多维hash链在微支付中的应用

随着通过互联网进行交易的小额商品的增加，微支付目前已经成为电子支付的重要研究方向。如果小额交易仍采用通常的支付方法，运算与存储的代价将使系统不堪重负。Rivest提出用hash函数完成微支付的聚合，用RSA公钥算法作为hash函数设计微支付方案，并将Rivest的线性hash函数扩展至高阶、多维，以使该方案效率更高。     

基于对称加密体制和散列链的新型公正微支付系统

现有的微支付系统通常不提供公平性,即参与微支付交易的消费者和商家有可能通过交易中的欺诈行为来获取商业利益。本文利用密码学中散列函数的单向特性,提出了一种基于对称加密体制和散列链的新型公正微支付系统,它属于离线预支付系统,支持数字货币的可分性,并允许消费者使用同一个散列链与多个商家进行交易。在支付过程中,一个循环交互协议使得消费者和商家的利益都得到了保障,从而大大提高了系统的公平性。与其它微支付方案（如PayWord）相比,由于本系统完全没有使用公开密钥算法,因而效率大大提高。此外,系统还为消费者提供了有限的匿名性。     

二维细胞自动机在图像认证中的应用

传统的hash函数难以实现并行计算,用于图像认证时不能充分利用图像的特性。而二维细胞自动机的拓扑结构适用于图像,支持并行计算,且计算效率较高,由此提出一种基于二维细胞自动机的图像认证方法。理论分析与初步实验结果表明,细胞自动机随机性好、满足雪崩准则,效率高于传统的hash函数。     

Case study of a commercial standard

There are several forms of digital currency and electronic charges that will begin to allow micropayments for Internet site access. Once there is a convenient way to collect micropayments, the number of quality sites will increase dramatically and attract a wide range of Internet users. Digital currency schemes, including CyberCash, First Virtual, DigiCash, and CheckFree, have been around for some time. Each has contributed to the development of electronic commerce, but in some ways there were too many solutions to be able to adopt one of them as a general solution. So the author was heartened when in 1995 MasterCard began to work with Netscape Communications to develop LivePayment, an approach to electronic commerce. He thought that Netscape's dominance in both the browser and commercial server market would ensure that the standard would be universally supported. Possibly in reaction to the Netscape-MasterCard alliance, Microsoft and Visa began to develop a competing electronic transaction standard, the Secure Transaction Technology. Later, Netscape and MasterCard accused Visa and Microsoft of planning to charge a royalty for each use of their standard. Eventually the differences were resolved, and in February MasterCard and Visa agreed to support a royalty-free standard called Secure Electronic Transactions. Progress on SET has been good since February. Netscape has announced that it will support SET in addition to LivePayment. Given that Microsoft, Netscape, MasterCard, and Visa are all behind SET, there is a good chance that it will become the universal micropayment scheme     

一种高效的移动微支付和认证协议*

针对移动计算网络的技术特点,提出了一种适合移动用户与收费服务网络进行微支付和相互认证的协议。该协议的创新之处在于将微支付方案融入到认证协议中,使移动用户可利用笔记本电脑或掌上电脑浏览收费网页、购买低价信息商品以及进行移动电子商务,并能为移动用户漫游计费提供依据。协议不仅在公共参数的存储空间需求和用户端计算负荷方面是合理的,而且能够确保用户不被错误收费,并为服务网络提供防止用户抵赖的合法证据。该协议基于一个全局的公钥基础设施,适用于基于第三代移动通信系统的网络计算环境。     

一个安全高效的移动微支付协议

提出了一个基于Payword的移动微支付协议,新协议对Payword的协议的不足之处进行了改进。为了使协议更好地应用到移动商务中,协议采用了对称加密算法,并且将多值hash链应用到与不同商家的交易中,降低了用户端的存储和计算开销。协议在保证安全性的前提下降低了微支付的交易成本。     

传感器网络中一种过滤虚假数据的鲁棒认证机制

虚假数据攻击不仅误导用户做出错误的决定,同时也耗尽了宝贵的网络资源。以往的过滤机制通常依赖于对偶密钥来进行数据认证,然而当一定数量的中转节点的密钥被妥协后,这类认证机制即失去效用。提出一种新的用于过滤虚假数据的鲁棒认证机制(robust authentication scheme,RAS),每个合法事件均被分成几个较小的事件块,节点利用基于单向哈希链的动态认证令牌技术及所预置的取自新密钥池的密钥对每个小事件块进行签名。在过滤阶段,中转节点将验证接收到的数据报告的真实性,并丢弃虚假的数据报告。从而,即使妥协节点拥有所有的签名密钥也无法伪造或篡改数据。理论分析与实验结果表明,RAS具有相对更高的过滤能力和安全性。     

二维hash链在Payword中的应用

由于hash函数的高效安全性，利用hash链构造微支付方案已经成为一个研究热点。在WCC’2005会议上，Quan Son Nguyen提出了基于RSA的多维hash链模型。该文指出了该方案的不可行之处，并对该方案进行了改进，使之满足PayWord的要求。     

基于GSM的移动微支付方案

本文提出了一种基于GSM移动环境的微支付方案,它通过将计算、存储和通信量转移到静态的网络主机上使得移动电话的负荷最小化。在整个支付过程中,移动电话发送和接收的信息非常简单,且避开了复杂的公钥运算,减少了系统延时并消除了因通信失败而造成不完全支付的可能性。同时,本方案使用会话密钥对交易信息进行加密,保护了移动用户隐私和支付信息的安全。与其它移动微支付方案相比,由于本方案完全没有使用公开密钥算法,因而效率大大提高。此外,方案还为移动用户提供了有限的匿名性。     

Difficulty control for blockchain-based consensus systems

Crypto-currencies like Bitcoin have recently attracted a lot of interest. A crucial ingredient into such systems is the “mining” of a Nakamoto blockchain. We model mining as a Poisson process with time-dependent intensity and use this model to derive predictions about block times for various hash-rate scenarios (exponentially rising hash rate being the most important). We also analyse Bitcoin’s method to update the “network difficulty” as a mechanism to keep block times stable. Since it yields systematically too fast blocks for exponential hash-rate growth, we propose a new method to update difficulty. Our proposed method performs much better at ensuring stable average block times over longer periods of time, which we verify both in simulations of artificial growth scenarios and with real-world data. Besides Bitcoin itself, this has practical benefits particularly for systems like Namecoin. It can be used to make name expiration times more predictable, preventing accidental loss of names.     

关于比特币中BWH攻击的一个注记

比特币是当前信息安全应用研究领域的热点问题之一.在比特币所采用的PoW共识协议中,挖矿具有重要作用.在现实生活中,矿工为获得更多的奖励,往往聚集成矿池,以达到在挖矿中获取更高算力进而获取更多区块奖励的目的.针对比特币矿池,Meni Rosenfeld首次提出了一种称为BWH攻击的攻击方式,Loi Luu等人进一步从理论上证明了相对于诚实挖矿,攻击者通过实施BWH攻击可以获得更高的收益.在本文中,我们分析了BWH攻击的理论基础,发现Loi Luu等人关于BWH攻击的理论分析中存在的一个错误,即Loi Luu等人忽略了整体算力改变对系统产生区块所需时间的影响,从而导致其所对比的关于攻击者实施BWH攻击所获得的收益与不实施攻击所获得的收益,实际上是在不同时间长度下的收益对比.显然这种对比缺乏合理性.在相同时间长度下,我们进一步讨论了攻击者实施BWH攻击与不实施攻击所获得的收益对比,得到了与Loi Luu等人完全相反的结论,即相对诚实挖矿来说,攻击者实施BWH攻击反而获得了相对较少的收益.因此攻击者缺乏实施BWH攻击的动机,除非其纯粹出于破坏矿池的目的而采用BWH攻击.     

格上基于身份哈希证明系统的新型构造

隐私保护是当前大数据信息时代所亟待解决的重要安全问题。而密码学是实现对内容和身份等隐私信息进行有效保护的关键理论和技术基础之一。基于身份哈希证明系统（Identity-based hash proof system）是一个基本的密码学原型,能够用来构造多种对隐私信息进行保护的密码方案。本文通过分析得知,已有基于格的基于身份哈希证明系统的密文尺寸较大,会对所构造密码方案的效率产生较大的影响。如何降低基于格的基于身份哈希证明系统的密文尺寸,是一个有意义的研究问题。为此,本文首先基于标准带错误学习（Learning with errors,简记为LWE）困难假设,在标准模型下构造了一个新的哈希证明系统,并利用随机格上离散高斯分布与光滑参数的性质,证明其是光滑（Smooth）的;再在随机谕言机（Random oracle）的作用下,利用Gentry等人所提出的原像抽样函数提取身份私钥,从而得到一个光滑并且密文尺寸较小的基于身份哈希证明系统。作为对所构造新型哈希证明系统的扩展,本文也在标准模型下提出一个可更新的哈希证明系统。最后,详细分析本文所提出新型构造的效率,并与已有相关构造进行对比。     

Design of reconfigurable array processor for multimedia application

With the rapid growth of the amount of computations and power consumption, there is a pressing need for a high power-efficiency architecture, which takes account of computational efficiency and flexibility of application. This paper proposes a type of array-processor architecture for multimedia application which is programmable and self-reconfigurable and consists of 1024 thin-core processing elements (PE). The performance and power dissipation are demonstrated with different multimedia application algorithms such as hash, and fractional motion estimation (FME). The results show that the proposed architecture can provide high performance with less energy consumption using parallel computation.

     

保护隐私的有理数科学计算

安全多方计算作为密码学的基本组成部分,是各种密码协议的基础,是国际密码学界的研究热点。近年来,许多学者研究了各种各样的安全多方计算问题,包括保密的信息比较、保密的集合问题和保密的计算几何等,并提出相应的解决方案。而在许多实际应用场景中,安全多方计算问题需要应用有理数进行描述,因此研究有理数域上的安全多方计算问题具有重要的理论与实际意义。但现有的安全多方计算问题的研究成果大多数局限于整数范围,且研究的数据主要是单维度数据。关于有理数域上多维度数据安全多方计算问题的研究较少且无法推广应用。基于有理数的分数表示形式,设计了新的编码方案（有理数编码方案和有理向量编码方案）,可将有理数域上任意维数的数据进行编码,为研究有理数域上其他安全多方计算问题提供了新的解决思路。以该编码方案和单向哈希函数为基础,分别设计了有理数相等、有理向量相等和集合问题的保密判定协议。所设计的协议仅采用基本算术运算和单向哈希函数进行计算,不需要使用公钥加密算法,使得协议的计算效率较高;且协议对研究问题中的数据范围没有限制,适用范围更广。进一步应用模拟范例严格证明了协议在半诚实模型下的安全性;并通过理论分析和模拟实验验证了协议的高效性和适用性。通过具体实例说明协议具有广泛适用性,可以推广应用于其他有理数域的安全多方计算几何问题。     

Efficient generic on-line/off-line (threshold) signatures without key exposure

The “hash–sign–switch” paradigm was firstly proposed by Shamir and Tauman with the aim to design an efficient on-line/off-line signature scheme. Nonetheless, all existing on-line/off-line signature schemes based on this paradigm suffer from the key exposure problem of chameleon hashing. To avoid this problem, the signer should pre-compute and store a plenty of different chameleon hash values and the corresponding signatures on the hash values in the off-line phase, and send the collision and the signature for a certain hash value in the on-line phase. Hence, the computation and storage cost for the off-line phase and the communication cost for the on-line phase in Shamir–Tauman’s signature scheme are still a little more overload. In this paper, we first introduce a special double-trapdoor hash family based on the discrete logarithm assumption and then incorporate it to construct a more efficient generic on-line/off-line signature scheme without key exposure. Furthermore, we also present the first key-exposure-free generic on-line/off-line threshold signature scheme without a trusted dealer. Additionally, we prove that the proposed schemes have achieved the desired security requirements.     

一种基于分组密码的hash函数的安全性分析及构造

利用已有的分组密码构造hash函数是一种非常方便的构造方法.早在1993 年Preneel 等人就对使用分组密码构造的64种hash 函数进行了安全分类,这些hash函数统称为PGV体制,它们都是单倍分组长度的,即输出长度和分组长度相同.2002 年Black在他的论文中对这64 种hash函数的安全性进行了严格的证明,证明其中的20种是安全的,其他是不安全的.随着计算技术的发展,人们感到单倍分组长度的hash函数的安全性不足,于是一些双倍分组长度的基于分组密码的hash函数被提了出来.但是其中的很多是不安全的.在AsiaCrypt2006上,一种使用了5个分组密码的双倍分组长度的hash函数被提了出来.作者声明这种构造方式是安全的,但没有给出安全性证明.本文对该体制进行了分析,发现其安全性并不理想,并针对本文的攻击提出了一种新的基于分组密码的hash函数,同时和SHA-256等hash函数的性能进行了对比.     

A novel protocol for efficient authentication in cloud-based IoT devices

The Internet of Things (IoT) has emerged as one of the most revolutionary technological innovations with the proliferation of applications within almost all fields of the human race. A cloud environment is the main component of IoT infrastructure to make IoT devices efficient, safe, reliable, usable, and autonomous. Reduction in infrastructure cost and demand accessibility of shared resources are essential parts of cloud-based IoT (CIoT) infrastructure. Information leakage in cloud-assisted IoT devices may invite dangerous activities and phenomena. Various cloud-based systems store IoT sensor data and later on access it accordingly. Some of them are public, and some of them are private. Private cloud services must be secured from external as well as internal adversaries. Hence, there must be a robust mechanism to prevent unauthorized access to devices. This paper proposes a novel and efficient protocol based on the Elliptic Curve property known as Elliptic Curve Discrete Logarithm Problem (ECDLP) with hash and XOR functions for the authentication in cloud-based IoT devices. In comparison to the existing protocols, the proposed protocol is resistant to attacks and other security vulnerabilities. The one-way hash function and XOR function effectively ensure a reduction in computation cost. AVISPA and BAN logic have been used for formal analysis of the proposed protocol. As per the performance analysis results, it is clear that the proposed protocol is efficiently suitable for cloud-assisted IoT devices.

     

无线传感器网络中基于散列链的随机密钥预分发方案

密钥管理足无线传感器网络安全机制和服务的基石,随机密钥预分发是当前最有效的密钥管理机制,但目前的随机密钥预分发方案存在一个潜在的挑战:无法同时获取理想的网络安全连通性和网络抗毁性.文中提出了一种基于散列链的随机密钥预分发方案,通过有效调节散列链长度、公共辅助节点数、散列链数量等参数,节点仅需预分发数量较少的密钥信息,就能够以较高的概率建立对偶密钥.而且,即使存在大量的受损节点仍能保持较强的网络抗毁性.理论分析和模拟实验证明了所提出方案的有效性和安全性.     

一个安全的多方交易微支付方案

基于RiVest等人的微支付方案,提出了一个新的适用多方交易的微支付方案。新方案克服了Rivest等人的方案中的一个Payword链只能对一个商家花费的缺点,实现了一个Payword链能对多个商家花费的特性,而且效率也比Rivest等人的方案高。     

Fast and deterministic hash table lookup using discriminative bloom filters

Hash tables are widely used in network applications, as they can achieve O(1) query, insert, and delete operations at moderate loads. However, at high loads, collisions are prevalent in the table, which increases the access time and induces non-deterministic performance. Slow rates and non-determinism can considerably hurt the performance and scalability of hash tables in the multi-threaded parallel systems such as ASIC/FPGA and multi-core. So it is critical to keep the hash operations faster and more deterministic.This paper presents a novel fast collision-free hashing scheme using Discriminative Bloom Filters (DBFs) to achieve fast and deterministic hash table lookup. DBF is a compact summary stored in on-chip memory. It is composed of an array of parallel Bloom filters organized by the discriminator. Each element lookup performs parallel membership checks on the on-chip DBF to produce a possible discriminator value. Then, the element plus the discriminator value is hashed to a possible bucket in an off-chip hash table for validating the match. This DBF-based scheme requires one off-chip memory access per lookup as well as less off-chip memory usage. Experiments show that our scheme achieves up to 8.5-fold reduction in the number of off-chip memory accesses per lookup than previous schemes.