Anonymity and one-way authentication in key exchange protocols

Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.     

A switch-modulated method for chaos digital secure communication based on user-defined protocol

In this paper, a scheme for digital secure communication is proposed. In this scheme, we use a control function which is defined by two communicants based on chaos synchronization. At first, different signals are sent according to the promissory transmission situation of control signal, then transmission field which is consist of protocol and transmission content is produced. After these processing, the correlation of the transmitted signals are decreased. In addition, the using of the compound non-linear function transformation can further intercalate the secret key, so a determined intruder is very difficult to retrieve the message using forecasting method.     

The Diffie–Hellman Protocol

The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor one-way function, a public-key cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the so-called Diffie–Hellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.     

Multi-party computation with conversion of secret sharing

Classical results in unconditionally secure multi-party computation (MPC) protocols with a passive adversary indicate that every n-variate function can be computed by n participants, such that no set of size t < n/2 participants learns any additional information other than what they could derive from their private inputs and the output of the protocol. We study unconditionally secure MPC protocols in the presence of a passive adversary in the trusted setup (‘semi-ideal’) model, in which the participants are supplied with some auxiliary information (which is random and independent from the participant inputs) ahead of the protocol execution (such information can be purchased as a “commodity” well before a run of the protocol). We present a new MPC protocol in the trusted setup model, which allows the adversary to corrupt an arbitrary number t < n of participants. Our protocol makes use of a novel subprotocol for converting an additive secret sharing over a field to a multiplicative secret sharing, and can be used to securely evaluate any n-variate polynomial G over a field F, with inputs restricted to non-zero elements of F. The communication complexity of our protocol is O(ℓ · n ²) field elements, where ℓ is the number of non-linear monomials in G. Previous protocols in the trusted setup model require communication proportional to the number of multiplications in an arithmetic circuit for G; thus, our protocol may offer savings over previous protocols for functions with a small number of monomials but a large number of multiplications.     

An efficient and secure Diffie–Hellman key agreement protocol based on Chebyshev chaotic map

This paper proposes a new efficient and secure Diffie–Hellman key agreement protocol based on Chebyshev chaotic map. The proposed key agreement protocol uses the semi-group property of Chebyshev polynomials to agree Diffie–Hellman based session key. The proposed protocol provides strong security compared with the previous related protocols. In addition, the proposed protocol does not require any timestamp information and greatly reduces computational costs between communication parties. As a result, the proposed protocol is more practical and provides computational/communicational efficiency compare with several previously proposed key agreement protocols based on Chebyshev chaotic map.     

A Practical Protocol for Advantage Distillation and Information Reconciliation

Information-theoretic secret key agreement generally consists of three phases, namely, advantage distillation information reconciliation and privacy amplification. Advantage distillation is needed in the case when two legitimate users, Alice and Bob, start in a situation which is inferior to that of the adversary Eve. The aim for them is to gain advantage over Eve in terms of mutual information between each other. Information reconciliation enables Alice and Bob to arrive at a common string by error correction techniques. Finally they distill a highly secret string from the common string in the privacy amplification phase. For the scenario where Alice and Bob as well as Eve have access to the output of a binary symmetric source by means of (three) binary symmetric channels, there are several advantage distillation and information reconciliation protocols proposed.In this paper, we present a general protocol to implement both advantage distillation and information reconciliation. Simulation results are compared with known protocols. A connection between our protocol and the known protocols is given.     

Belief updating in multiply sectioned Bayesian networks without repeated local propagations

Multiply sectioned Bayesian networks (MSBNs) provide a coherent and flexible formalism for representing uncertain knowledge in large domains. Global consistency among subnets in an MSBN is achieved by communication. When a subnet updates its belief with respect to an adjacent subnet, existing inference operations require repeated belief propagations (proportional to the number of linkages between the two subnets) within the receiving subnet, making communication less efficient. We redefine these operations such that two such propagations are sufficient. We prove that the new operations, while improving the efficiency, do not compromise the coherence. An MSBN must be initialized before inference can take place. The initialization involves dedicated operations not shared by inference operations according to existing methods. We show that the new inference operations presented here unify inference and initialization. Hence the new operations are not only more efficient but also simpler. The new results are presented such that their connection with the common inference methods for single Bayesian networks is highlighted.     

Summing over a network without revealing summands

Consider a network in which each node possesses a secret member of a finite abelian group. In this paper we present a protocol by which the nodes can compute the sums of their secret elements without revealing them to each other. The security against discovery of the secret values as a result of conspiracies among nodes or compromise of channels between nodes is shown to depend on the connectivity of the graph defined by the network. Moreover, we are able to quantify exactly the amount of information revealed as a result of a conspiracy of a given set of nodes or compromise of a given set of channels.     

The use of combinatorics in key management

We consider the key management problem in a large network wherecommunicating nodes use symmetric-key cryptography to provideend-to-end encryption. A number of interesting mathematicalapplications arise, and we concentrate on the use of combinatoricsto facilitate a number of important key management issues. Motivatedby a recent PhD thesis (Quinn 1991), we describe a combinatorialstructure, known as a key distribution pattern. This structureuses subkeys both to reduce storage requirements at the nodesand to allow direct secure communication between nodes withoutfurther recourse to the key distribution centre. The competinginterests of reduced storage and good security pose problemswhich find solutions in the use of certain combinatorial incidencestructures, geometrical configurations, and orthogonal arrays.     

A new substitution–diffusion based image cipher using chaotic standard and logistic maps

In this paper, we propose a new loss-less symmetric image cipher based on the widely used substitution–diffusion architecture which utilizes chaotic standard and logistic maps. It is specifically designed for the coloured images, which are 3D arrays of data streams. The initial condition, system parameter of the chaotic standard map and number of iterations together constitute the secret key of the algorithm. The first round of substitution/confusion is achieved with the help of intermediate XORing keys calculated from the secret key. Then two rounds of diffusion namely the horizontal and vertical diffusions are completed by mixing the properties of horizontally and vertically adjacent pixels, respectively. In the fourth round, a robust substitution/confusion is accomplished by generating an intermediate chaotic key stream (CKS) image in a novel manner with the help of chaotic standard and logistic maps. The security and performance of the proposed image encryption technique has been analyzed thoroughly using various statistical analysis, key sensitivity analysis, differential analysis, key space analysis, speed analysis, etc. Results of the various types of analysis are encouraging and suggest that the proposed image encryption technique is able to manage the trade offs between the security and speed and hence suitable for the real-time secure image and video communication applications.     

Secret Sharing Schemes with Detection of Cheaters for a General Access Structure

In a secret sharing scheme, some participants can lie about the value of their shares when reconstructing the secret in order to obtain some illicit benefit. We present in this paper two methods to modify any linear secret sharing scheme in order to obtain schemes that are unconditionally secure against that kind of attack. The schemes obtained by the first method are robust, that is, cheaters are detected with high probability even if they know the value of the secret. The second method provides secure schemes, in which cheaters that do not know the secret are detected with high probability. When applied to ideal linear secret sharing schemes, our methods provide robust and secure schemes whose relation between the probability of cheating and the information rate is almost optimal. Besides, those methods make it possible to construct robust and secure schemes for any access structure.     

Geometrical contributions to secret sharing theory

Finite geometry has found applications in many different fields and practical environments. We consider one such application, to the theory of secret sharing, where finite projective geometry has proved to be very useful, both as a modelling tool and as a means to establish interesting results. A secret sharing scheme is a means by which some secret data can be shared among a group of entities in such a way that only certain subsets of the entities can jointly compute the secret. Secret sharing schemes are useful for information security protocols, where they can be used to jointly protect cryptographic keys or provide a means of access control. We review the contribution of finite projective geometry to secret sharing theory, highlighting results and techniques where its use has been of particular significance.     

诺贝尔物理学奖得主知识交流网络结构研究

将诺贝尔物理学奖得主作为结点，在有知识交流的两位得主间添加一条连接，由此得到诺贝尔物理学奖得主知识交流网络。本文对此网络的结构特征进行研究，结果表明该网络的结构具有一般社会网络共有的Seale-free、度协调、负相关特征，而直径较一般社会网络大，聚集系数则明显较小。     

Properties and constraints of cheating-immune secret sharing schemes

A secret sharing scheme is a cryptographic protocol by means of which a dealer shares a secret among a set of participants in such a way that it can be subsequently reconstructed by certain qualified subsets. The setting we consider is the following: in a first phase, the dealer gives in a secure way a piece of information, called a share, to each participant. Then, participants belonging to a qualified subset send in a secure way their shares to a trusted party, referred to as a combiner, who computes the secret and sends it back to the participants.Cheating-immune secret sharing schemes are secret sharing schemes in the above setting where dishonest participants, during the reconstruction phase, have no advantage in sending incorrect shares to the combiner (i.e., cheating) as compared to honest participants. More precisely, a coalition of dishonest participants, by using their correct shares and the incorrect secret supplied by the combiner, have no better chance in determining the true secret (that would have been reconstructed if they submitted correct shares) than an honest participant.In this paper we study properties and constraints of cheating-immune secret sharing schemes. We show that a perfect secret sharing scheme cannot be cheating-immune. Then, we prove an upper bound on the number of cheaters tolerated in such schemes. We also repair a previously proposed construction to realize cheating-immune secret sharing schemes. Finally, we discuss some open problems.     

Computer geometry and encoding the information on a manifold

In this review, we try to answer the following question why should one study differential geometry? First of all, differential geometry is a Jewel of Mathematics. It is a prerequisite for theoretical physics. Secondly, in recent years, new and important applications have been discovered. Surprisingly, the structures of differential geometry are ideally suited for coding theory, information geometry and imaging process, kinematics of Robotics and computer aided geometric design, optimization and so on The main goal of the review is to establish a bridge between the theoretical aspects of modern geometry and topology on the one hand and computer experimental geometry on the other. The flood of information through various computer networks such as the internet characterizes the world situation in which we live. Information words, often called virtual spaces and cyberspace, have been formed on computer networks. The complexity of information worlds has been increasing almost exponentially through the exponential growth of computer networks. Such nonlinearity in growth and in scope characterizes information words. In other words the characterization of nonlinearity is the key to understanding, utilizing and living with the flood of information. The characterization approach is by characteristic points such as peaks, pits, and passes, according to the Morse theory on the manifold. Another approach is by singularity signs such as folds, cusps bifurcation, nodes, butterfly and swallowtail. Atoms and molecules are the other fundamental characterization approach. Topology and geometry including differential topology, serve as the framework for the characterization.     

On the topologic structure of economic complex networks: Empirical evidence from large scale payment network of Estonia

This paper presents the first topological analysis of the economic structure of an entire country based on payments data obtained from Swedbank. This data set is exclusive in its kind because around 80% of Estonia's bank transactions are done through Swedbank; hence, the economic structure of the country can be reconstructed. Scale-free networks are commonly observed in a wide array of different contexts such as nature and society. In this paper, the nodes are comprised by customers of the bank (legal entities) and the links are established by payments between these nodes. We study the scaling-free and structural properties of this network. We also describe its topology, components and behaviors. We show that this network shares typical structural characteristics known in other complex networks: degree distributions follow a power law, low clustering coefficient and low average shortest path length. We identify the key nodes of the network and perform simulations of resiliency against random and targeted attacks of the nodes with two different approaches. With this, we find that by identifying and studying the links between the nodes is possible to perform vulnerability analysis of the Estonian economy with respect to economic shocks.     

An improved key agreement protocol based on chaos

Cryptography based on chaos theory has developed fast in the past few years, but most of the researches focus on secret key cryptography. There are few public key encryption algorithms and cryptographic protocols based on chaos, which are also of great importance for network security. We introduce an enhanced key agreement protocol based on Chebyshev chaotic map. Utilizing the semi-group property of Chebyshev polynomials, the proposed key exchange algorithm works like Diffie–Hellman algorithm. The improved protocol overcomes the drawbacks of several previously proposed chaotic key agreement protocols. Both analytical and experimental results show that it is effective and secure.     

On Monte Carlo methods in distributed memory systems

The way for solving a system of linear algebraic equations (SLAEs) with computers with distributed memory is presented. It is assumed that there are M computing nodes, each of which has a limited fast memory, and communication between nodes takes considerable time.If the matrix elements and the right side vectors cannot be placed in their entirety in the one node memory, the problem of using equipment efficiently between the exchange, i.e., whether each node is able to use the available information to reduce the total residual, appears. The answer to this question is negative under general assumptions on the system’s matrix and the example presented in the Appendix verifies this fact. We examine the case when the system is of sufficiently high order and it is reasonable to use the Monte Carlo method. In this case the matrix is divided between computing nodes on blocks of rows that do not overlap with the same partition into blocks of indices of rows and columns. We also consider a modification of the method of simple iteration based on this partition consisting of two nested iterative processes so that messaging between nodes takes place only in the outer iterations. This iterative process naturally results in a similar process, where the Monte Carlo method is used, and where it is not necessary to save a matrix’s full copy at each computing node. The unbiased estimations of linear algebraic equations’ solutions for the examined case are studied in the present paper. Under certain additional conditions imposed on the matrix, we prove the sufficient convergence conditions.     

Secret sharing schemes with partial broadcast channels

In a conventional secret sharing scheme a dealer uses secure point-to-point channels to distribute the shares of a secret to a number of participants. At a later stage an authorised group of participants send their shares through secure point-to-point channels to a combiner who will reconstruct the secret. In this paper, we assume no point-to-point channel exists and communication is only through partial broadcast channels. A partial broadcast channel is a point-to-multipoint channel that enables a sender to send the same message simultaneously and privately to a fixed subset of receivers. We study secret sharing schemes with partial broadcast channels, called partial broadcast secret sharing schemes. We show that a necessary and sufficient condition for the partial broadcast channel allocation of a (t, n)-threshold partial secret sharing scheme is equivalent to a combinatorial object called a cover-free family. We use this property to construct a (t, n)-threshold partial broadcast secret sharing scheme with O(log n) partial broadcast channels. This is a significant reduction compared to n point-to-point channels required in a conventional secret sharing scheme. Next, we consider communication rate of a partial broadcast secret sharing scheme defined as the ratio of the secret size to the total size of messages sent by the dealer. We show that the communication rate of a partial broadcast secret sharing scheme can approach 1/O(log n) which is a significant increase over the corresponding value, 1/n, in the conventional secret sharing schemes. We derive a lower bound on the communication rate and show that for a (t,n)-threshold partial broadcast secret sharing scheme the rate is at least 1/t and then we propose constructions with high communication rates. We also present the case of partial broadcast secret sharing schemes for general access structures, discuss possible extensions of this work and propose a number of open problems.      

Bellman最优原理在复杂加权网络中的应用研究

针对现有算法及软件计算复杂加权网络介数的局限性,应用Bellman最优原理于复杂加权网络介数计算中,并针对复杂网络动态演化,节点众多,重点,节点间无边连接等特点作了相应修改.依算法实例计算出了复杂加权网络的最短路径长、最短路径和介数,最后经验证算法具有较快的运行速度和较准确的结果.