On the communication complexity of zero-knowledge proofs

The fact that there are zero-knowledge proofs for all languages in NP (see [15], [6], and [5]) has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer “which languages in NP have zeroknowledge proofs” but rather “which languages in NP have practical zeroknowledge proofs.” Thus, the concrete complexity of zero-knowledge proofs for different languages must be established. In this paper we study the concrete complexity of the known general methods for constructing zero-knowledge proofs. We establish that circuit-based methods, which can be applied in either the GMR or the BCC model, have the potential of producing proofs which can be used in practice. Then we introduce several techniques which greatly reduce the concrete complexity of circuit-based proofs, and we show that these techniques lead to zero-knowledge proofs of knowledge. Finally, we show how to combine the techniques of Kilian, Micali, and Ostrovsky, for designing zero-knowledge proofs with only two envelopes, with some of our techniques for reducing the number of bits which the prover must commit to. Supported in part by NSA Grant No. MDA90488-H-2006. Supported in part by NSF Grant No. CCR-8909657.     

密钥分配技术与实现

密钥分配是密钥管理诸环节中最关键最要害的环节之一。本文以密钥管理标准ISO 11166、11568等标准为背景,讨论了如何利用密码服务报文来传送密钥的技术问题和实现问题。     

The research and design of reconfigurable computing for Block cipher

This paper describes a new specialized Reconfigurable Cryptographic for Block ciphers Architecture（RCBA）.Application-specific computation pipelines can be configured according to the characteristics of the block cipher processing in RCBA,which delivers high performance for cryptographic applications.RCBA adopts a coarse-grained reconfigurable architecture that mixes the appropriate amount of static configurations with dynamic configurations.RCBA has been implemented based on Altera’s FPGA,and representative algorithms of block cipher such as DES,Rijndael and RC6 have been mapped on RCBA architecture successfully.System performance has been analyzed,and from the analysis it is demonstrated that the RCBA architecture can achieve more flexibility and efficiency when compared with other implementations.     

基于串空间模型的改进型 Otway-Rees 协议分析

串空间模型是一种新兴的密码协议形式化分析工具,其理论中理想和诚实概念的提出大大减少了协议的证明步骤.本文在 Otway-Rees 协议缺陷的基础上对它进行改进,并利用串空间模型的理论对改进后的 Otway-Rees 协议进行了形式化的分析.新的 Otway-Rees 协议满足其安全目标,是安全可行的     

基于图元的事件图生成算法

与单轮运行情形不同,多轮并发运行的密码协议存在更为复杂的安全性问题。并发运行密码协议的形式化分析对象包括密码协议的多轮并发运行和多个密码协议的并发运行两种情形,且二者具有统一的形式化模型。基于扩展的串空间模型和Spi演算理论,提出用于并发运行密码协议安全属性验证的事件图模型。图元是事件图的构造单元,它满足消息事件之间的通信关系和前驱关系约束以及消息语句的新鲜性约束。定义消息事件之间、图元之间以及消息事件和图元之间的前缀、组合和选择运算,并给出事件图生成算法。     

电磁分析环境下密码设备面向实际的安全性度量

为在充斥电磁分析旁路攻击敌手的危险环境下评估密码设备的安全性,通过将密码学标准黑盒模型中的敌手能力进行加强,在物理可观测密码术模型的框架内,定义了具有电磁泄漏信息分析能力的密钥恢复敌手与不可分辨性判定敌手。分别以敌手成功率定量度量与敌手优势定性度量,给出密码设备面向实际的安全性度量方式。通过成功率度量方式的实验,比较了几种不同电磁旁路分辨器的攻击能力,以便为进一步研究并开发可证明抵抗电磁分析攻击的密码系统和设备打下基础。     

Host cryptographic operations: A software implementation

A comparative overview of two well-defined key management schemes using the Data Encryption Standard, the IBM Cryptographic System and the Key Notarization System, is presented with emphasis on the interaction between the host operating system and the host cryptographic operations suggested in the two systems. Therefore, integrating cryptography into computer networks is a topic of current interest. A software scheme to implement the host cryptographic operations defined by the KNS is outlined.     

串空间代数缺陷到实际攻击的转换

根据串空间证明协议安全性的代数结论,可以判断协议是否存在缺陷,但没有给出一个精确的答案：究竟攻击是如何进行的?本文提出四务启发式规则以完成代数缺陷到实际攻击的转换。并结合Needham—Schroeder公钥协议、Otway—Rees对称密钥协议进行了攻击转换分析。实践表明这四条规则在把串空间的代数缺陷转换为实际攻击时非常有效。     

远程动态口令认证方案的研究与改进

研究了动态口令技术,分析了文献[1]中的一个远程动态口令认证方案,发现原方案不能抵抗劫取连接攻击.对原方案进行了修改,修改后的方案克服了原方案存在的安全漏洞,保留了原方案的所有安全特性,具有更高的安全性.     

The Practice of Cryptographic Protocol Verification

We present CASRUL, a compiler for cryptographic protocols specifications. Its purpose is to verify the executability of protocols and to translate them into rewrite rules that can be used by several kinds of automatic or semi-automatic tools for finding design flaws. We also present a related complexity results concerning the protocol insecurity problem for a finite number of sessions. We show the problem is in NP without assuming bounds on messages and with non-atomic encryption keys. We also explain that in order to build an attack with a fixed number of sessions the intruder needs only to forge messages of linear size, provided that they are represented as dags.For more information: http://www.loria.fr/equipes/protheo/SOFTWARES/CASRUL/.