多重集的保密计算及应用

安全多方计算是近年来国际密码学界研究的热点问题.多重集作为标准集的推广在实际中有广泛的应用,对于多重集的保密计算问题研究具有重要的意义.本文主要研究两方多重集的交集、并集以及基于阈值和集的保密计算问题.首先针对不同问题设计相应的编码方法,结合Paillier加密方案设计保密计算协议,并应用模拟范例方法严格证明协议的安全性.效率分析和实验验证表明本文所设计的协议是简单高效的.     

基于LWE的集合相交和相等的两方保密计算

利用格上LWE (Leaning With Error)困难性假设,将保密地比较两个数是否相等转化为判断对随机串加密后的解密是否正确,有效地解决了数和集合关系的判定、求集合交集和集合相等安全多方计算问题,并利用模拟范例证明该协议在半诚实模型下是安全的。与传统的基于数论的协议相比,该方案由于不需要模指数运算,因而具有较低的计算复杂度,同时因其基于格中困难问题,因而能抵抗量子攻击。     

路径点包含安全两方计算问题的求解

多方安全计算中集合点包含和几何点包含等方法都是近几年密码学研究的一个热点问题。提出路径点包含的安全多方计算问题,并对路径点包含基本原理进行研究。通过对选定路径进行特殊编码,编码后把路径转化为集合,再利用集合包含问题的处理方法,计算了两集合的交集,进而又把集合还原为路径,求出了两路径的公共路径,得到路径点包含安全两方计算的保密结果。最后分析证明了新方案的安全性。     

集合交集元素和的保密计算

安全多方计算作为密码学的重要分支,长期以来主要致力于解决两方或多方参与者隐私数据的联合计算.集合交集元素和的隐私计算作为安全多方计算中的科学计算问题,在保密计算广告转化率中具有重要作用.我们利用保密替换和加密选择求集合的交集,结合Lifted ElGamal加密算法,研究了不同限制下（数据范围较小和数据范围较大）集合交集元素和多方保密计算.本文方案解决两方计算时,Bob只需从Alice发送的数据中选择数据,避免了复杂的模指数运算,且双方不需多次交互,降低了计算成本和通信次数.多方参与计算时,根据加密选择和保密替换的性质,得到集合交集的密文,然后在密文上计算得到集合交集元素的和.通过理论分析和实验证明,本文协议是高效的.最后利用模拟范例证明本文协议是安全的.     

PCS的保密与鉴权协议

本文阐述北美蜂窝电话业暂行标准IS 41修订本C中采纳的鉴权、话音保密和信令信息加密而产生的信息流。鉴权和产生话音保密伪装码及信令信息加密密钥等所采用的算法基于使用密钥 (也称作共享秘密数据或SSD)进行鉴权的专用密钥密码技术。该标准有两种提案。通过采用简单的用户移动模型对这两种方案进行比较 ,并研究了它们对网络数据库业务量的影响。     

有理数相等的保密判定

安全多方计算是近年来国际密码学界研究的热点.数据相等保密判定是安全多方计算的一个基本问题,在指纹匹配和关键词搜索等现实问题中有广泛的应用,因此研究数据相等保密判定有重要的理论与实际意义.本文协议I利用Paillier加密算法高效实现了两个有理数相等的保密判定,协议II基于椭圆曲线同态加密算法安全高效计算多个有理数相等判定问题,并且最后给出了恶意模型下的有理数相等保密判定协议.     

布尔电路上保护隐私集合并集运算的研究与实现

隐私保护技术是当前信息安全领域的研究热点。然而,现阶段集合并集运算中的隐私保护技术侧重理论研究,在实验模型的开发上较为欠缺。针对该问题,该文首先设计了保护隐私的集合合并运算电路、去重电路和混淆电路,并应用YAO氏通用混淆电路估值技术提出了一种布尔电路上保护隐私的集合并集协议。然后,该文使用模拟器视图仿真法证明了协议的安全性。最后,基于MightBeEvil中的YAO氏混淆电路估值框架,开发了该文理论方案对应的实验模型。实验结果表明,在安全计算稀疏集合的并集时,所提算法效率优于当前布尔电路上的其他算法。     

GUC安全的关系联结算子保密计算协议

分布式数据库系统的关系算子的保密计算协议是多方保密计算(MPC)理论的重要应用领域之一,目前该方向的绝大部分工作主要针对如何构造查询类算子的保密计算协议,对如何构造数据生成类算子的保密计算协议则较少涉及。针对广泛应用的关系联结(join)算子,基于保密及匿名的身份基公钥加密(IBE)方案及其用户私钥盲生成协议给出联结算子的2-方保密计算协议的一种通用的、不依赖于随机oracle(即标准模型)的有效构造,并证明该构造具有GUC(generlized universal composability)安全性。     

论网络新形势下信息安全与保密通信

随着网络技术的迅猛发展,网络的开放性、共享性、互连程度不断扩大,网络的覆盖面也越来越广.在这样的环境下,网络对社会的影响越来越占据重要的地位,网络信息安全和保密通信问题也越来越受到大家的关注.本文主要介绍了网络信息安全与保密通信的基本知识.     

空间位置关系的安全多方计算及其应用

空间位置关系的保密计算属于安全多方计算中的空间几何问题,在机密性商业、工程、军事等方面有着重要的意义。但目前大多数空间几何问题都是通过转化为距离或数据对应成比例问题解决的,计算复杂性较高,且应用范围受限。针对这些问题,该文先将原问题转化为一个点是否为一个方程的解,再利用一种简单高效的内积协议一次性解决了点线、点面、线线、线面、面面等5种空间位置关系的判定,并利用模拟范例证明了协议的安全性。该文方案并没有利用任何公钥加密算法,取得了信息论安全;并且由于问题的巧妙转化,使得能解决的问题更加广泛,效率也相对较高。     

Privacy-preserving Matrix Rank Computation and Its Applications

Matrix rank is an important tool for mathematical analysis, it is hard to compute cooperatively in an insecure distributed network. For the purpose to solve this problem, we put forward a privacy-preserving rank computation protocol for the first time. In this paper, the pro-rata protocol is improved to an optimal complexity of O（m） through comparing the collective information to reduce the round number, it performs better when the disproportional pairs distribute dispersedly or appear at later part of the sequence. Then, we propose a protocol to calculate matrix rank by the help of privacy-preserving technology, this protocol implements securely step by step according to the procedure in linear algebra. The protocol achieves the goal in secure two-party model without leaking other message. After that, their applications in mean square error and square sum error are considered. At last, we analyze all the protocols appeared in this paper to inves-tigate their correctness, complexity and security by means of mathematical induction and cryptographic primitive.     

Fast Two-Output Secure Computation with Optimal Error Probability

Cut-and-choose paradigm makes Yao's protocol for two-party computation secure in malicious model with an error probability.In CRYPTO 2013,based on multi-phase cut-and-choose,Lindell reduced this probability to the optimal value.However,this work can only compute single-output functions with optimal error probability.We transform multi-phase cut-and-choose for singleoutput case into one that can deal with two-output functions,meanwhile maintaining the optimal error probability.Based on this new paradigm,we propose an efficient two-output secure computation protocol.Besides,by utilizing the specific property of the output garbled keys,we solve the authenticity issue of the generator's output with only symmetric cryptographic operations linear in the output length of the generator,which is the most efficient method so far in standard model without Random oracle (Ro).     

Collusion-Free Rational Secure Sum Protocol

The secure sum protocol is a useful basic protocol of Secure multiparty computation （SMC）. And it has numerous applications. However traditional secure sum protocol can not guarantee the fairness. In addition, most previous protocols can not resist the collusion-attack. This paper proposes a collusion-free rational secure sum protocol in which we combine game theory with the multiparty secure sum protocol. In the setting of rational secure sum protocol, the gain of following the protocol is more than the gain of deviating, and no player of the coalition parties can do better, even if the whole coalition parties cheat. Analysis shows that the protocol can resist the collusion attack with at most n-2 players, and rational players have to abide by the protocols. Unlike previous secure sum algorithms, this paper aims at obtaining complete fairness even though without a majority of honest parties.     

Secure Multi-Party Computation without Agreement

It has recently been shown that authenticated Byzantine agreement, in which more than a third of the parties are corrupted, cannot be securely realized under concurrent or parallel (stateless) composition. This result puts into question any usage of authenticated Byzantine agreement in a setting where many executions take place. In particular, this is true for the whole body of work of secure multi-party protocols in the case that a third or more of the parties are corrupted. This is because these protocols strongly rely on the extensive use of a broadcast channel, which is in turn realized using authenticated Byzantine agreement. We remark that it was accepted folklore that the use of a broadcast channel (or authenticated Byzantine agreement) is actually essential for achieving meaningful secure multi-party computation whenever a third or more of the parties are corrupted. In this paper we show that this folklore is false. We present a mild relaxation of the definition of secure computation allowing abort. Our new definition captures all the central security issues of secure computation, including privacy, correctness and independence of inputs. However, the novelty of the definition is in decoupling the issue of agreement from these issues. We then show that this relaxation suffices for achieving secure computation in a point-to-point network. That is, we show that secure multi-party computation for this definition can be achieved for any number of corrupted parties and without a broadcast channel (or trusted pre-processing phase as required for running authenticated Byzantine agreement). Furthermore, this is achieved by just replacing the broadcast channel in known protocols with a very simple and efficient echo-broadcast protocol. An important corollary of our result is the ability to obtain multi-party protocols that remain secure under composition, without assuming a broadcast channel.     

Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation

In this paper we show that any two-party functionality can be securely computed in a constant number of rounds , where security is obtained against (polynomial-time) malicious adversaries that may arbitrarily deviate from the protocol specification. This is in contrast to Yao's constant-round protocol that ensures security only in the face of semi-honest adversaries, and to its malicious adversary version that requires a polynomial number of rounds. In order to obtain our result, we present a constant-round protocol for secure coin-tossing of polynomially many coins (in parallel). We then show how this protocol can be used in conjunction with other existing constructions in order to obtain a constant-round protocol for securely computing any two-party functionality. On the subject of coin-tossing, we also present a constant-round almost perfect coin-tossing protocol, where by ``almost perfect' we mean that the resulting coins are guaranteed to be statistically close to uniform (and not just pseudorandom).     

Minimal Complete Primitives for Secure Multi-Party Computation

The study of minimal cryptographic primitives needed to implement secure computation among two or more players is a fundamental question in cryptography. The issue of complete primitives for the case of two players has been thoroughly studied. However, in the multi-party setting, when there are n > 2 players and t of them are corrupted, the question of what are the simplest complete primitives remained open for t n/3. (A primitive is called complete if any computation can be carried out by the players having access only to the primitive and local computation.) In this paper we consider this question, and introduce complete primitives of minimal cardinality for secure multi-party computation. The cardinality issue (number of players accessing the primitive) is essential in settings where primitives are implemented by some other means, and the simpler the primitive the easier it is to realize. We show that our primitives are complete and of minimal cardinality possible for most cases.     

有理区间的安全多方计算与应用

本文研究了有理数与有理区间的位置关系以及两个有理区间位置关系的安全多方计算.它们已广泛应用于数据库匹配、定位搜索等领域,是保密科学计算的一个重要分支.但目前已有文献在解决有理数与有理区间的位置关系时提出的协议效率较低,且两个有理区间位置关系问题的研究较为有限.针对这些问题,本文首先用多项式表示区间,将有理数与有理区间位置关系问题转化为整数向量的内积符号判定问题,设计了新的有理数与有理区间的保密计算协议.其次,以有理数与有理区间协议作为基础模块,设计了两个有理区间位置关系的保密计算协议.最后,理论分析及实验结果均表明本文方案是安全高效的,并给出了本文协议在有理数域上的百万富翁问题及计算几何问题的应用.     

Computationally Secure Oblivious Transfer

We describe new computationally secure protocols of 1-out-of-N oblivious transfer, k-out-of-N oblivious transfer, and oblivious transfer with adaptive queries. The protocols are very efficient compared with solutions based on generic two-party computation or on information-theoretic security. The 1-out-of-N oblivious transfer protocol requires only log N executions of a 1-out-of-2 oblivious transfer protocol. The k-out-of-N protocol is considerably more efficient than k repetitions of 1-out-of-N oblivious transfer, as is the construction for oblivious transfer with adaptive queries. The efficiency of the new oblivious transfer protocols makes them useful for many applications. A direct corollary of the 1-out-of-N oblivious transfer protocol is an efficient transformation of any Private Information Retrieval protocol to a Symmetric PIR protocol.