基于数字签名的增强的不经意传输协议

该文在离散对数类数字签名及关于数据串的不经意传输的基础上提出了一种增强的不经意传输协议,解决了一种不经意传输的接入控制问题。除了具备一般不经意传输协议的特征外,该方案具有如下特点：只有持有权威机构发放的签字的接收者才能打开密文而且发送者不能确定接收者是否持有签字,即不能确定接受者的身份。在DDH( Decisional Diffie-Hellman)假设和随机预言模型下该文所提协议具有可证明的安全性。     

UC 安全的高效不经意传输协议

非承诺加密机制是语义安全的,不能抵抗选择密文攻击.在non-erase模型的安全假设下,基于非承诺加密机制的不经意传输协议不能实现自适应攻击者UC(Universally Composable)安全的定义.利用可否认加密体制和可验证平滑投影哈希函数,提出了一个新的不经意传输协议,可否认加密体制通过陷门承诺的双陷门解密技术实现,新协议方案是可证明UC安全的,基于公共参考串模型,安全性可以归约为确定性复合剩余假设.新协议参与方能够处理指数空间的消息,计算效率得到改善,通过两次协议交互可以实现string-OT协议,与bit-OT协议相比单轮通信效率提高O(n)倍.     

带有基于RSA签名的接入控制的不经意传输协议

该文在RSA签名及关于数据串的不经意传输的基础上提出了一种增强的不经意传输协议,解决了一种不经意传输的接入控制问题。除了具备一般不经意传输协议的特征外,该方案具有如下特点：只有持有权威机构发放的签字的接收者才能打开密文而且发送者不能确定接收者是否持有签字,即不能确定接受者的身份。在DDH假设和随机预言模型下该方案具有可证明的安全性。该方案使用标准RSA签名及Elgamal加密。     

基于门限思想1-out-n不经意传输协议

在一个1—out—n的不经意传输模型中。发送者提供n条消息给另一方接收者。但是接收者只能选择获取其中的1条消患，并且发送者不知道接收者获取的是哪一条消息。文章提出了一个基于门限思想并且可复用的1—out-n不经意传输协议。它在效率方面优于以往的Naor-Pinkas协议和Tzeng协议。     

格基不经意传输协议

利用一个基于错误学习问题的陷门单向函数,在格上设计了一个3轮不经意传输协议。假设错误学习问题是困难的,证明协议实现了对接收者和发送者隐私性的保护。分析表明,协议中只使用小整数的模乘和模加运算,具有很高的计算效率;协议使用限制明密文扩展技术有效缩短了传输消息的长度,提高了协议的通信效率。     

隐藏认证的不经意传输

该文在不经意传输和隐藏证书的基础上提出了隐藏认证的不经意传输, 利用双线性对构造了一个具体方案。解决了对于不经意传输的基于标准属性证书的访问控制可能暴露接收者的某些敏感信息问题。该方案有如下特点: 只有持有特定属性证书的接收者才能打开其所选择的消息,而接收者不需要向发送者提供任何证书。发送者不能确定接收者是否能够打开消息也不能确定接收者打开的是哪些消息。利用随机问答器模型, 在BDH假设及CT-CDH假设下证明了该方案的安全性。     

对比特承诺不经意传输协议的研究

比特承诺不经意传输是不经意传输和比特承诺自然融合的一种密码学工具.它在Oblivious Circuit Evaluation、Mental Games、分布式计算以及电子交易等协议中有着重要的应用.以往的协议不仅构造复杂,而且效率不高.为了解决这一问题,基于两轮串不经意传输和异或比特承诺,本文提出了一种新的比特承诺不经意传输协议.该协议构造简单,与以前的同类型协议相比,提高了协议的执行效率,增强了协议的实用性;最后,讨论了协议的安全性和复杂度.     

基于VSPH的UC不经意传输协议

基于UC（universally composable）安全模型框架,提出了一个新的不经意传输协议方案（UC-OT）。利用可验证平滑投影散列函数（VSPH）,在公共参考串模型中,该协议方案实现了抗自适应攻击的通用可组合安全。UC-OT利用基于确定性组合剩余假设构造的非承诺加密体制提高了协议的计算效率,实现了string-OT,与bit-OT协议相比单轮通信效率提高O（n）倍。在non-erase模型假设下,与Canetti所提的方案相比,单轮交互次数减少1次;与Fischlin方案相比,单轮交互次数减少2次,并且本方案不需要辅助第3方,因而更符合实际情况。     

具有统计特性的不经意传输协议

不经意传输协议是安全多方计算中的基础协议,在保护用户隐私方面有着非常重要的应用。已有的不经意传输协议缺少统计分析能力。对此,引入多方安全求和及同态加密技术,并借助一种巧妙的编码方法,提出了一种具有统计特性的不经意传输协议。在保证协议原有正确性与安全性的基础上,增加了发送者的统计特性。即在一个执行周期后发送者能够统计出各个秘密消息发送出的总次数。理论分析表明该协议安全有效,在电子商务,医疗卫生等领域有着很好的应用前景。     

基于PUFS的不经意传输协议

不经意传输(OT, oblivious transfer）协议是密码学中的一个基本协议。基于物理不可克隆函数（PUF, physical unclonable function）给出物理不可克隆函数系统（PUFS, physical unclonable function system）的概念,并在此基础上提出一个新的不经意传输协议（POT, PUFS based OT）,最后在通用可组合（UC, universal composition）框架内给出POT协议抵抗静态敌手的安全性证明。相比于传统基于公钥加密的OT方案,POT协议不使用任何可计算的假设,而是基于PUFS的安全属性实现,因此在很大程度上减小了计算和通信开销。     

标准模型中非交互抗选择密文攻击门限密码方案

提出两个抗选择密文攻击的门限密码系统.第一个方案的密文由应用Canetti-Halevi-Kazt的方法到Boneh-Boyen的基于身份加密而得到.第二个方案中的密文与Waters的基于身份加密的密文基本相同,唯一的区别是这里的"身份"是密文的前两部分的hash值.由于服务器在提供解密碎片之前可以公开验证密文的合法性,而合成者又可以公开验证解密碎片的合法性,使我们的两个方案都具有非交互性.二者的安全性都在标准的决定性双线性Diffie-Hellman假设下被证明.     

无条件安全的量子茫然传送

茫然传送作为安全多方计算的基础协议具有重要的理论研究和实用价值.目前已有的经典环境中的各茫然传送协议大都基于公钥密码学或一些附加的计算困难性假设,而这些基础在量子计算机制下将变得相当脆弱.本文根据量子贝尔态的特性,提出了一种新的量子茫然传送协议,对其正确性与安全性进行了分析与证明.该协议可同时抵抗通信信道中噪声和可能存在的窃听,在安全性、健壮性、窃听检测等方面均优于经典计算环境下的各种茫然传送协议.     

Verifiable Distributed Oblivious Transfer and Mobile Agent Security

The mobile agent is a fundamental building block of the mobile computing paradigm. In mobile agent security, oblivious transfer (OT) from a trusted party can be used to protect the agent’s privacy and the hosts’ privacy. In this paper, we introduce a new cryptographic primitive called Verifiable Distributed Oblivious Transfer (VDOT), which allows us to replace a single trusted party with a group of threshold trusted servers. The design of VDOT uses a novel technique called consistency verification of encrypted secret shares. VDOT protects the privacy of both the sender and the receiver against malicious attacks of the servers. We also show the design of a system to apply VDOT to protect the privacy of mobile agents. Our design partitions an agent into the general portion and the security-sensitive portion. We also implement the key components of our system. As far as we know, this is the first effort to implement a system that protects the privacy of mobile agents. Our preliminary evaluation shows that protecting mobile agents not only is possible, but also can be implemented efficiently. This work was supported in part by the DoD University Research Initiative (URI) program administered by the Office of Naval Research under grant N00014-01-1-0795. Sheng Zhong was supported by ONR grant N00014-01-1-0795 and NSF grants ANI-0207399 and CCR-TC-0208972. Yang Richard Yang was supported in part by NSF grant ANI-0207399. A preliminary version of this paper was presented at the DialM-POMC Joint Workshop on Foundations of Mobile Computing in 2003. Sheng Zhong received his Ph.D. in computer science from Yale University in the year of 2004. He holds an assistant professor position at SUNY Buffalo and is currently on leave for postdoctoral research at the Center for Discrete Mathematics and Theoretical Computer Science (DIMACS). His research interests, on the practical side, are security and incentives in data mining, databases, and wireless networks. On the theoretical side, he is interested in cryptography and game theory. Yang Richard Yang is an Assistant Professor of Computer Science at Yale University. His research interests include computer networks, mobile computing, wireless networking, sensor networks, and network security. He leads the LAboratory of Networked Systems (LANS) at Yale. His recent awards include a Schlumberger Fellowship and a CAREER Award from the National Science Foundation. He received his B.E. degree from Tsinghua University (1993), and his M.S. and Ph.D. degrees from the University of Texas at Austin (1998 and 2001).     

数据隐私保护的社会化推荐协议

基于邻域的社会化推荐需要同时依赖用户的历史行为数据和完善的社交网络拓扑图,但通常这些数据分别属于不同平台,如推荐系统服务提供商和社交网络服务提供商。出于维护自身数据价值及保护用户隐私的考虑,他们并不愿意将数据信息提供给其他方。针对这一现象,提出了2种数据隐私保护的社会化推荐协议,可以在保护推荐系统服务提供商和社交网络服务提供商的数据隐私的同时,为用户提供精准的推荐服务。其中,基于不经意传输的社会化推荐,计算代价较小,适用于对推荐效率要求较高的应用;基于同态加密的社会化推荐,安全程度更高,适用于对数据隐私要求较高的应用。在4组真实数据集上的实验表明,提出的2种方案切实可行,用户可以根据自身需求选择合适的方案。     

Translucent Cryptography—An Alternative to Key Escrow, and Its Implementation via Fractional Oblivious Transfer

We present an alternative to the controversial ``key-escrow' techniques for enabling law enforcement and national security access to encrypted communications. Our proposal allows such access with probability p for each message, for a parameter p between 0 and 1 to be chosen (say, by Congress) to provide an appropriate balance between concerns for individual privacy, on the one hand, and the need for such access by law enforcement and national security, on the other. (For example, with p=0.4 , a law-enforcement agency conducting an authorized wiretap which records 100 encrypted conversations would expect to be able to decrypt (approximately) 40 of these conversations; the agency would not be able to decrypt the remaining 60 conversations at all.) Our scheme is remarkably simple to implement, as it requires no prior escrowing of keys. We implement translucent cryptography based on noninteractive oblivious transfer. Extending the schemes of Bellare and Micali [2], who showed how to transfer a message with probability ?, we provide schemes for noninteractive fractional oblivious transfer, which allow a message to be transmitted with any given probability p . Our protocol is based on the Diffie—Hellman assumption and uses just one El Gamal encryption (two exponentiations), regardless of the value of the transfer probability p . This makes the implementation of translucent cryptography competitive, in efficiency of encryption, with current suggestions for software key escrow. Received 19 September 1996 and revised 1 November 1997