数据伪装技术支撑的安全多方计算研究

对于多方安全计算目前国内外已有许多研究成果,从安全方面去看很多解法是尽善尽美,但在实际的运行中却不尽人意.为了开发实用的安全多方计算解法,研究了支撑可调节安全等级的安全多方计算的多种数据伪装技术.包括线性变换伪装、(Z+V)伪装和多项式函数伪装.设计了各种数据伪装的详细协议,并对其安全性与复杂性进行了分析.最终得出各种数据伪装技术是可以在有效性和安全性之间进行调节的,即用户可在性能和安全性之间权衡两者的轻重程度,然后作出抉择,选择适合于实际情况的安全级别.     

Linear multi-secret sharing schemes based on multi-party computation

In multi-secret sharing schemes, publishing shares during the process of reconstructing partial secrets may leak some information of the secrets unrecovered yet. By using a multi-party computation (MPC) protocol, we solve this problem for any linear multi-secret sharing scheme (MSSS). We also show that LMSSS usually involve more complicated reconstruction algorithms than “direct sum” schemes, but from the point of reducing share expansion, the former is preferred.     

Secure collaborative supply chain planning and inverse optimization – The JELS model

It is a well-acknowledged fact that collaboration between different members of a supply chain yields a significant potential to increase overall supply chain performance. Sharing private information has been identified as prerequisite for collaboration and, at the same time, as one of its major obstacles. One potential avenue for overcoming this obstacle is Secure Multi-Party Computation (SMC). SMC is a cryptographic technique that enables the computation of any (well-defined) mathematical function by a number of parties without any party having to disclose its input to another party. In this paper, we show how SMC can be successfully employed to enable joint decision-making and benefit sharing in a simple supply chain setting. We develop secure protocols for implementing the well-known “Joint Economic Lot Size (JELS) Model” with benefit sharing in such a way that none of the parties involved has to disclose any private (cost and capacity) data. Thereupon, we show that although computation of the model’s outputs can be performed securely, the approach still faces practical limitations. These limitations are caused by the potential of “inverse optimization”, i.e., a party can infer another party’s private data from the output of a collaborative planning scheme even if the computation is performed in a secure fashion. We provide a detailed analysis of “inverse optimization” potentials and introduce the notion of “stochastic security”, a novel approach to assess the additional information a party may learn from joint computation and benefit sharing. Based on our definition of “stochastic security” we propose a stochastic benefit sharing rule, develop a secure protocol for this benefit sharing rule, and assess under which conditions stochastic benefit sharing can guarantee secure collaboration.     

Providing Anonymity in Unconditionally Secure Secret Sharing Schemes

We discuss the concept of anonymity in an unconditionally secure secret sharing scheme, proposing several types of anonymity and situations in which they might arise. We present a foundational framework and provide a range of general constructions of unconditionally secure secret sharing schemes offering various degrees of anonymity.     

Unconditionally Secure Group Authentication

Group authentication schemes as introduced by Boyd and by Desmedt and Frankel are cryptographic schemes in which only certain designated groups can provide messages with authentication information. In this paper we study unconditionally secure group authentication schemes based on linear perfect secret sharing and authentication schemes, for which we give expressions for the probabilities of successful attacks. Furthermore, we give a construction that uses maximum rank distance codes.     

Rearrangements of access structures and their realizations in secret sharing schemes

Firstly, the definitions of the secret sharing schemes (SSS), i.e. perfect SSS, statistical SSS and computational SSS are given in an uniform way, then some new schemes for several familiar rearrangements of access structures with respect to the above three types of SSS are constructed from the old schemes. It proves that the new schemes and the old schemes are of the same security. A method of constructing the SSS which realizes the general access structure by rearranging some basic access structures is developed. The results of this paper can be used to key managements and access controls.     

Distributing the Encryption and Decryption of a Block Cipher

In threshold cryptography, the goal is to distribute the computation of basic cryptographic primitives across a number of nodes in order to relax trust assumptions on individual nodes, as well as to introduce a level of fault-tolerance against node compromise. Most threshold cryptography has previously looked at the distribution of public key primitives, particularly threshold signatures and threshold decryption mechanisms. In this paper, we look at the application of threshold cryptography to symmetric primitives, and in particular the encryption or decryption of a symmetric key block cipher. We comment on some previous work in this area and then propose a model for shared encryption / decryption of a block cipher. We will present several approaches to enable such systems and will compare them.AMS classification: 94A60, 94A62, 68P25     

On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption

This paper provides an exposition of methods by which a trusted authority can distribute keys and/or broadcast a message over a network, so that each member of a privileged subset of users can compute a specified key or decrypt the broadcast message. Moreover, this is done in such a way that no coalition is able to recover any information on a key or broadcast message they are not supposed to know. The problems are studied using the tools of information theory, so the security provided is unconditional (i.e., not based on any computational assumption).We begin by surveying some useful schemes for key distribution that have been presented in the literature, giving background and examples (but not too many proofs). In particular, we look more closely at the attractive concept of key distribution patterns, and present a new method for making these schemes more efficient through the use of resilient functions. Then we present a general approach to the construction of broadcast schemes that combines key predistribution schemes with secret sharing schemes. We discuss the Fiat-Naor Broadcast Scheme, as well as other, new schemes that can be constructed using this approach.     

保护私有信息的一般线性方程组计算协议

作为科学计算的一个重要问题,保护私有信息的线性方程组的求解在金融、机械及通信等领域有着广泛的应用.在不经意传输的意义下,利用有限域上计算Moore-Penrose伪逆矩阵的概率算法,设计新的安全协议,解决了隐私保护的一般线性方程组在有限域上的安全两方计算问题,并利用模拟范例证明该协议在半诚实模型下是安全的.     

Secret Sharing Schemes with Detection of Cheaters for a General Access Structure

In a secret sharing scheme, some participants can lie about the value of their shares when reconstructing the secret in order to obtain some illicit benefit. We present in this paper two methods to modify any linear secret sharing scheme in order to obtain schemes that are unconditionally secure against that kind of attack. The schemes obtained by the first method are robust, that is, cheaters are detected with high probability even if they know the value of the secret. The second method provides secure schemes, in which cheaters that do not know the secret are detected with high probability. When applied to ideal linear secret sharing schemes, our methods provide robust and secure schemes whose relation between the probability of cheating and the information rate is almost optimal. Besides, those methods make it possible to construct robust and secure schemes for any access structure.     

Ideal secret sharing schemes whose minimal qualified subsets have at most three participants

One of the main open problems in secret sharing is the characterization of the access structures of ideal secret sharing schemes. Brickell and Davenport proved that every one of these ideal access structures is related in a certain way to a unique matroid. Specifically, they are matroid ports. In addition to the search of general results, this difficult open problem has been studied in previous works for several families of access structures. In this paper we do the same for access structures with rank 3, that is, structures whose minimal qualified subsets have at most three participants. We completely characterize and classify the rank-3 access structures that are matroid ports. We prove that all access structures with rank three that are ports of matroids greater than 3 are ideal. After the results in this paper, the only open problem in the characterization of the ideal access structures with rank three is to characterize the rank-3 matroids that can be represented by an ideal secret sharing scheme. A previous version of this paper appeared in Fifth Conference on Security and Cryptography for Networks, SCN 2006, Lecture Notes in Computer Science 4116 (2006) 201–215.     

Secure domination critical graphs

A secure dominating set X of a graph G is a dominating set with the property that each vertex u∈V_G−X is adjacent to a vertex v∈X such that (X−{v})∪{u} is dominating. The minimum cardinality of such a set is called the secure domination number, denoted by γ_s(G). We are interested in the effect of edge removal on γ_s(G), and characterize γ_s-ER-critical graphs, i.e. graphs for which γ_s(G−e)>γ_s(G) for any edge e of G, bipartite γ_s-ER-critical graphs and γ_s-ER-critical trees.     

Universal computation in fluid neural networks

Fluid neural networks can be used as a theoretical framework for a wide range of complex systems as social insects. In this article we show that collective logical gates can be built in such a way that complex computation can be possible by means of the interplay between local interactions and the collective creation of a global field. This is exemplified by a NOR gate. Some general implications for ant societies are outlined. © 1996 John Wiley & Sons, Inc.     

Shared Secret Reconstruction

In this paper we consider the secret reconstruction problem in a secret sharing scheme. We emphasize that a shared secret should be reconstructed in a fair way, i.e., all involved participants should have the same chance to be able to reconstruct the shared secret. We propose and analyze several methods to achieve such a fair reconstruction of shared secrets.     

Threshold Visual Cryptography Schemes with Specified Whiteness Levels of Reconstructed Pixels

In 1994, Naor and Shamir introduced an unconditionally secure method for encoding black and white images. This method, known as a threshold visual cryptography scheme (VCS), has the benefit of requiring no cryptographic computation on the part of the decoders. In a -VCS, a share, in the form of a transparency, is given to ">n users. Any ">k users can recover the secret simply by stacking transparencies, but ">k-1 users can gain no information about the secret whatsoever.In this paper, we first explore the issue of contrast, by demonstrating that the current definitions are inadequate, and by providing an alternative definition. This new definition motivates an examination of minimizing pixel expansion subject to fixing the VCS parameters ">h and ">l. New bounds on pixel expansion are introduced, and connections between these bounds are examined. The best bound presented is tighter than any previous bound. An analysis of connections between (2, ">n) schemes and designs such as BIBD's, PBD's, and (">r, )-designs is performed. Also, an integer linear program is provided whose solution exactly determines the minimum pixel expansion of a (2, ">n)-VCS with specified ">h and >l.     

Efficient automatic simulation of parallel computation on networks of workstations

Andrews et al. [Automatic method for hiding latency in high bandwidth networks, in: Proceedings of the ACM Symposium on Theory of Computing, 1996, pp. 257-265; Improved methods for hiding latency in high bandwidth networks, in: Proceedings of the Eighth Annual ACM Symposium on Parallel Algorithms and Architectures, 1996, pp. 52-61] introduced a number of techniques for automatically hiding latency when performing simulations of networks with unit delay links on networks with arbitrary unequal delay links. In their work, they assume that processors of the host network are identical in computational power to those of the guest network being simulated. They further assume that the links of the host are able to pipeline messages, i.e., they are able to deliver P packets in time O(P+d) where d is the delay on the link.In this paper we examine the effect of eliminating one or both of these assumptions. In particular, we provide an efficient simulation of a linear array of homogeneous processors connected by unit-delay links on a linear array of heterogeneous processors connected by links with arbitrary delay. We show that the slowdown achieved by our simulation is optimal. We then consider the case of simulating cliques by cliques; i.e., a clique of heterogeneous processors with arbitrary delay links is used to simulate a clique of homogeneous processors with unit delay links. We reduce the slowdown from the obvious bound of the maximum delay link to the average of the link delays. In the case of the linear array we consider both links with and without pipelining. For the clique simulation the links are not assumed to support pipelining.The main motivation of our results (as was the case with Andrews et al.) is to mitigate the degradation of performance when executing parallel programs designed for different architectures on a network of workstations (NOW). In such a setting it is unlikely that the links provided by the NOW will support pipelining and it is quite probable the processors will be heterogeneous. Combining our result on clique simulation with well-known techniques for simulating shared memory PRAMs on distributed memory machines provides an effective automatic compilation of a PRAM algorithm on a NOW.     

Detection of Cheaters in Vector Space Secret Sharing Schemes

A perfect secret sharing scheme is a method of distributing shares of a secret among a set P of participants in such a way that only qualified subsets of P can reconstruct the secret from their shares and non-qualified subsets have absolutely no information on the value of the secret. In a secret sharing scheme, some participants could lie about the value of their shares in order to obtain some illicit benefit. Therefore, the security against cheating is an important issue in the implementation of secret sharing schemes. Two new secret sharing schemes in which cheaters are detected with high probability are presented in this paper. The first one has information rate equal to 1/2 and can be implemented not only in threshold structures, but in a more general family of access structures. We prove that the information rate of this scheme is almost optimal among all schemes with the same security requirements. The second scheme we propose is a threshold scheme in which cheaters are detected with high probability even if they know the secret. The information rate is in this case 1/3 In both schemes, the probability of cheating successfully is a fixed value that is determined by the size of the secret.     

New Colored Visual Secret Sharing Schemes

Visual secretsharing (VSS) schemes are used to protect the visual secret bysending n transparencies to different participantsso that k-1 or fewer of them have no informationabout the original image, but the image can be seen by stackingk or more transparencies. However, the revealedsecret image of a conventional VSS scheme is just black and white.The colored k out of n VSS scheme sharinga colored image is first introduced by Verheul and Van Tilborg[1]. In this paper, a new construction for the colored VSS schemeis proposed. This scheme can be easily implemented on basis ofa black & white VSS scheme and get much better block lengththan the Verheul-Van Tilborg scheme.     

Optimal Colored Threshold Visual Cryptography Schemes

Visual cryptography schemes allow the encoding of a secret image into n shares which are distributed to the participants. The shares are such that only qualified subsets of participants can visually recover the secret image. Usually the secret image consist of black and white pixels. In colored threshold visual cryptography schemes the secret image is composed of pixels taken from a given set of c colors. The pixels expansion and the contrast of a scheme are two measures of the goodness of the scheme.In this paper, we study c-color (k,n)-threshold visual cryptography schemes and provide a characterization of contrast-optimal schemes. More specifically we prove that there exists a contrast-optimal scheme that is a member of a special set of schemes, which we call canonical schemes, and that satisfy strong symmetry properties.Then we use canonical schemes to provide a constructive proof of optimality, with respect to the pixel expansion, of c-color (n,n)-threshold visual cryptography schemes.Finally, we provide constructions of c-color (2,n)-threshold schemes whose pixels expansion improves on previously proposed schemes.*This author is also a member of the Akamai Faculty Group, Akamai Technologies, 8 Cambridge center, Cambridge, MA 02142, USA.     

零误差计算

研究采用有误差的数值计算来获得无误差的准确值具有重要的理论价值和应用价值.这种通过近似的数值方法获得准确结果的计算被称为零误差计算.本文首先指出,只有一致离散集合中的数才能够开展零误差计算,即有非零隔离界的数集,这也是数可以进行零误差计算的一个充要条件.以此为基本出发点,本文分析代数数零误差计算的最低理论精度,该精度对应于恢复近似代数数的准确值时必要的误差控制条件,但由于所采用恢复算法的局限性,这一理论精度往往不能保证成功恢复出代数数的准确值.为此,本文给出采用PSLQ (partial-sum-LQ-decomposition)算法进行代数数零误差计算所需的精度控制条件,与基于LLL (Lenstra-Lenstra-Lovász)算法相比,该精度控制条件关于代数数次数的依赖程度由二次降为拟线性,从而可降低相应算法的复杂度.最后探讨零误差计算未来的发展趋势.