Statistical secrecy and multibit commitments

We present and compare definitions of “statistically hiding” protocols, and we propose a novel statistically hiding commitment scheme. Informally, a protocol statistically hides a secret if a computationally unlimited adversary who conducts the protocol with the owner of the secret learns almost nothing about it. One definition is based on the L₁-norm distance between probability distributions, the other on information theory. We prove that the two definitions are essentially equivalent. We also show that statistical counterparts of definitions of computational secrecy are essentially equivalent to our main definitions. Commitment schemes are an important cryptologic primitive. Their purpose is to commit one party to a certain value, while hiding this value from the other party until some later time. We present a statistically hiding commitment scheme allowing commitment to many bits. The commitment and reveal protocols of this scheme are constant-round, and the size of a commitment is independent of the number of bits committed to. This also holds for the total communication complexity, except of course for the bits needed to send the secret when it is revealed. The proof of the hiding property exploits the equivalence of the two definitions     

国家保密局副局长丛兵指出:要加强信息安全保密管理工作

目前涉密信息系统的安全保密工作还存在很多问题,难以适应形势发展的需要,面临的任务还十分艰巨。本文介绍国家保密局在信息安全保密管理方面正在做的几项工作,便于大家进一步了解当前信息安全保密工作开展的情况。     

完善保密密码体制的条件与设计

讨论了密码体制的完善保密性，在深入分析明文、密文及密钥的概率之间的关系的基础上，给出了一般密码体制具有完善保密性的充要条件和一个性质；利用组合论的知识讨论了完善保密密码体制的设计，得到了完善保密密码体制的一个递归设计法，并给出了一类特殊完善保密密码体制的计数方面的一个结果；最后就一类特殊完善保密密码体制的存在性提出了一个问题，并做了初步分析。     

中继信道保密性能研究

从信息理论的角度,研究了中继信道的保密性能问题。与以往的三节点的中继信道不同,文中研究的中继信道另外具有一个窃听者,称为窃听中继信道。推导出窃听中继信道可达速率的上界,并给出译码前传策略下,传输速率和疑义度的可达区域。     

关于密码体制的完善保密性

本文讨论了密码体制的完善保密性,在分解密钥空间的基础上,给出了般密码体制完善保密的一个特征和两个判定条件;证明了三个特殊的密码体制完善保密的充分和必要条件。这些结果推广了保密系统的通信理论,对密码体制的设计和理解提供了帮助。     

Conditionally-perfect secrecy and a provably-secure randomized cipher

Shannon's pessimistic theorem, which states that a cipher can be perfect only when the entropy of the secret key is at least as great as that of the plaintext, is relativized by the demonstration of a randomized cipher in which the secret key is short but the plaintext can be very long. This cipher is shown to be perfect with high probability. More precisely, the eavesdropper is unable to obtain any information about the plaintext when a certain security event occurs, and the probability of this event is shown to be arbitrarily close to one unless the eavesdropper performs an infeasible computation. This cipher exploits the assumed existence of a publicly-accessible string of random bits whose length is much greater than that of all the plaintext to be encrypted; this is a feature that our cipher has in common with the previously considered book ciphers. Two modifications of this cipher are discussed that may lead to practical provably-secure ciphers based on either of two assumptions that appear to be novel in cryptography, viz., the (sole) assumption that the enemy's memory capacity (but not his computing power) is restricted and the assumption that an explicit function is, in a specified sense, controllably-difficult to compute, but not necessarily one-way.A preliminary version of this paper was presented at Eurocrypt '90, May 21–24, Århus, Denmark, and has appeared in the proceedings, pp.361–373.     

The combinatorics of authentication and secrecy codes

This paper is a study of the combinatorics of unconditionally secure secrecy and authentication codes, under the assumption that each encoding rule is to be used for the transmission of some numberL of successive messages. We obtain bounds on the number of encoding rules required in order to obtain maximum levels of security. Some constructions are also given for codes which have the minimum number of encoding rules. These constructions use various types of combinatorial designs.     

Key-minimal cryptosystems for unconditional secrecy

This paper is concerned with cryptosystems offering perfect or unconditional secrecy. For those perfect-secrecy systems which involve using keys just once, the theory is well established; however, this is not the case for those systems which involve using a key several times. This paper takes a rigorous approach to the definition of such systems, and exhibits some new families of examples of systems providing perfect secrecy for which the number of keys is minimal.     

电子政务中的安全保密

国家信息化领导小组《关于我国电子政务指导意见》中规定,电子政务建设根据涉密程度可划分为三个安全域,即涉密域、非涉密域和公共服务域。涉密域,是涉及国家秘密的网络空间; 非涉密域,是不涉及国家秘密,但涉及到本单位、本部门或本系统工作秘密的网络空间。公共服务域,不涉及国家秘密,可以涉及个人隐私和企业敏感信息的网络空间。电子政务建设离不开安全保密做后盾,安全保密建设的基础是国家信息保障体系的构筑,而国家信息保障体系建设应体现在国家社会科学和自     

隐写术中矩阵编码的保密安全性

针对矩阵编码在隐写码和湿纸码中的应用,基于信息论模型研究矩阵编码在不同攻击条件下的保密安全性。在已知载体攻击条件下,给出矩阵编码的密钥疑义度、消息疑义度和密钥的唯一解距。在选择载密攻击条件下,指出只需n个差分方程组即可恢复矩阵编码的共享密钥。     

Unmasking secrecy [security schemes]

The author describes how the complex mathematical ideas that underpin modern security schemes are helping guard the secrecy of a surprising number of daily routines.     

A large-deviations notion of perfect secrecy

We consider the Shannon cipher system with a variable key rate, and study the necessary and sufficient conditions for perfect secrecy in the sense that the exponential rate of the probability of breaking into the system would not be improved by observing the cryptogram. For a memoryless plain text source, we derive achievable lower bounds on the number of key bits needed for almost every plain text sequence in every type class. The corresponding minimum achievable average key rate turns out to be the negative logarithm of the probability of the most likely plain text letter, which is in general, smaller than the entropy.     

安全保密检查的自动化

按照国家有关部门的要求,计算机安全保密检查是指在授权的范围内, 利用能够采用的合理手段,查找和发现计算机使用过程中安全保密问题的管理工作。主要包括公共的互联网站和单位内部的计算机网络,特别是没有采取任何防护措施的即办公又互联的网络。通过近几年的检查主要存在如下共性问题: ——配备了保密技术产品,甚至有多种防护措施,应用水平不高,使保密产品技术应有的功能没有起到作用。     

混沌在语音保密中的应用

为了加强语音传输的安全性,利用混沌的特性,把混沌作为加密钥加入到语音信号中形成密文,并从此密文中剔除混沌信号将语音信号还原,从而实现了对实时语音的加密解密处理.通过计算机仿真,实现了语音信号的加密工作,对密文用两种解密钥进行解密.分析所得的结果表明,把混沌加入语音信号中形成的密文保密特性较好,不易被破解,混沌是一种有效的保障信息安全的工具.     

On the forward secrecy of Chikazawa-Yamagishi ID-based key sharing scheme

In this letter, we show that Chikazawa-Yamagishi ID-based key sharing scheme and its improved versions do not satisfy the forward secrecy. Also, we propose a modified version satisfying the forward secrecy.     

Secure E-mail protocols providing perfect forward secrecy

Electronic mail, E-mail in short, has been used to transfer various types of electronic data on Internet. In order to deliver the E-mail from the sender to the receiver both efficiently and securely, the E-mail system usually employs both conventional and public key cryptographic systems. The basic protection in an E-mail system is to encrypt the bulk mail using a conventional cryptosystem with a short-term key and to protect the short-term key using a public-key cryptosystem with the receiver's public key. However this protection cannot provide perfect forward secrecy because once the receiver's secret key is disclosed, all previous used short-term keys will also be opened and hence all previous E-mails will be learned. Two new E-mail protocols providing perfect forward secrecy are proposed In this work.     

Enhancing secrecy rates in a wiretap channel

Reliable communication imposes an upper limit on the achievable rate, namely the Shannon capacity. Wyner's wiretap coding ensures a security constraint and reliability, but results in a decrease of achievable rate. To mitigate the loss in secrecy rate, we propose a coding scheme in which we use sufficiently old messages as key and prove that multiple messages are secure with respect to all the information possessed by the eavesdropper. We also show that we can achieve security in the strong sense. Next, we study a fading wiretap channel with full channel state information of the eavesdropper's channel and use our coding/decoding scheme to achieve a secrecy capacity close to the Shannon capacity of the main channel (in the ergodic sense). Finally, we study a case where the transmitter does not have instantaneous information of the channel state of the eavesdropper, but only its distribution.