试谈多变元公钥密码系统

传统的公钥密码构造时必须要保证其单向性和陷门性,但是二者总是存在着很多的矛盾。本文分析了多变元方程组公钥密码的优点和缺点。     

一种改进的概率加密体制

在不降低安全性的情况下，对一种公钥概率加密体制中的一个单向陷门置换进行改进，证明其体制安全性，并改进该单向陷门置换在数字签名中的应用，对其安全性和效率进行了分析。结果表明，改进后的概率加密体制中的加、解密效率有了明显提高。     

一种改进的概率加密体制

在不降低安全性的情况下,对一种公钥概率加密体制中的一个单向陷门置换进行改进,证明其体制安全性,并改进该单向陷门置换在数字签名中的应用,对其安全性和效率进行了分析。结果表明,改进后的概率加密体制中的加、解密效率有了明显提高。     

Synthesizers and Their Application to the Parallel Construction of Pseudo-Random Functions

A pseudo-random function is a fundamental cryptographic primitive that is essential for encryption, identification, and authentication. We present a new cryptographic primitive called pseudo-random synthesizer and show how to use it in order to get a parallel construction of a pseudo-random function. We show severalNC¹implementations of synthesizers based on concrete intractability assumptions as factoring and the Diffie–Hellman assumption. This yields the first parallel pseudo-random functions (based on standard intractability assumptions) and the only alternative to the original construction of Goldreich, Goldwasser, and Micali. In addition, we show parallel constructions of synthesizers based on other primitives such as weak pseudo-random functions or trapdoor one-way permutations. The security of all our constructions is similar to the security of the underlying assumptions. The connection with problems in computational learning theory is discussed.     

单向延迟测量中时钟动态性检测算法

延迟是评价网络性能的重要指标,也是进行其他网络性能指标测量的基础.基于全球定位系统(GPS)的端到端(end-to-end)时钟同步是测量网络单向指标的常用方法,但是其代价昂贵且缺乏灵活性.在无端到端时钟同步机制下进行网络单向延迟指标测量的关键是消除时钟偏差效应的影响.基于对时间序列分段技术的分析,提出了一种新的时间序列分段标准与改进的分段算法,实现序列的自动聚类,其时间复杂度为O(N²).将该算法应用于检测端到端时钟的动态性,识别测量过程中时钟跳变和时钟频率调整位置,实现对网络单向延迟的测量,弱化了同类工作中对时钟动态性的严格假设.同时提出了基于滑动窗的在线实时时钟动态性检测算法.实际测试实验表明,该算法是行之有效的.     

Quantum one-way permutation over the finite field of two elements

In quantum cryptography, a one-way permutation is a bounded unitary operator \(U:\mathcal {H} \rightarrow \mathcal {H}\) on a Hilbert space \(\mathcal {H}\) that is easy to compute on every input, but hard to invert given the image of a random input. Levin (Probl Inf Transm 39(1):92–103, 2003) has conjectured that the unitary transformation \(g(a,x)=(a,f(x)+ax)\), where f is any length-preserving function and \(a,x \in \hbox {GF}_{{2}^{\Vert x\Vert }}\), is an information-theoretically secure operator within a polynomial factor. Here, we show that Levin’s one-way permutation is provably secure because its output values are four maximally entangled two-qubit states, and whose probability of factoring them approaches zero faster than the multiplicative inverse of any positive polynomial poly(x) over the Boolean ring of all subsets of x. Our results demonstrate through well-known theorems that existence of classical one-way functions implies existence of a universal quantum one-way permutation that cannot be inverted in subexponential time in the worst case.     

有界单向函数的通用求逆算法研究

有界单向函数是一个新的密码学概念．有界单向函数是为了研究设计更为灵活、更实用的密码系统的基础而提出的．该文的作者在以前的文章中，对有界单向函数与一般单向函数的关系进行了探讨，从而得到一般单向函数的一个刻画．由于单向函数的存在性与计算机科学中一系列重要未决的问题相联系，其本身的存在性是一个未决的问题．有界单向函数的研究对一般单向函数存在性的研究提供了一个新的途径．从它们之间的关系来看，如果对任意正整数c，存在c-单向函数，那么一定存在单向函数．鉴于现代密码学对单向函数的依赖性，对单向函数的存在性的研究具有重要的意义．该文进一步探讨有界单向函数的困难性． 由于单向函数的存在性被规约到了有界单向函数的存在性，该文章着眼于固定的有界单向函数的研究．文中的主要结果是：对任意正整数c，存在一个被称为关于所有c-有界单向函数的通用c-有界算法，满足对于充分大的”，这个算法求逆的成功概率是所有c-有界算法求逆的成功概率的上界．从而给出了一个关于c-单向函数的刻画．     

Efficient ID-based non-malleable trapdoor commitment

Non-malleability is an important property in commitment schemes, which can resist to the person-in-the-middle (PIM) attacks within the interaction. In this paper, we focus on the non-malleability of ID-based trapdoor commitment. We first point out some weakness of the definition for Fischlin’s ID-based trapdoor commitments, which we call the partial ID-based trapdoor commitments. Moreover, we present the formal definition for the full ID-based trapdoor commitment and give a concrete construction based on the computational Diffie–Hellman (CDH) assumption. Finally, we use the idea of multi-trapdoor commitments and the technique of non-malleability to propose two efficient interactive full ID-based non-malleable trapdoor commitments in discrete logarithm (DL) system, with/without random oracle respectively.     

Delegateable signatures based on non-interactive witness indistinguishable and non-interactive witness hiding proofs

A delegateable signature scheme （DSS） which was first introduced by Barak is mainly based on the non-interactive zero-knowledge proof （NIZK） for preventing the signing verifier from telling which witness （i.e., restricted subset） is being used. However, the scheme is not significantly efficient due to the difficulty of constructing NIZK. We first show that a non-interactive witness indistinguishable （NlWl） proof system and a non-interactive witness hiding （NIWH） proof system are easier and more efficient proof models than NIZK in some cases. Furthermore, the witnesses em- ployed in these two protocols （NlWl and NIWT） cannot also be distinguished by the verifiers. Combined with the E-protocol, we then construct NlWl and NIWH proofs for any NP statement under the existence of one-way functions and show that each proof is different from those under the existence of trapdoor permutations, Finally, based on our NlWl and NIWH proofs, we construct delegateable signature schemes under the existence of one-way functions, which are more efficient than Barak＇s scheme under the existence of trapdoor permutations.     

Remarks on Change-Buehrer access control scheme in a hierarchy

In 1993, Chang and Buehrer proposed a cryptographic key assignment scheme based on a one-way trapdoor function to solve the access control problem in a hierarcy. One attack is given in this remark to show that their scheme is not secure enough.     

Fast parallel DNA-based algorithms for molecular computation: discrete logarithm

Diffie and Hellman (IEEE Trans. Inf. Theory 22(6):644–654, 1976) wrote the paper in which the concept of a trapdoor one-way function was first proposed. The Diffie–Hellman public-key cryptosystem is an algorithm that converts input data to an unrecognizable encryption, and converts the unrecognizable data back into its original decryption form. The security of the Diffie–Hellman public-key cryptosystem is based on the difficulty of solving the problem of discrete logarithms. In this paper, we demonstrate that basic biological operations can be applied to solve the problem of discrete logarithms. In order to achieve this, we propose DNA-based algorithms that formally verify our designed molecular solutions for solving the problem of discrete logarithms. Furthermore, this work indicates that public-key cryptosystems based on the difficulty of solving the problem of discrete logarithms are perhaps insecure.     

基于Chebyshev多项式的身份认证方案的研究

基于有限域的Chebyshev多项式由于其良好的单向性和半群特性,被广泛应用到公钥密码算法、密钥协商及身份认证方案中。在安全性方面对已有的基于Chebyshev多项式的身份认证方案进行了分析,并提出了一个新的身份认证方案。通过对其性能的研究,新的方案是安全有效的。     

Statistical Zero Knowledge and quantum one-way functions

One-way functions are a fundamental notion in cryptography, since they are the necessary condition for the existence of secure encryption schemes. Most examples of such functions, including Factoring, Discrete Logarithm or the RSA function, however, can be inverted with the help of a quantum computer. Hence, it is very important to study the possibility of quantum one-way functions, i.e. functions which are easily computable by a classical algorithm but are hard to invert even by a quantum adversary. In this paper, we provide a set of problems that are good candidates for quantum one-way functions. These problems include Graph Non-Isomorphism, Approximate Closest Lattice Vector and Group Non-Membership. More generally, we show that any hard instance of Circuit Quantum Sampling gives rise to a quantum one-way function. By the work of Aharonov and Ta-Shma [D. Aharonov, A. Ta-Shma, Adiabatic quantum state generation and statistical zero knowledge, in: Proceedings of STOC02 — Symposium on the Theory of Computing, 2001], this implies that any language in Statistical Zero Knowledge which is hard-on-average for quantum computers leads to a quantum one-way function. Moreover, extending the result of Impagliazzo and Luby [R. Impagliazzo, M. Luby, One-way functions are essential for complexity based cryptography, in: Proceedings of FOCS89 — Symposium on Foundations of Computer Science, 1989] to the quantum setting, we prove that quantum distributionally one-way functions are equivalent to quantum one-way functions.     

Redundant modeling in permutation weighted constraint satisfaction problems

In classical constraint satisfaction, redundant modeling has been shown effective in increasing constraint propagation and reducing search space for many problem instances. In this paper, we investigate, for the first time, how to benefit the same from redundant modeling in weighted constraint satisfaction problems (WCSPs), a common soft constraint framework for modeling optimization and over-constrained problems. Our work focuses on a popular and special class of problems, namely, permutation problems. First, we show how to automatically generate a redundant permutation WCSP model from an existing permutation WCSP using generalized model induction. We then uncover why naively combining mutually redundant permutation WCSPs by posting channeling constraints as hard constraints and relying on the standard node consistency (NC*) and arc consistency (AC*) algorithms would miss pruning opportunities, which are available even in a single model. Based on these observations, we suggest two approaches to handle the combined WCSP models. In our first approach, we propose m\text -NC_{\text c}^*m\text {-NC}_{\text c}^* and m\text -AC_{\text c}^*m\text {-AC}_{\text c}^* and their associated algorithms for effectively enforcing node and arc consistencies in a combined model with m sub-models. The two notions are strictly stronger than NC* and AC* respectively. While the first approach specifically refines NC* and AC* so as to apply to combined models, in our second approach, we propose a parameterized local consistency LB(m,Φ). The consistency can be instantiated with any local consistency Φ for single models and applied to a combined model with m sub-models. We also provide a simple algorithm to enforce LB(m,Φ). With the two suggested approaches, we demonstrate their applicabilities on several permutation problems in the experiments. Prototype implementations of our proposed algorithms confirm that applying 2\text -NC_{\text c}^*,  2\text -AC_{\text c}^*2\text {-NC}_{\text c}^*,\;2\text {-AC}_{\text c}^*, and LB(2,Φ) on combined models allow far more constraint propagation than applying the state-of-the-art AC*, FDAC*, and EDAC* algorithms on single models of hard benchmark problems.     

环Zn上的圆锥曲线在群组密钥管理中的应用

群组密钥管理是密钥管理中的一项重要内容,基于有限群上计算离散对数的困难性和单向函数求逆的难题,提出了一种基于环Z_n上的圆锥曲线公钥密码体系的群组密钥管理方案。该方案可以增加删除群组成员而不必改变其任何信息,具有动态安全性,可以根据组秘密的不同等级动态地调整其恢复时的门限值,高效地检测群组成员间的欺诈行为,对群组成员进行身份认证。     

Fast Generation of Random Permutations Via Networks Simulation

We consider the problem of generating random permutations with uniform distribution. That is, we require that for an arbitrary permutation π of n elements, with probability 1/n! the machine halts with the i th output cell containing π(i) , for 1 ≤ i ≤ n . We study this problem on two models of parallel computations: the CREW PRAM and the EREW PRAM. The main result of the paper is an algorithm for generating random permutations that runs in O(log log n) time and uses O(n ^1+o(1) ) processors on the CREW PRAM. This is the first o(log n) -time CREW PRAM algorithm for this problem. On the EREW PRAM we present a simple algorithm that generates a random permutation in time O(log n) using n processors and O(n) space. This algorithm outperforms each of the previously known algorithms for the exclusive write PRAMs. The common and novel feature of both our algorithms is first to design a suitable random switching network generating a permutation and then to simulate this network on the PRAM model in a fast way. Received November 1996; revised March 1997.     

Key recovery attack for PRESENT using slender-set linear cryptanalysisPRESENT 算法的 slender 集线性密钥恢复攻击

In this paper, we propose a new n-round key recovery attack using modified slender-set linear cryptanalysis on PRESENT-like cipher with public S-boxes. In our attack, an effective method for distinguishing the right key from the wrong ones is presented. We apply our attack to PRESENT-80. The experiments show that we can recover the entire 80 key bits of 12-rounds PRESENT-80 with 2{sn32} data complexity, 2³⁶ time complexity, and negligible memory complexity. Furthermore, we investigate an (n+1)-round attack by extending the n-round key recovery attack. Our method can be used in most PRESENT-like ciphers where the linear layer is a bit-wise permutation.     

Cryptanalysis of a sessional blind signature based on quantum cryptography

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A blind signature is a form of digital signature in which the content of a message is disguised (blinded) before it is signed to protect the privacy of the message from the signatory. For signing quantum messages, some quantum blind signature protocols have been proposed. Recently, Khodambashi et al. (Quantum Inf Process 13:121, 2014) proposed a sessional blind signature based on quantum cryptography. It was claimed that these protocol could guarantee unconditional security. However, after our analysis, we find that the signature protocol will cause the key information leakage in the view of information theory. Taking advantage of loophole, the message sender can succeed in forging the signature without the knowledge of the whole exact key between the verifier and him. To conquer this shortcoming, we construct an improved protocol based on it and the new protocol can resist the key information leakage attacks.