Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography

Byzantine agreement requires a set of parties in a distributed system to agree on a value even if some parties are maliciously misbehaving. A new protocol for Byzantine agreement in a completely asynchronous network is presented that makes use of new cryptographic protocols, specifically protocols for threshold signatures and coin-tossing. These cryptographic protocols have practical and provably secure implementations in the random oracle model. In particular, a coin-tossing protocol based on the Diffie-Hellman problem is presented and analyzed. The resulting asynchronous Byzantine agreement protocol is both practical and theoretically optimal because it tolerates the maximum number of corrupted parties, runs in constant expected rounds, has message and communication complexity close to the optimum, and uses a trusted dealer only once in a setup phase, after which it can process a virtually unlimited number of transactions. The protocol is formulated as a transaction processing service in a cryptographic security model, which differs from the standard information-theoretic formalization and may be of independent interest.     

Why current secure scan designs fail and how to fix them?

Scan design has become another side channel of leaking confidential information inside cryptographic chips. Methods based on obfuscating scan chain order have been proposed as countermeasures for such scan-based attacks. In this paper, we first analyze the existing secure scan designs from the angle that whether they need a complete chain state or rely on any specific scan chain order. We show that all existing attacks do not rely on specific scan chain order and therefore any secure scan design with obfuscated scan chain order cannot provide sufficient security. We then propose a new approach which clears the states of all sensitive scan cells whenever the circuit under test is switched to test mode. It will also block the access to cipher key throughout the entire testing process. Our experimental results show that the proposed scan design can effectively insulate all the information related to cipher key from the scan chain with little design overhead, thus it can successfully defend all the existing scan-based attacks.     

基于指纹识别的B/S结构安全系统的实现

实现了一个基于指纹识别与认证的B／S结构的安全系统框架。该系统用指纹采集设备读取指纹数据，在B／S结构的应用系统中识别与认证：系统基于微软．Net框架进行设计，利用其丰富的类库和XML技术，运用远程对象、数据组装加密等关键技术，采取指纹数据识别与认证、分级安全策略等措施，有效提高了系统整体的安全性，具有一定的实用价值。     

Cryptoviral extortion using Microsoft's Crypto API

This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data. Adam L. Young received a B.S. in Electrical Engineering from Yale in 1994 and a M.S. and Ph.D. in Computer Science from Columbia University in 1996 and 2002, respectively. He served as a MTS at Lucent under Michael Reiter, a Principal Engineer at Lockheed Martin, and has conducted research for the US DoD. Adam Young and Moti Yung authored the Wiley book “Malicious Cryptography:Exposing Cryptovirology,” that was published in 2004.     

How to obtain full privacy in auctions

Privacy has become a factor of increasing importance in auction design. We propose general techniques for cryptographic first-price and (M+1)st-price auction protocols that only yield the winners' identities and the selling price. Moreover, if desired, losing bidders learn no information at all, except that they lost. Our security model is merely based on computational intractability. In particular, our approach does not rely on trusted third parties, e.g., auctioneers. We present an efficient implementation of the proposed techniques based on El Gamal encryption whose security only relies on the intractability of the decisional Diffie—Hellman problem. The resulting protocols require just three rounds of bidder broadcasting in the random oracle model. Communication complexity is linear in the number of possible bids.     

USB密码钥及其在Kerberos系统中的应用

该文对USB密码钥的关键技术进行了研究,提出了解决方案。然后在分析Kerberos系统安全性的基础上,将USB密码钥应用于该系统,使其安全性得到了显著提高。     

Short Non-Interactive Cryptographic Proofs

We show how to produce short proofs of theorems such that a distrusting Verifier can be convinced that the theorem is true yet obtains no information about the proof itself. We assume the theorem is represented by a boolean circuit, of size m gates, which is satisfiable if and only if the theorem holds. We use bit commitments of size k and bound the probability of false proofs going undetected by 2 ^-r . We obtain non-interactive zero-knowledge proofs of size O(mk( log m +r)) bits. In the random oracle model, we obtain non-interactive proofs of size O(m( log m+r) + rk) bits. By simulating a random oracle, we obtain non-interactive proofs which are short enough to be used in practice. We call the latter proofs ``discreet.' Received 30 March 1998 and revised 29 November 1999 Online publication 18 August 2000     

一个基于PKI的非对称自强迫公钥追踪体制

给出了一个新的基于PKI的公钥追踪体制。本体制中数据发布者的公钥长度及每个授权用户的私钥长度都是不变的。为防止授权用户受到诬陷,采用了非对称的用户私钥。以往的追踪体制无法保证授权用户不将自己的私钥有意泄露给他人,文中采用的追踪体制具有自强迫性,可防止授权用户对其私钥的有意泄露。由于用零知识证明的方式对用户在PKI中的密钥进行了验证,该文的体制可防止用户使用非机密信息构造解密密钥。     

Security by typing

We present an approach for analyzing cryptographic protocols that are subject to attack from an active intruder who takes advantage of knowledge of the protocol rules. The approach uses a form of type system in which types are communication steps and typing constraints characterize all the messages available to the intruder. This reduces verification of authentication and secrecy properties to a typing problem in our type system. We present the typing rules, prove soundness of a type inference algorithm, and establish the correctness of the typing rules with respect to the protocol execution and intruder actions. The protocol specifications used in the approach can be automatically extracted from the conventional, informal cryptographic protocol notation commonly found in the literature. To validate the approach, we implement our algorithm in a tool called DYMNA, which is a practical and efficient environment for the specification and analysis of cryptographic protocols.     

Otway Rees协议的安全分析

互联网的迅速发展引起人们对协议安全性的关注,现在国际上流行安全协议的分析方法集中在形式化验证方面,其中BAN逻辑是一种方法。本文通过使用BAN逻辑证明Otway Rees协议的安全性,同时也得出BAN逻辑在证明协议安全性方面的一些缺陷。