基于不经意多项式估值的SM4协同加解密方案

协同加解密是安全多方计算中的重要研究方向,它可以安全高效地实现数据保护、隐私保护。为解决现有SM4协同加解密方案离线计算阶段计算复杂度偏高的问题,提出一种基于不经意多项式估值的SM4协同加解密方案。方案利用预计算的多项式集合和多项式值集合来完成在线阶段的S盒协同计算,从而提高在线计算阶段的性能。该文证明了所提方案的正确性和安全性,同时将其与四种不同的方案进行对比,结果表明,所提方案计算效率明显高于其他方案,说明所提方案能安全高效地完成SM4协同加解密。     

理想格上可证明安全的不经意传输协议*

针对理想格相比一般格可以在不降低安全性的基础上,减少密钥量、缩短密钥长度、降低运行开销的优点。将理想格上的优势与一般格上的不经意传输协议结合,把2012年欧密会上Peiker提出的格上陷门函数生成算法扩展到理想格上,提出基于理想格上的1-out-of-n不经意传输协议方案。利用理想格上的基于错误学习问题的陷门单向函数,保证了协议发送方和接收方的隐私性,并证明了协议的完备性和安全性。效率方面,协议中使用的计算是小整数的模乘和模加,有很高的计算效率;并且使用理想格有效的限制明密文长度和密钥量,减少了通信成本。     

可证明安全k-out-of-n不经意传输方案的安全分析与改进

不经意传输是密码学研究的一个重要内容。对一种可证明安全的k-out-of-n不经意传输方案安全性进行了分析。该方案的构造方法很新颖,具有很高的计算效率和传输效率。但是分析发现其存在一个明显漏洞,可以使得接收者能够获得发送者发送的全部信息,从而违背了不经意传输的安全性要求。详细分析后,通过引入一个随机数对该方案进行了改进,改进后的方案消除了原方案存在的漏洞,并且传输开销和计算开销与原方案相同,方案安全性同样是建立在判断性Diffie-Hellman (DDH)问题为困难问题的假设之上。     

Distributed oblivious function evaluation and its applications

This paper is about distributed oblivious function evaluation (DOFE). In this setting one party (Alice) has a function f(x), and the other party (Bob) with an input α wants to learn f(α) in an oblivious way with the help of a set of servers. What Alice should do is to share her secret function f(x) among the servers.Bob obtains what he should get by interacting with the servers. This paper proposes the model and security requirements for DOFE and analyzes three distributed oblivious polynomial evaluation protocols presented in the paper.     

Hardwired polynomial evaluation

This paper is devoted to the evaluation of polynomials and elementary functions by special-purpose circuits. First we recall the basic results concerning the approximation of mathematical functions by polynomials (these results enable us to compute every continuous function if we are able to compute polynomials); then we describe a simple operator, suitable for VLSI implementation, which evaluates a polynomial in the range [0, 1]. Finally, we give some complexity results about the evaluation of the most usual elementary functions with our operator.     

Oblivious polynomial evaluation

The problem of two-party oblivious polynomial evaluation (OPE) is studied, where one party (Alice) has a polynomial P(x) and the other party (Bob) with an input x wants to learn P(x) in such an oblivious way that Bob obtains P(x) without learning any additional information about P except what is implied by P(x) and Alice does not know Bob‘s input x. The former OPE protocols are based on an intractability assumption except for OT protocols. In fact, evaluating P(x) is equivalent to computing the product of the coefficient vectors (a0,..., am) and (1,..., x^n). Using this idea, an efficient scale product protocol of two vectors is proposed first and then two OPE protocols are presented which do not need any other cryptographic assumption except for OT protocol. Compared with the existing OPE protocol, another characteristic of the proposed protocols is the degree of the polynomial is private. Another OPE protocol works in case of existence of untrusted third party.     

Quantum secure circuit evaluation

In order to solve the problem of classical secure circuit evaluation, this paper proposes a quantum approach. In this approach, the method of inserting redundant entangled particles and quantum signature has been employed to strengthen the security of the system. Theoretical analysis shows that our solution is secure against classical and quantum attacks.     

基于角色的安全互操作模型

针对当前域间安全互操作中存在的不足,如不同粒度控制域之间的用户进行安全互操作时,带来的身份识别和规则冲突等一系列的问题,提出一种基于角色的安全互操作模型:RBSIM.在该模型中,引入角色,实现用户权限的分离,方便管理,角色--权限进行二次指派,方便系统对用户行为的细粒度控制.同时,该模型可解决安全域之间规则约束、粒度冲突等问题.用户通过发送请求申请访问资源,通过证书认证分配角色授予权限.角色的引入在带来管理方便的同时,充分解决了粗细粒度控制的冲突问题.     

Tight bounds for oblivious routing in the hypercube

We prove that in anyN-node communication network with maximum degreed, any deterministic oblivious algorithm for routing an arbitrary permutation requires (N/d) parallel communication steps in the worst case. This is an improvement upon the (N/d ^3/2) bound obtained by Borodin and Hopcroft. For theN-node hypercube, in particular, we show a matching upper bound by exhibiting a deterministic oblivious algorithm that routes any permutation in (N/logN) steps. The best previously known upper bound was (N). Our algorithm may be practical for smallN (up to about 2¹⁴ nodes).C. Kaklamanis was supported in part by NSF Grant NSF-CCR-87-04513. T. Tsantilas was supported in part by NSF Grants NSF-DCR-86-00379 and NSF-CCR-89-02500.     

一种半自动化安全数据交换模型

讨论了Internet环境下数据交换的特点,分析了一类在数据库间交换数据的应用所具有的特点,并在此基础上提出了一种独立于运行和开发平台的数据交换模型。该模型基于数据库间的直接连接,对应于一类广泛的数据交换应用。以一个可实际运行的原型系统为基础,详细讨论了该模型的体系结构、数据描述、数据交换通信协议(DECP)、安全性和半自动化等几方面的内容,并给出了实现指导。最后对进一步研究该模型给出了总结及展望。     

新的标准模型下安全的数字签名方案

针对标准模型下数字签名方案较难构造的问题,在已有选择密文攻击(CCA)安全的可公开验证加密(PVPKE)方案基础上,提出一种标准模型下的数字签名方案。构造基于以下结论：CCA安全的PVPKE方案密文的合法性可公开验证,而数字签名也要求可公开验证;CCA安全的PVPKE方案密文不可伪造,而数字签名也要求不可伪造。通过将PVPKE方案中私钥用于签名,其公钥用于签名的验证,设计数字签名方案,并进行了安全性证明。分析结果表明,所提出的方案在邮件传输系统中有较好应用。     

无线上网中的安全电子支付

文中对无线上网环境中安全问题，交易双方认证，信息的保密以及在这特殊环境下安全电子支付所需要的技术做了进一步的分析，从而提出了在无线环境下可行的安全电子支付模式。     

Solutions to the anti-piracy problem in oblivious transfer

In this paper, we consider the applications of digital fingerprinting in oblivious transfer (OT) and present the solutions to the anti-piracy problem in OT protocols. OT protocols can be applied to goods purchasing, pay-per-view TV and sensitive database access while maintaining the users' privacy. In these applications, if the users redistribute the messages that they acquired from the server's database or sell them to others, then both of the server's privacy and benefits will be damaged. Prior to this work, such an anti-piracy problem has never been considered in the OT protocols, even though it is an essential problem to make OT protocols adoptable in practice. In this work, we consider this problem for the first time and present practical solutions, by combining a digital fingerprinting scheme into OT, to provide the pirate-tracing in OT protocols. By performance analysis, our solutions turn out to be practical.     

Nondeterministic polynomial time factoring in the tile assembly model

Formalized study of self-assembly has led to the definition of the tile assembly model, Previously I presented ways to compute arithmetic functions, such as addition and multiplication, in the tile assembly model: a highly distributed parallel model of computation that may be implemented using molecules or a large computer network such as the Internet. Here, I present tile assembly model systems that factor numbers nondeterministically using Θ(1)$\Theta \left(1\right)$ distinct components. The computation takes advantage of nondeterminism, but theoretically, each of the nondeterministic paths is executed in parallel, yielding the solution in time linear in the size of the input, with high probability. I describe mechanisms for finding the successful solutions among the many parallel executions and explore bounds on the probability of such a nondeterministic system succeeding and prove that the probability can be made arbitrarily close to 1.     

标准模型下可证安全的基于身份门限环签名

在门限环签名中,任意n个成员组中的t个成员可以代表整个成员组产生(t,n)门限环签名,而对实际的签名者却具有匿名性。目前,基于身份的门限环签名方案大都是在随机预言模型下对其安全性进行证明的,然而在随机预言模型下可证安全的方案却未必是安全的,因此设计标准模型下的门限环签名方案更有意义。利用双线性对技术,提出了一种安全、高效的基于身份门限环签名方案,并在标准模型下基于计算Diffie-Hellman难问题证明方案满足适应性选择消息和身份攻击下的存在不可伪造性;同时,也对方案的无条件匿名性进行了证明。     

空间延迟容忍网络安全通信模型

针对空间网络延迟容忍问题, 提出一种用于空间延迟容忍网络（space delay-tolerant network, SDTN）的安全通信模型。该模型采用谓词逻辑的方法, 建立了SDTN有向多径图、安全协议服务集、可靠路径选择服务集、转发能力集, 给出了模型的安全约束规则、安全通信算法。定义了空间延迟容忍网络安全通信的状态机系统, 证明了模型的安全性、可靠性和所具有的延迟容忍能力, 从理论上奠定了空间延迟容忍网络安全通信的基础。     

一种基于可信等级的安全互操作模型

传统的访问控制方式已不能满足多域环境下的资源共享和跨域访问的安全需求,建立安全互操作模型是进行安全互操作的有效途径。针对现有域间安全互操作模型未考虑用户平台的问题,提出了一种基于可信等级的域间安全互操作(TLRBAC)模型。该模型引入了用户可信等级、平台可信等级和域可信等级,制定了域间安全互操作方法。分析表明该模型既保证了用户的可信接入,又能有效地控制因平台环境而引起的安全风险问题。     

一个标准模型下可证明安全的无证书签名方案

无证书公钥密码体制消除了基于身份公钥密码体制中固有的密钥托管问题,同时还保持了基于身份公钥密码体制的优点,那就是没有传统公钥密码体制中的证书以及证书管理带来的额外开销。提出了一种高效的可使用更多适合配对的椭圆曲线的,同时在标准模型下可证明安全的无证书签名方案。     

新的在标准模型中可证安全身份鉴别协议*

基于RSA衍生的判定性Dependent RSA问题的困难性假设,提出一个安全高效的身份鉴别方案。在标准模型下,可证明该身份鉴别协议在主动并行攻击下能抵抗冒充攻击和中间人攻击。由于交互简单自然、低存储量、低计算量和好的安全性能,该身份鉴别协议更适合用于广泛应用的智能卡。