To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key w...To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key with the help of the server.In this protocol,the client stores a plaintext version of the password,while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks,server compromise attacks,man-in-the-middle attacks and Denning-Sacco attacks,and it is more efficient.展开更多
In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In ...In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.展开更多
The subliminal channel is used to send a secret message to an authorized receiver; the message cannot he discovered by any unauthorized receivers. Designated verifier signature (DVS) provide authentication of a mess...The subliminal channel is used to send a secret message to an authorized receiver; the message cannot he discovered by any unauthorized receivers. Designated verifier signature (DVS) provide authentication of a message, we design a DVS scheme with message recovery mechanism and use it as a subliminal channel. In order to share a message among n users securely and allows t or more users can reconstruct the secret in dynamic groups, we combine both subliminal channel and (t, n) threshold cryptography. Then we proposed a threshold subliminal channel which can convey a subliminal message to a group of users based on message-recovery designated verifier signatures. Reconstructing the subliminal message relies on the cooperation of t or more users in the group and they can verify the validity of the subliminal message. Security and performance analysis show that the proposed scheme is secure and efficient.展开更多
In this paper, we re-formalize the security notions of universal designated multi verifier signature (UDMVS) schemes. Then the first UDMVS scheme is presented in the standard model (i.e. without random oracles) ba...In this paper, we re-formalize the security notions of universal designated multi verifier signature (UDMVS) schemes. Then the first UDMVS scheme is presented in the standard model (i.e. without random oracles) based on Waters' signature scheme. In this setting, a signature holder can to designate the signature to multi verifiers. Moreover, the security of our proposed scheme is based on the Gap Bilinear Difffie-Hellman assumption.展开更多
To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user ...To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user stores his password in plaintext, and the server stores a verifier for the user’s password, using DL difficult problem and DH difficult problem, through the session between user and server to establish a session key. The security discussion result shows that the proposed protocol provides forward secrecy, and can effectively defend against server compromising fake attacks, dictionary attacks and middleman attacks. Protocol efficiency comparisons reveal our protocol is more reasonable.展开更多
ADE Verifier是Cadence New ADE家庭成员中的重要一员,它主要用于项目管理和验证。Verifier主要功能;(1)可以在I C设计项目中统一管理仿真case与指标对应关系,手动/自动刷新ADE的最新仿真结果并显示其指标通过情况;(2)还可以通过一键完...ADE Verifier是Cadence New ADE家庭成员中的重要一员,它主要用于项目管理和验证。Verifier主要功能;(1)可以在I C设计项目中统一管理仿真case与指标对应关系,手动/自动刷新ADE的最新仿真结果并显示其指标通过情况;(2)还可以通过一键完成项目所有仿真并以简明的界面给出仿真结果和spec达成与否等信息。(3)其流程具有高的统筹性,高效性,操作简单等优点。同时该流程能够提高项目设计规范性,仿真完备性,从而提高芯片设计成功率。本文针对海思公司一个实际ADC项目验证了Verifier flow,在整个流程中可以直观清晰查看整个项目各指标状态和达成情况;结合Matlab在New ADE的集成功能,调用Mat l ab计算的结果也可以直接在ADE和Verifier中显示,基本达到了一键完成所有仿真,大大降低了项目换代,项目管理和项目验证而投入的人力成本。展开更多
Universal designated verifier signature schemes allows a signature holder to designate the signature to a desire designated verifier, in such a way that only designated verifier can verify this signature, but is unabl...Universal designated verifier signature schemes allows a signature holder to designate the signature to a desire designated verifier, in such a way that only designated verifier can verify this signature, but is unable to convince anyone else of this fact. The previous constructions of universal designated verifier signature rely on the underlying public key infrastructure, that needs both signers and verifiers to verify the authenticity of the public keys, and hence, the certificates are required. This article presents the first model and construction of the certificateless universal designated verifier signature scheme, in which the certificates are not needed. The proposed scheme satisfies all the requirements of the universal designated verifier signature in the certificateless system. Security proofs are provided for the scheme based on the random oracle model, assuming that the Bilinear diffie-hellman (BDH) problem is hard to solve.展开更多
An auditing scheme is a good way to prove owner's data outsourced to the cloud are kept intact, and a scheme capable of giving public verifiability service is a good option that some researchers have managed to build...An auditing scheme is a good way to prove owner's data outsourced to the cloud are kept intact, and a scheme capable of giving public verifiability service is a good option that some researchers have managed to build for the last few years. However, in a public auditing scheme everybody does verification of data and a possibility of leaking some secrete information to the public verifiers is an issue that data owners are unhappy with this scenario. For example, the data owner does not want anybody else to know he has the data stored in the cloud server. Motivated by the issue of privacy associated with public auditing system, we proposed a designated verifier auditing (DVA) scheme based on Steinfeld et al.'s universal designated verifier (DV) signature scheme. Our DVA scheme authorizes a third party auditor with private verification capability. It provides private verification because the scheme involves private key of the verifier. Moreover, we present the batch auditing scheme to improve auditing efficiency. Through rigorous security analysis we showed that our scheme is provably secure in the random oracle model assuming that the computational Diffie-Hellman (CDH) problem is hard over the group of bilinear maps.展开更多
A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyr...A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability.展开更多
Theproliferation of Internet of Things(IoT)devices introduces substantial security challenges.Currently,privacy constitutes a significant concern for individuals.While maintaining privacy within these systems is an es...Theproliferation of Internet of Things(IoT)devices introduces substantial security challenges.Currently,privacy constitutes a significant concern for individuals.While maintaining privacy within these systems is an essential characteristic,it often necessitates certain compromises,such as complexity and scalability,thereby complicating management efforts.The principal challenge lies in ensuring confidentiality while simultaneously preserving individuals’anonymity within the system.To address this,we present our proposed architecture for managing IoT devices using blockchain technology.Our proposed architecture works on and off blockchain and is integrated with dashcams and closed-circuit television(CCTV)security cameras.In this work,the videos recorded by the dashcams and CCTV security cameras are hashed through the InterPlanetary File System(IPFS)and this hash is stored in the blockchain.When the accessors want to access the video,they must pass through multiple authentications which include web token authentication and verifiable credentials,to mitigate the risk of malicious users.Our contributions include the proposition of the framework,which works on the single key for every new video,and a novel chaincode algorithm that incorporates verifiable credentials.Analyses are made to show the system’s throughput and latency through stress testing.Significant advantages of the proposed architecture are shown by comparing them to existing schemes.The proposed architecture features a robust design that significantly enhances the security of blockchain-enabled Internet of Things(IoT)deviceswhile effectively mitigating the risk of a single point of failure,which provides a reliable solution for security concerns in the IoT landscape.Our future endeavors will focus on scaling the system by integrating innovative methods to enhance security measures further.展开更多
The wide application of smart contracts allows industry companies to implement some complex distributed collaborative businesses,which involve the calculation of complex functions,such as matrix operations.However,com...The wide application of smart contracts allows industry companies to implement some complex distributed collaborative businesses,which involve the calculation of complex functions,such as matrix operations.However,complex functions such as matrix operations are difficult to implement on Ethereum Virtual Machine(EVM)-based smart contract platforms due to their distributed security environment limitations.Existing off-chain methods often result in a significant reduction in contract execution efficiency,thus a platform software development kit interface implementation method has become a feasible way to reduce overheads,but this method cannot verify operation correctness and may leak sensitive user data.To solve the above problems,we propose a verifiable EVM-based smart contract cross-language implementation scheme for complex operations,especially matrix operations,which can guarantee operation correctness and user privacy while ensuring computational efficiency.In this scheme,a verifiable interaction process is designed to verify the computation process and results,and a matrix blinding technology is introduced to protect sensitive user data in the calculation process.The security analysis and performance tests show that the proposed scheme can satisfy the correctness and privacy of the cross-language implementation of smart contracts at a small additional efficiency cost.展开更多
Distributed data fusion is essential for numerous applications,yet faces significant privacy security challenges.Federated learning(FL),as a distributed machine learning paradigm,offers enhanced data privacy protectio...Distributed data fusion is essential for numerous applications,yet faces significant privacy security challenges.Federated learning(FL),as a distributed machine learning paradigm,offers enhanced data privacy protection and has attracted widespread attention.Consequently,research increasingly focuses on developing more secure FL techniques.However,in real-world scenarios involving malicious entities,the accuracy of FL results is often compromised,particularly due to the threat of collusion between two servers.To address this challenge,this paper proposes an efficient and verifiable data aggregation protocol with enhanced privacy protection.After analyzing attack methods against prior schemes,we implement key improvements.Specifically,by incorporating cascaded random numbers and perturbation terms into gradients,we strengthen the privacy protection afforded by polynomial masking,effectively preventing information leakage.Furthermore,our protocol features an enhanced verification mechanism capable of detecting collusive behaviors between two servers.Accuracy testing on the MNIST and CIFAR-10 datasets demonstrates that our protocol maintains accuracy comparable to the Federated Averaging Algorithm.In scheme efficiency comparisons,while incurring only a marginal increase in verification overhead relative to the baseline scheme,our protocol achieves an average improvement of 93.13% in privacy protection and verification overhead compared to the state-of-the-art scheme.This result highlights its optimal balance between overall overhead and functionality.A current limitation is that the verificationmechanismcannot precisely pinpoint the source of anomalies within aggregated results when server-side malicious behavior occurs.Addressing this limitation will be a focus of future research.展开更多
Ciphertext-Policy Attribute-Based Encryption(CP-ABE)enables fine-grained access control on ciphertexts,making it a promising approach for managing data stored in the cloud-enabled Internet of Things.But existing schem...Ciphertext-Policy Attribute-Based Encryption(CP-ABE)enables fine-grained access control on ciphertexts,making it a promising approach for managing data stored in the cloud-enabled Internet of Things.But existing schemes often suffer from privacy breaches due to explicit attachment of access policies or partial hiding of critical attribute content.Additionally,resource-constrained IoT devices,especially those adopting wireless communication,frequently encounter affordability issues regarding decryption costs.In this paper,we propose an efficient and fine-grained access control scheme with fully hidden policies(named FHAC).FHAC conceals all attributes in the policy and utilizes bloom filters to efficiently locate them.A test phase before decryption is applied to assist authorized users in finding matches between their attributes and the access policy.Dictionary attacks are thwarted by providing unauthorized users with invalid values.The heavy computational overhead of both the test phase and most of the decryption phase is outsourced to two cloud servers.Additionally,users can verify the correctness of multiple outsourced decryption results simultaneously.Security analysis and performance comparisons demonstrate FHAC's effectiveness in protecting policy privacy and achieving efficient decryption.展开更多
Federated Learning(FL)has emerged as a promising distributed machine learning paradigm that enables multi-party collaborative training while eliminating the need for raw data sharing.However,its reliance on a server i...Federated Learning(FL)has emerged as a promising distributed machine learning paradigm that enables multi-party collaborative training while eliminating the need for raw data sharing.However,its reliance on a server introduces critical security vulnerabilities:malicious servers can infer private information from received local model updates or deliberately manipulate aggregation results.Consequently,achieving verifiable aggregation without compromising client privacy remains a critical challenge.To address these problem,we propose a reversible data hiding in encrypted domains(RDHED)scheme,which designs joint secret message embedding and extraction mechanism.This approach enables clients to embed secret messages into ciphertext redundancy spaces generated during model encryption.During the server aggregation process,the embedded messages from all clients fuse within the ciphertext space to form a joint embedding message.Subsequently,clients can decrypt the aggregated results and extract this joint embedding message for verification purposes.Building upon this foundation,we integrate the proposed RDHED scheme with linear homomorphic hash and digital signatures to design a verifiable privacy-preserving aggregation protocol for single-server architectures(VPAFL).Theoretical proofs and experimental analyses show that VPAFL can effectively protect user privacy,achieve lightweight computational and communication overhead of users for verification,and present significant advantages with increasing model dimension.展开更多
Dear Editor,We present a modified surgical technique to verify the chorion layer of the human amniotic membrane(hAM)in treating retinal detachment(RD)with vitrectomy.RD patients with pathological myopia where the tear...Dear Editor,We present a modified surgical technique to verify the chorion layer of the human amniotic membrane(hAM)in treating retinal detachment(RD)with vitrectomy.RD patients with pathological myopia where the tear is located within the posterior pole choroidal atrophy area are difficult to treat.Surgical procedures such as laser treatments,diathermy,cryopexy applications or long-term silicone oil endotamponade may not only be ineffective but also harmful in these cases^([1]).Amniotic membrane transplantation(AMT)is an effective technique in case of RD recurrences to seal retinal holes over high myopic chorioretinal atrophy^([2]).展开更多
Based on Chameleon Hash and D.Boneh’s one round multi-party key agreement protocol,this paper proposes a multi-designated verifiers signature scheme.In this scheme only the verifiers designated by the signer can inde...Based on Chameleon Hash and D.Boneh’s one round multi-party key agreement protocol,this paper proposes a multi-designated verifiers signature scheme.In this scheme only the verifiers designated by the signer can independently verify the signature.And no one else other than the designated person can be convinced by this signature even if one of the designated verifiers reveals the secret value.The analysis of the proposed scheme shows that it satisfies non-transferability,unforgeability and privacy of the signer’s identity and has to low computational cost.展开更多
基金The National High Technology Research and Development Program of China(863Program)(No.2001AA115300)the Natural Science Foundation of Liaoning Province(No.20031018,20062023)
文摘To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key with the help of the server.In this protocol,the client stores a plaintext version of the password,while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks,server compromise attacks,man-in-the-middle attacks and Denning-Sacco attacks,and it is more efficient.
基金Supported by the National Natural Science Foun-dation of Chinafor Distinguished Young Scholars(60225007) the Na-tional Research Fundfor the Doctoral Programof Higher Education ofChina(20020248024) the Science and Technology Research Pro-ject of Shanghai (04DZ07067)
文摘In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.
基金Supported by the National Natural Science Foun-dation of China (60403027)
文摘The subliminal channel is used to send a secret message to an authorized receiver; the message cannot he discovered by any unauthorized receivers. Designated verifier signature (DVS) provide authentication of a message, we design a DVS scheme with message recovery mechanism and use it as a subliminal channel. In order to share a message among n users securely and allows t or more users can reconstruct the secret in dynamic groups, we combine both subliminal channel and (t, n) threshold cryptography. Then we proposed a threshold subliminal channel which can convey a subliminal message to a group of users based on message-recovery designated verifier signatures. Reconstructing the subliminal message relies on the cooperation of t or more users in the group and they can verify the validity of the subliminal message. Security and performance analysis show that the proposed scheme is secure and efficient.
基金Supported by the National Natural Science Foundation of China (60772136)
文摘In this paper, we re-formalize the security notions of universal designated multi verifier signature (UDMVS) schemes. Then the first UDMVS scheme is presented in the standard model (i.e. without random oracles) based on Waters' signature scheme. In this setting, a signature holder can to designate the signature to multi verifiers. Moreover, the security of our proposed scheme is based on the Gap Bilinear Difffie-Hellman assumption.
文摘To tackle with the security lack in the password-authenticated key exchange protocol, this paper proposes a two-party password-authenticated key exchange protocol based on a verifier. In the proposed protocol, a user stores his password in plaintext, and the server stores a verifier for the user’s password, using DL difficult problem and DH difficult problem, through the session between user and server to establish a session key. The security discussion result shows that the proposed protocol provides forward secrecy, and can effectively defend against server compromising fake attacks, dictionary attacks and middleman attacks. Protocol efficiency comparisons reveal our protocol is more reasonable.
文摘ADE Verifier是Cadence New ADE家庭成员中的重要一员,它主要用于项目管理和验证。Verifier主要功能;(1)可以在I C设计项目中统一管理仿真case与指标对应关系,手动/自动刷新ADE的最新仿真结果并显示其指标通过情况;(2)还可以通过一键完成项目所有仿真并以简明的界面给出仿真结果和spec达成与否等信息。(3)其流程具有高的统筹性,高效性,操作简单等优点。同时该流程能够提高项目设计规范性,仿真完备性,从而提高芯片设计成功率。本文针对海思公司一个实际ADC项目验证了Verifier flow,在整个流程中可以直观清晰查看整个项目各指标状态和达成情况;结合Matlab在New ADE的集成功能,调用Mat l ab计算的结果也可以直接在ADE和Verifier中显示,基本达到了一键完成所有仿真,大大降低了项目换代,项目管理和项目验证而投入的人力成本。
基金This work is supported by the National Natural Science Foundation of China (60473027).
文摘Universal designated verifier signature schemes allows a signature holder to designate the signature to a desire designated verifier, in such a way that only designated verifier can verify this signature, but is unable to convince anyone else of this fact. The previous constructions of universal designated verifier signature rely on the underlying public key infrastructure, that needs both signers and verifiers to verify the authenticity of the public keys, and hence, the certificates are required. This article presents the first model and construction of the certificateless universal designated verifier signature scheme, in which the certificates are not needed. The proposed scheme satisfies all the requirements of the universal designated verifier signature in the certificateless system. Security proofs are provided for the scheme based on the random oracle model, assuming that the Bilinear diffie-hellman (BDH) problem is hard to solve.
基金Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant No. 61370203) and Science and Technology on Communication Security Laboratory Foundation (Grant No. 9140C110301110C1103).
文摘An auditing scheme is a good way to prove owner's data outsourced to the cloud are kept intact, and a scheme capable of giving public verifiability service is a good option that some researchers have managed to build for the last few years. However, in a public auditing scheme everybody does verification of data and a possibility of leaking some secrete information to the public verifiers is an issue that data owners are unhappy with this scenario. For example, the data owner does not want anybody else to know he has the data stored in the cloud server. Motivated by the issue of privacy associated with public auditing system, we proposed a designated verifier auditing (DVA) scheme based on Steinfeld et al.'s universal designated verifier (DV) signature scheme. Our DVA scheme authorizes a third party auditor with private verification capability. It provides private verification because the scheme involves private key of the verifier. Moreover, we present the batch auditing scheme to improve auditing efficiency. Through rigorous security analysis we showed that our scheme is provably secure in the random oracle model assuming that the computational Diffie-Hellman (CDH) problem is hard over the group of bilinear maps.
基金Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant Nos. 61003244, 61100224), Doctoral Fund of Ministry of Education of China (20120171110027).Fundamental Research Funds for the Central Universities (1 11gpy71).
文摘A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)(Project Nos.RS-2024-00438551,30%,2022-11220701,30%,2021-0-01816,30%)the National Research Foundation of Korea(NRF)grant funded by the Korean Government(Project No.RS-2023-00208460,10%).
文摘Theproliferation of Internet of Things(IoT)devices introduces substantial security challenges.Currently,privacy constitutes a significant concern for individuals.While maintaining privacy within these systems is an essential characteristic,it often necessitates certain compromises,such as complexity and scalability,thereby complicating management efforts.The principal challenge lies in ensuring confidentiality while simultaneously preserving individuals’anonymity within the system.To address this,we present our proposed architecture for managing IoT devices using blockchain technology.Our proposed architecture works on and off blockchain and is integrated with dashcams and closed-circuit television(CCTV)security cameras.In this work,the videos recorded by the dashcams and CCTV security cameras are hashed through the InterPlanetary File System(IPFS)and this hash is stored in the blockchain.When the accessors want to access the video,they must pass through multiple authentications which include web token authentication and verifiable credentials,to mitigate the risk of malicious users.Our contributions include the proposition of the framework,which works on the single key for every new video,and a novel chaincode algorithm that incorporates verifiable credentials.Analyses are made to show the system’s throughput and latency through stress testing.Significant advantages of the proposed architecture are shown by comparing them to existing schemes.The proposed architecture features a robust design that significantly enhances the security of blockchain-enabled Internet of Things(IoT)deviceswhile effectively mitigating the risk of a single point of failure,which provides a reliable solution for security concerns in the IoT landscape.Our future endeavors will focus on scaling the system by integrating innovative methods to enhance security measures further.
基金supported in part by the National Natural Science Foundation of China under Grant 62272007,U23B2002in part by the Excellent Young Talents Project of the Beijing Municipal University Teacher Team Construction Support Plan under Grant BPHR202203031+1 种基金in part by the Yunnan Key Laboratory of Blockchain Application Technology under Grant 2021105AG070005(YNB202102)in part by the Open Topics of Key Laboratory of Blockchain Technology and Data Security,The Ministry of Industry and Information Technology of the People’s Republic of China under Grant 20243222。
文摘The wide application of smart contracts allows industry companies to implement some complex distributed collaborative businesses,which involve the calculation of complex functions,such as matrix operations.However,complex functions such as matrix operations are difficult to implement on Ethereum Virtual Machine(EVM)-based smart contract platforms due to their distributed security environment limitations.Existing off-chain methods often result in a significant reduction in contract execution efficiency,thus a platform software development kit interface implementation method has become a feasible way to reduce overheads,but this method cannot verify operation correctness and may leak sensitive user data.To solve the above problems,we propose a verifiable EVM-based smart contract cross-language implementation scheme for complex operations,especially matrix operations,which can guarantee operation correctness and user privacy while ensuring computational efficiency.In this scheme,a verifiable interaction process is designed to verify the computation process and results,and a matrix blinding technology is introduced to protect sensitive user data in the calculation process.The security analysis and performance tests show that the proposed scheme can satisfy the correctness and privacy of the cross-language implementation of smart contracts at a small additional efficiency cost.
基金supported by National Key R&D Program of China(2023YFB3106100)National Natural Science Foundation of China(62102452,62172436)Natural Science Foundation of Shaanxi Province(2023-JCYB-584).
文摘Distributed data fusion is essential for numerous applications,yet faces significant privacy security challenges.Federated learning(FL),as a distributed machine learning paradigm,offers enhanced data privacy protection and has attracted widespread attention.Consequently,research increasingly focuses on developing more secure FL techniques.However,in real-world scenarios involving malicious entities,the accuracy of FL results is often compromised,particularly due to the threat of collusion between two servers.To address this challenge,this paper proposes an efficient and verifiable data aggregation protocol with enhanced privacy protection.After analyzing attack methods against prior schemes,we implement key improvements.Specifically,by incorporating cascaded random numbers and perturbation terms into gradients,we strengthen the privacy protection afforded by polynomial masking,effectively preventing information leakage.Furthermore,our protocol features an enhanced verification mechanism capable of detecting collusive behaviors between two servers.Accuracy testing on the MNIST and CIFAR-10 datasets demonstrates that our protocol maintains accuracy comparable to the Federated Averaging Algorithm.In scheme efficiency comparisons,while incurring only a marginal increase in verification overhead relative to the baseline scheme,our protocol achieves an average improvement of 93.13% in privacy protection and verification overhead compared to the state-of-the-art scheme.This result highlights its optimal balance between overall overhead and functionality.A current limitation is that the verificationmechanismcannot precisely pinpoint the source of anomalies within aggregated results when server-side malicious behavior occurs.Addressing this limitation will be a focus of future research.
基金supported in part by the National Key R&D Program of China(Grant No.2019YFB2101700)the National Natural Science Foundation of China(Grant No.62272102,No.62172320,No.U21A20466)+4 种基金the Open Research Fund of Key Laboratory of Cryptography of Zhejiang Province(Grant No.ZCL21015)the Qinghai Key R&D and Transformation Projects(Grant No.2021-GX-112)the Natural Science Foundation of Nanjing University of Posts and Telecommunications(Grant No.NY222141)the Natural Science Foundation of Jiangsu Higher Education Institutions of China under Grant(No.22KJB520029)Henan Key Laboratory of Network Cryptography Technology(No.LNCT2022-A10)。
文摘Ciphertext-Policy Attribute-Based Encryption(CP-ABE)enables fine-grained access control on ciphertexts,making it a promising approach for managing data stored in the cloud-enabled Internet of Things.But existing schemes often suffer from privacy breaches due to explicit attachment of access policies or partial hiding of critical attribute content.Additionally,resource-constrained IoT devices,especially those adopting wireless communication,frequently encounter affordability issues regarding decryption costs.In this paper,we propose an efficient and fine-grained access control scheme with fully hidden policies(named FHAC).FHAC conceals all attributes in the policy and utilizes bloom filters to efficiently locate them.A test phase before decryption is applied to assist authorized users in finding matches between their attributes and the access policy.Dictionary attacks are thwarted by providing unauthorized users with invalid values.The heavy computational overhead of both the test phase and most of the decryption phase is outsourced to two cloud servers.Additionally,users can verify the correctness of multiple outsourced decryption results simultaneously.Security analysis and performance comparisons demonstrate FHAC's effectiveness in protecting policy privacy and achieving efficient decryption.
基金supported in part by the National Natural Science Foundation of China under Grants 62102450,62272478the Independent Research Project of a Certain Unit under Grant ZZKY20243127.
文摘Federated Learning(FL)has emerged as a promising distributed machine learning paradigm that enables multi-party collaborative training while eliminating the need for raw data sharing.However,its reliance on a server introduces critical security vulnerabilities:malicious servers can infer private information from received local model updates or deliberately manipulate aggregation results.Consequently,achieving verifiable aggregation without compromising client privacy remains a critical challenge.To address these problem,we propose a reversible data hiding in encrypted domains(RDHED)scheme,which designs joint secret message embedding and extraction mechanism.This approach enables clients to embed secret messages into ciphertext redundancy spaces generated during model encryption.During the server aggregation process,the embedded messages from all clients fuse within the ciphertext space to form a joint embedding message.Subsequently,clients can decrypt the aggregated results and extract this joint embedding message for verification purposes.Building upon this foundation,we integrate the proposed RDHED scheme with linear homomorphic hash and digital signatures to design a verifiable privacy-preserving aggregation protocol for single-server architectures(VPAFL).Theoretical proofs and experimental analyses show that VPAFL can effectively protect user privacy,achieve lightweight computational and communication overhead of users for verification,and present significant advantages with increasing model dimension.
文摘Dear Editor,We present a modified surgical technique to verify the chorion layer of the human amniotic membrane(hAM)in treating retinal detachment(RD)with vitrectomy.RD patients with pathological myopia where the tear is located within the posterior pole choroidal atrophy area are difficult to treat.Surgical procedures such as laser treatments,diathermy,cryopexy applications or long-term silicone oil endotamponade may not only be ineffective but also harmful in these cases^([1]).Amniotic membrane transplantation(AMT)is an effective technique in case of RD recurrences to seal retinal holes over high myopic chorioretinal atrophy^([2]).
基金supported by the National Basic Research Program of China (No.2007CB311203)the National Natural Science Foundation of China (Grant No.90604022).
文摘Based on Chameleon Hash and D.Boneh’s one round multi-party key agreement protocol,this paper proposes a multi-designated verifiers signature scheme.In this scheme only the verifiers designated by the signer can independently verify the signature.And no one else other than the designated person can be convinced by this signature even if one of the designated verifiers reveals the secret value.The analysis of the proposed scheme shows that it satisfies non-transferability,unforgeability and privacy of the signer’s identity and has to low computational cost.
