 由此引出不经意传输扩展协议的效率优化研究的重要性. 同时, 在半诚实敌手和恶意敌手这两种敌手模型下, 分别对不经意传输协议和不经意传输扩展协议的效率优化研究进展进行了全面梳理. 另一方面, 从应用角度对不经意传输协议和不经意传输扩展协议在工程实现中常用的优化技术进行了系统化分析. 最后, 总结了不经意传输协议和不经意传输扩展协议研究目前所面临的主要问题及未来发展趋势.     

Cut-and-Choose双向不经意传输

不经意传输作为现代密码学的一个基本工具,在安全协议的研究中起着重要作用.近年来,许多功能性更强的不经意传输变种被提出,以适应不同的需求和环境.提出一个新的不经意传输变种,称为cut-and-choose双向不经意传输;基于同态加密给出该原语的一轮高效协议构造,且在半诚实模型下形式化证明该协议的安全性.将cut-and-choose双向不经意传输运用到基于cut-and-choose技术的安全协议(尤其是安全两方计算)中,可以更具模块化地描述协议高层框架,降低协议交互轮数.此外,作为信息安全领域的一个底层基本工具,该原语本身也具有独立的研究意义.     

Oblivious Transfer Using Elliptic Curves

Abstract

In this article we propose an algorithm for oblivious transfer using elliptic curves. Also, we present its application to chosen one-out-of-two oblivious transfer.     

The cost of probabilistic agreement in oblivious robot networks

In this paper, we look at the time complexity of two agreement problems in networks of oblivious mobile robots, namely, at the gathering and scattering problems. Given a set of robots with arbitrary initial locations and no initial agreement on a global coordinate system, gathering requires that all robots reach the exact same but not predetermined location. In contrast, scattering requires that no two robots share the same location. These two abstractions are fundamental coordination problems in cooperative mobile robotics. Oblivious solutions are appealing for self-stabilization since they are self-stabilizing at no extra cost. As neither gathering nor scattering can be solved deterministically under arbitrary schedulers, probabilistic solutions have been proposed recently.The contribution of this paper is twofold. First, we propose a detailed time complexity analysis of a modified probabilistic gathering algorithm. Using Markov chains tools and additional assumptions on the environment, we prove that the convergence time of gathering can be reduced from O(n²) (the best known bound) to O(1) or , depending on the model of multiplicity detection. Second, using the same technique, we prove that scattering can also be achieved in fault-free systems with the same bounds.     

可证明安全k-out-of-n不经意传输方案的安全分析与改进

不经意传输是密码学研究的一个重要内容。对一种可证明安全的k-out-of-n不经意传输方案安全性进行了分析。该方案的构造方法很新颖,具有很高的计算效率和传输效率。但是分析发现其存在一个明显漏洞,可以使得接收者能够获得发送者发送的全部信息,从而违背了不经意传输的安全性要求。详细分析后,通过引入一个随机数对该方案进行了改进,改进后的方案消除了原方案存在的漏洞,并且传输开销和计算开销与原方案相同,方案安全性同样是建立在判断性Diffie-Hellman (DDH)问题为困难问题的假设之上。     

基于辫子群的不经意传输协议

分析指出现有辫子群上的不经意传输协议通过辫元的指数形式隐藏接收者的选择信息进而保证其隐私性,辫元指数形式的存在导致该协议计算效率较低。基于辫子群上同时共轭搜索问题和分解问题的难解性,提出了一个N取M不经意传输协议,当M=1时对应协议比现有协议的计算效率更高。     

基于OT的多方匿名身份查询协议

多方数据源的隐私信息安全检索是网络安全中亟待解决的问题,不经意传输技术的特点是能够保证各个参与方的数据安全,因此将不经意传输技术与密码学中的同态密码及对称密码相结合,设计了一种多方数据源匿名查询协议。首先,基于不经意传输的思想设计了一种三方匿名查询协议,给出了协议的模型及协议的具体流程。其次,对协议的正确性与安全性进行了证明与分析。最后,将三方匿名查询协议扩展到多方查询协议,并将其应用于数字产品交易中黑名单用户的验证,解决了在网络安全交易过程中买家用户恶意交易问题。实验数据表明,该算法在保证各方数据安全的情况下查询结果正确且效率高。     

Oblivious transfer and quantum channels as communication resources

We show that from a communication-complexity perspective, the primitive called oblivious transfer—which was introduced in a cryptographic context—can be seen as the classical analogue to a quantum channel in the same sense as non-local boxes are of maximally entangled qubits. More explicitly, one realization of non-cryptographic oblivious transfer allows for the perfect simulation of sending one qubit and measuring it in an orthogonal basis. On the other hand, a qubit channel allows for realizing non-cryptographic oblivious transfer with probability roughly 85 %, whereas 75 % is the classical limit.     

辫群上的不经意传输协议*

量子计算的快速发展给基于整数分解或离散对数问题的密码协议带来严重威胁。为了研究抵抗量子分析的密码协议,基于非交换的辫群提出了一个2取1不经意传输协议,并将其扩展为N取1不经意传输协议。在共轭搜索问题和多重共轭搜索问题难解的前提下协议能同时保证发送方和接收方的隐私性。     

带有接入控制的不经意传输协议

利用椭圆曲线密码算法构造了一个带有接入控制的不经意传输协议,除了具有一般不经意传输协议的特征外,还要求只有经过授权的接收者才能解密他想要得到的消息,而且发送者不能确定该接收者是否被授权,即不能确定接收者的真实身份,保证了接收者的隐私。随后,基于椭圆曲线离散对数问题（ECDLP）难解性的假设证明了该方案的安全性。比较现有的基于有限域上离散对数问题的不经意传输协议,该方案具有数据量更小,速度更快,适用性更广等特点,具有一定的参考价值。     

基于ECC签名的接入控制不经意传输方案

在椭圆曲线数字签名和不经意的基于签名的电子信封基础上,提出一种增强的不经意传输协议,解决不经意传输的接入控制问题。该方案除了具有一般不经意传输的特性外,还具有只有持有权威机构发放签名的接收者才能打开密文,且发送者既不能确定接收者选择了哪条消息,又不能确定其是否为授权用户。与现有的基于有限域上离散对数问题的不经意传输协议相比,该方案具有数据量更小、计算速度更快、开销更小等优点,具有广泛的应用领域。     

Practical quantum all-or-nothing oblivious transfer protocol

In this paper, we propose a practical quantum all-or-nothing oblivious transfer protocol. Its security is based on technological limitations on non-demolition measurements and long-term quantum memory, and it has the capabilities of loss-tolerance and error-correction.     

ID-based non-interactive zero-knowledge proof system based on one-out-of-two non-interactive oblivious transfer

In this paper, we propose an ID-based non-interactive zero-knowledge proof system based on the 1-out-of-2 noninteractive oblivious transfer protocol. This zero-knowledge proof system is secure against a newly discovered cheating attack.     

Equivalence of internal and external stability for a class of distributed systems

It is well known that for infinite-dimensional systems, exponential stability is not necessarily determined by the location of spectrum. Similarly, transfer functions in theH ^∞ space need not possess an exponentially stable realization. This paper addresses this problem for a class of impulse responses calledpseudorational. In this class, it is shown that the difficulty is related to classical complex analysis, especially that of entire functions of exponential type. The infinite-product representation for such entire functions makes it possible to prove that stability is indeed determined by the location of spectrum or by a modifiedH ^∞ condition. Examples are given to illustrate the theory. This research was supported in part by the Inamori Fourdation.     

The Physics of No-Bit-Commitment: Generalized Quantum Non-Locality Versus Oblivious Transfer

We show here that the recent work of Wolf and Wullschleger (quant-ph/0502030) on oblivious transfer apparently opens the possibility that non-local correlations which are stronger than those in quantum mechanics could be used for bit-commitment. This is surprising, because it is the very existence of non-local correlations which in quantum mechanics prevents bit-commitment. We resolve this apparent paradox by stressing the difference between non-local correlations and oblivious transfer, based on the time-ordering of their inputs and outputs, which prevents bit-commitment.     

Scale and performance in semantic storage management of data grids

Data grids are middleware systems that offer secure shared storage of massive scientific datasets over wide area networks. The main challenge in their design is to provide reliable storage, search, and transfer of numerous or large files over geographically dispersed heterogeneous platforms. The Storage Resource Broker (SRB) is an example of a system that provides these services and that has been deployed in multiple high-performance scientific projects during the past few years. In this paper, we take a detailed look at several of its functional features and examine its scalability using synthetic and trace-based workloads. Unlike traditional file systems, SRB uses a commodity database to manage both system- and user-defined metadata. We quantitatively evaluate this decision and draw insightful conclusions about its implications to the system architecture and performance characteristics. We find that the bulk transfer facilities of SRB demonstrate good scalability properties, and we identify the bottleneck resources across different data search and transfer tasks. We examine the sensitivity to several configuration parameters and provide details about how different internal operations contribute to the overall performance.