视觉零知识身份认证的研究

零知识证明协议是一种非常强大的密码系统。大部分的零知识身份识别方案的安全性是基于复杂的数学算法,和交互双方大规模的计算,即证明者和示证者。而视觉密码技术是一种特别的不需要了解密码学和相应的复杂的数学计算的密码学。因此提出了一个新的基于视觉密码的零知识身份证明方法,克服了当前零知识身份证明协议依赖计算设备和复杂计算。     

Schnorr数字签名的零知识证明

为防止数字签名的任意传播,提出一种Schnorr数字签名的零知识证明协议.签名者提供给接收方的不是消息的签名信息,而是提供零知识证明协议的交互信息.接收方通过交互信息不能获知任何与签名相关信息,但可确信签名者拥有签名信息.通过方案分析可知,该协议已经具备安全性和可行性.     

数字水印在零知识身份认证中的应用

针对零知识身份认证协议存在的问题，根据数字水印能隐藏信息的特点，提出了一种新的零知识身份认证协议。在此协议中使用数字水印改善了认证的特性。在认证过程中，验证者在验证示证者身份时需要两方面的信息：一是来自网络的信息，二是本地的信息，从而有效地解决了存在的问题，提高了认证的安全性。     

基于零知识证明的电子现金

在零知识证明系统的基础上提出了一种不同于以往的构造电子现金的方案。它不基于特定的盲签名方案和零知识证明系统,从而提供了基于任意零知识证明系统和盲签名方案构筑电子现金的方法。在合理的密码学假设前提下,证明了方案的安全性。     

基于零知识证明的多实体RFID认证协议

物联网的发展对射频识别(RFID)系统的安全性能提出了越来越高的要求。虽然基于密钥阵列的RFID认证协议解决了传统RFID认证协议在多实体环境中存在的内部攻击问题,但基于交换实体身份信息的认证方式存在信息泄露的安全隐患。针对这一问题,设计了基于零知识证明的多实体RFID认证协议(MERAP)。该协议采用分布式密钥阵列抵御内部攻击,利用零知识证明方案实现双向认证时敏感身份信息零泄露。性能分析结果显示,MERAP协议在维持一定复杂度和标签成本的基础上,可抵抗包括重传、跟踪、拒绝服务和篡改等多种外部攻击和内部攻击。     

零知识鉴别IPv6地址宿主

本文介绍了IPv6地址的宿主鉴别问题,提出了一种使用零知识鉴别协议解决该问题的方案,并且和当前的方案进行了比较。结果表明,本方案具有较高的安全性和较好的实用性。     

一种零知识证明协议的安全分析与改进

论文指出了文献[1]中的零知识证明协议在公钥参数选取上的安全漏洞,并从求解离散对数的角度进行了分析证明。然后吸取了DSA数字签名算法中安全密钥选取高效简单的优点,提出了一种比Schnorr身份识别方案快1／3的简单、安全、高效的零知识证明身份识别方案。     

零知识证明系统的新进展

介绍了近两年所获得的一些结果。主要是在抵制动态敌人的进攻时,零知识交互式证明系统安全性的证明,以及统计零知识交互式证明系统之间的转换关系。     

DSA数字签名的零知识证明

基于不可否认签名和可证实签名的思想,提出了一种拥有DSA数字签名的零知识证明新方案.该方案给出了防止DSA数字签名任意传播的一种新方法--签名者不直接提供对信息M的签名,而是提供拥有该信息的数字签名的一个零知识证明.该方案是不可否认签名功能的扩充--零知识证明签名的有效性,也是可证实数字签名的改进,比可证实数字签名方案简单且不需要第三方的参与.在哈希函数在随机神谕的模型下是安全的和计算离散对数是困难的假设下,系统是安全的.     

一种基于零知识证明的RFID鉴别协议

电子标签将取代条码的地位,但由于低成本的电子标签只具有很弱的计算能力,甚至不能完成基本的对称密钥加密操作,为其提供安全性存在一定困难。讨论了在射频识别(RFID)技术中存在的安全性风险,指出了应用身份鉴别协议的必要性,分析了目前广泛应用的两种鉴别体制的缺陷,提出了一种适合于RFID技术的基于零知识证明的鉴别协议,并对其进行了验证和性能分析。     

基于通用可组合三方密码的密匙交换协议

Within the framework of universal composability, an appropriate ideal functionality that captures the basic security requirements of three party password-based key exchange was defined. An efficient real-word three party password-based key exchange protocol was also proposed. This protocol securely realizes the ideal functionality with respect to static party corruption. Thus it provides security guarantees under arbitrary composition with other protocols.     

Universal composable secure protocol for EPC system

As an important component of internet of things, electronic product code (EPC) system is widely used in many areas. However, the mass deployment of EPC system is frequently degraded by security and privacy problems. Therefore, the major researches focus on the design of a secure EPC system with high efficiency. This paper discusses the security requirements of EPC system and presents a universal composable (UC) model for EPC system, the ideal functionality of EPC system is also formally defined with the UC framework. Then a secure protocol for EPC system under UC framework is proposed and the analysis of security and performance of the proposed protocol is given, in comparison with other protocols, the results show that the proposed protocol is UC secure and can provide privacy protection, untraceability, authorized access, anonymity and concurrent security for EPC system. Furthermore, less computation and storage resource are required by the proposed protocol.     

Universally composable three‐party password‐authenticated key exchange with contributiveness

Three‐party password‐authenticated key exchange (3PAKE) allows two clients, each sharing a password with a trusted server, to establish a session key with the help of the server. It is a quite practical mechanism for establishing secure channels in a large communication network. However, most current 3PAKE protocols are analyzed in security models that do not adequately address protocol composition problem. In this paper, an ideal functionality for 3PAKE within the universal composability framework is defined, which not only provides security guarantees under arbitrary composition with other protocols but also achieves contributiveness and explicit authentication. Moreover, we propose a generic construction of contributory 3PAKE protocol and prove that it securely realizes the ideal functionality in the static corruption model. Copyright © 2014 John Wiley & Sons, Ltd.     

可证明安全的RFID标签所有权转移协议

随着物品所有权的转移,其上附着的RFID标签的所有权也需要转移。安全和隐私问题是标签所有权转移过程中需要研究的重点问题。在通用可组合框架下,形式化定义了RFID标签所有权转移的理想函数。提出了一个新的轻量级RFID标签所有权转移协议,并证明了该协议安全地实现了所定义的理想函数,即具有双向认证、标签匿名性、抗异步攻击、后向隐私保护和前向隐私保护等安全属性。与已有的RFID标签所有权转移协议相比,新协议中RFID标签的计算复杂度和存储空间需求都较低,并且与新旧所有者的交互较少,能够更加高效地实现低成本标签的所有权转移。     

普适安全的基于身份的签名机制

 理想功能是UC安全协议的基本单元和核心内容.在UC安全框架下协议设计的首要步骤就是要将协议所希望完成的功能抽象为一个"理想功能","理想功能"的合理定义不仅要从定义上保证安全,更重要的是要兼顾其可实现性.本文定义了基于身份的签名机制(IBS)在UC安全框架下对应的理想功能F_IBS,证明了其可实现性以及UC安全的IBS与经典IBS安全定义EUF-CMIA安全之间的等价关系,保证了在构造复杂环境下UC安全协议的时候,EUF-CMIA安全的IBS可以作为一个模块被安全调用.     

UC安全的动态群组密钥协商协议设计与分析

针对以往群组密钥协商限于孤立模型下讨论的问题,基于m叉树的判定Diffie—Hellman假设,使用通用可组合安全（UC安全）理论设计了一个群组密钥协商协议,并根据协议需要满足的安全目标,形式化地建立了协议的安全模型,通过对协议安全模块的设计和实现,证明了该协议满足UC安全性质。和同类协议相比,降低了密钥更新所需要的通信和计算开销,同时支持群组成员的动态加入和退出。     

安全定位协议的UC模型

研究了基于位置密码学中安全定位协议的可证明安全问题。在通用可组合安全框架下,提出了安全定位的可证安全模型。根据安全定位协议的需求,设计了安全定位的理想函数。同时,作为基于位置密码学的一种前提假设,设计了BRM模型的理想函数。此外,以1-维空间的安全定位协议为例,证明了该协议在BRM模型下能够实现安全定位的理想函数。     

Concurrent Composition of Secure Protocols in the Timing Model

In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their inputs. In the stand-alone case it has been shown that every efficient function can be securely computed. However, in the setting of concurrent composition, broad impossibility results have been proven for the case of no honest majority and no trusted setup phase. These results hold both for the case of general composition (where a secure protocol is run many times concurrently with arbitrary other protocols) and self-composition (where a single secure protocol is run many times concurrently). In this paper we investigate the feasibility of obtaining security in the concurrent setting, assuming that each party has a local clock and that these clocks proceed at approximately the same rate. We show that under this mild timing assumption, it is possible to securely compute any multiparty functionality under concurrent self-composition. Loosely speaking, we also show that it is possible to securely compute any multiparty functionality under concurrent general composition, as long as the secure protocol is run only with protocols whose messages are delayed by a specified amount of time. On the negative side, we show that it is impossible to achieve security under concurrent general composition with no restrictions whatsoever on the network (like the aforementioned delays), even in the timing model.     

Polynomial Runtime and Composability

We devise a notion of polynomial runtime suitable for the simulation-based security analysis of multi-party cryptographic protocols. Somewhat surprisingly, straightforward notions of polynomial runtime lack expressivity for reactive tasks and/or lead to an unnatural simulation-based security notion. Indeed, the problem has been recognized in previous works, and several notions of polynomial runtime have already been proposed. However, our new notion, dubbed reactive polynomial time, is the first to combine the following properties:

it is simple enough to support simple security/runtime analyses,

it is intuitive in the sense that all intuitively feasible protocols and attacks (and only those) are considered polynomial-time,

it supports secure composition of protocols in the sense of a universal composition theorem.

We work in the Universal Composability (UC) protocol framework. We remark that while the UC framework already features a universal composition theorem, we develop new techniques to prove secure composition in the case of reactively polynomial-time protocols and attacks.     

通用可组合公平安全多方计算协议简

在通用可组合框架下研究安全多方计算的公平性问题。在UC框架下,提出公平安全多方计算的安全模型。在模型中形式化定义了公平安全多方加法计算理想函数 和公平安全多方乘法计算理想函数 。然后,基于双线性对技术和承诺方案理想函数 ,在 -混合模型下分别设计公平加法协议 和公平乘法协议 安全实现理想函数 和 。最后,性能分析表明所提协议的有效性,能更好地满足应用需求。