基于不经意传输的拓扑隐藏广播协议设

为了保护消息广播中节点关系、地理位置等敏感信息,将高效的NTRU(Number Theory Re―search Unit)公钥加密算法与不经意传输协议相结合,通过引入不可信的第三方以保证广播的中间过程无法被任意节点所获知,从而实现了隐藏网络拓扑结构的目标.该协议可认为是拓扑隐藏广播的具体实现,解决了现有概念性方案中尚未涉及的秘钥重构、相邻节点身份隐藏及网络动态变化等问题.安全性分析表明,在半诚实攻击模型下该方案能够保证网络中任何一部分节点被攻破均不会导致其他节点拓扑信息泄露.此外,通过与相关概念性协议进行实验对比分析,该方案除安全性外还可充分体现计算、通信开销与节点平均度数无关的优势.     

不经意传输协议两种构造方法

不经意传输协议作为密码学的基础协议在实际生活中有很多应用,其构造方法分直接和间接构造两种。利用整数的t进制表示和DDH假设等概念,在Naor-Pinkas方案的基础上,给出了一个计算上更简单的协议间接构造方法,再借助现有公钥体制的同态性给出了不经意传输协议的直接构造方法。     

基于数字签名的增强的不经意传输协议

该文在离散对数类数字签名及关于数据串的不经意传输的基础上提出了一种增强的不经意传输协议,解决了一种不经意传输的接入控制问题。除了具备一般不经意传输协议的特征外,该方案具有如下特点：只有持有权威机构发放的签字的接收者才能打开密文而且发送者不能确定接收者是否持有签字,即不能确定接受者的身份。在DDH( Decisional Diffie-Hellman)假设和随机预言模型下该文所提协议具有可证明的安全性。     

基于门限思想1-out-n不经意传输协议

在一个1—out—n的不经意传输模型中。发送者提供n条消息给另一方接收者。但是接收者只能选择获取其中的1条消患，并且发送者不知道接收者获取的是哪一条消息。文章提出了一个基于门限思想并且可复用的1—out-n不经意传输协议。它在效率方面优于以往的Naor-Pinkas协议和Tzeng协议。     

带有基于RSA签名的接入控制的不经意传输协议

该文在RSA签名及关于数据串的不经意传输的基础上提出了一种增强的不经意传输协议,解决了一种不经意传输的接入控制问题。除了具备一般不经意传输协议的特征外,该方案具有如下特点：只有持有权威机构发放的签字的接收者才能打开密文而且发送者不能确定接收者是否持有签字,即不能确定接受者的身份。在DDH假设和随机预言模型下该方案具有可证明的安全性。该方案使用标准RSA签名及Elgamal加密。     

基于量子不经意密钥传输的量子匿名认证密钥交换协议

鉴于量子密码在密钥分配方面取得的巨大成功,人们也在尝试利用量子性质来设计其他各类密码协议。匿名认证密钥交换就是一类尚缺乏实用化量子实现途径的密码任务。为此,该文提出一个基于量子不经意密钥传输的量子匿名认证密钥交换协议。它在满足用户匿名性和实现用户与服务器双向认证的前提下,为双方建立了一个安全的会话密钥。该协议的安全性基于量子力学原理,可以对抗量子计算的攻击。此外,该协议中服务器的攻击行为要么无法奏效,要么能够与外部窃听区分开(从而被认定为欺骗),因此服务器通常不敢冒着名誉受损的风险来实施欺骗。     

对比特承诺不经意传输协议的研究

比特承诺不经意传输是不经意传输和比特承诺自然融合的一种密码学工具.它在Oblivious Circuit Evaluation、Mental Games、分布式计算以及电子交易等协议中有着重要的应用.以往的协议不仅构造复杂,而且效率不高.为了解决这一问题,基于两轮串不经意传输和异或比特承诺,本文提出了一种新的比特承诺不经意传输协议.该协议构造简单,与以前的同类型协议相比,提高了协议的执行效率,增强了协议的实用性;最后,讨论了协议的安全性和复杂度.     

格基不经意传输协议

利用一个基于错误学习问题的陷门单向函数,在格上设计了一个3轮不经意传输协议。假设错误学习问题是困难的,证明协议实现了对接收者和发送者隐私性的保护。分析表明,协议中只使用小整数的模乘和模加运算,具有很高的计算效率;协议使用限制明密文扩展技术有效缩短了传输消息的长度,提高了协议的通信效率。     

UC 安全的高效不经意传输协议

非承诺加密机制是语义安全的,不能抵抗选择密文攻击.在non-erase模型的安全假设下,基于非承诺加密机制的不经意传输协议不能实现自适应攻击者UC(Universally Composable)安全的定义.利用可否认加密体制和可验证平滑投影哈希函数,提出了一个新的不经意传输协议,可否认加密体制通过陷门承诺的双陷门解密技术实现,新协议方案是可证明UC安全的,基于公共参考串模型,安全性可以归约为确定性复合剩余假设.新协议参与方能够处理指数空间的消息,计算效率得到改善,通过两次协议交互可以实现string-OT协议,与bit-OT协议相比单轮通信效率提高O(n)倍.     

基于VSPH的UC不经意传输协议

基于UC（universally composable）安全模型框架,提出了一个新的不经意传输协议方案（UC-OT）。利用可验证平滑投影散列函数（VSPH）,在公共参考串模型中,该协议方案实现了抗自适应攻击的通用可组合安全。UC-OT利用基于确定性组合剩余假设构造的非承诺加密体制提高了协议的计算效率,实现了string-OT,与bit-OT协议相比单轮通信效率提高O（n）倍。在non-erase模型假设下,与Canetti所提的方案相比,单轮交互次数减少1次;与Fischlin方案相比,单轮交互次数减少2次,并且本方案不需要辅助第3方,因而更符合实际情况。     

Computationally Secure Oblivious Transfer

We describe new computationally secure protocols of 1-out-of-N oblivious transfer, k-out-of-N oblivious transfer, and oblivious transfer with adaptive queries. The protocols are very efficient compared with solutions based on generic two-party computation or on information-theoretic security. The 1-out-of-N oblivious transfer protocol requires only log N executions of a 1-out-of-2 oblivious transfer protocol. The k-out-of-N protocol is considerably more efficient than k repetitions of 1-out-of-N oblivious transfer, as is the construction for oblivious transfer with adaptive queries. The efficiency of the new oblivious transfer protocols makes them useful for many applications. A direct corollary of the 1-out-of-N oblivious transfer protocol is an efficient transformation of any Private Information Retrieval protocol to a Symmetric PIR protocol.     

隐藏访问结构的基于属性加密方案

该文利用双系统密码技术在素数群中提出了一个具有隐藏访问结构功能的基于属性加密方案。该方案的安全性依赖于D-Linear假设和DBDH(Decision Bilinear Diffie-Hellman)假设,并且在标准模型下证明是完全安全的。同时,方案中用户私钥长度和解密过程中双线性对的运算量都为固定值,适用于存储量和计算量小的系统。     

Oblivious Transfers and Privacy Amplification

Oblivious transfer (OT) is an important primitive in cryptography. In chosen one-out-of-two string OT, a sender offers two strings, one of which the other party, called the receiver, can choose to read, not learning any information about the other string. The sender on the other hand does not obtain any information about the receivers choice. We consider the problem of reducing this primitive to OT for single bits. Previous attempts to doing this were based on self-intersecting codes. We present a new technique for the same task, based on so-called privacy amplification. It is shown that our method has two important advantages over the previous approaches. First, it is more efficient in terms of the number of required realizations of bit OT, and second, the technique even allows for reducing string OT to (apparently) much weaker primitives. An example of such a primitive is universal OT, where the receiver can adaptively choose what type of information he wants to obtain about the two bits sent by the sender subject to the only constraint that some, possibly very small, uncertainty must remain about the pair of bits.     

Translucent Cryptography—An Alternative to Key Escrow, and Its Implementation via Fractional Oblivious Transfer

We present an alternative to the controversial ``key-escrow' techniques for enabling law enforcement and national security access to encrypted communications. Our proposal allows such access with probability p for each message, for a parameter p between 0 and 1 to be chosen (say, by Congress) to provide an appropriate balance between concerns for individual privacy, on the one hand, and the need for such access by law enforcement and national security, on the other. (For example, with p=0.4 , a law-enforcement agency conducting an authorized wiretap which records 100 encrypted conversations would expect to be able to decrypt (approximately) 40 of these conversations; the agency would not be able to decrypt the remaining 60 conversations at all.) Our scheme is remarkably simple to implement, as it requires no prior escrowing of keys. We implement translucent cryptography based on noninteractive oblivious transfer. Extending the schemes of Bellare and Micali [2], who showed how to transfer a message with probability ?, we provide schemes for noninteractive fractional oblivious transfer, which allow a message to be transmitted with any given probability p . Our protocol is based on the Diffie—Hellman assumption and uses just one El Gamal encryption (two exponentiations), regardless of the value of the transfer probability p . This makes the implementation of translucent cryptography competitive, in efficiency of encryption, with current suggestions for software key escrow. Received 19 September 1996 and revised 1 November 1997     

Improvement of an ID-Based Deniable Authentication Protocol

The deniable authentication protocol is an important notion that allows a receiver to identify the source of a given message, but not to prove the identity of the sender to a third party. Such property is very useful for providing secure negotiation over the Internet. The ID-based deniable authentication protocol based on elliptic Diffie-Hellman key agreement protocol cannot defend the sender spoofing attack and message modification attack. In this paper, we present an improved protocol based on double elliptic Diffie-Hellman scheme. According to the comparison result, the proposed protocol performs better.