In a recent quantum oblivious transfer protocol proposed by Nagy et al., it was proven that attacks based on individual measurements and 2-qubit entanglement can all be defeated. Later we found that 5-body entanglemen...In a recent quantum oblivious transfer protocol proposed by Nagy et al., it was proven that attacks based on individual measurements and 2-qubit entanglement can all be defeated. Later we found that 5-body entanglement-based attacks can break the protocol. Here we further tighten the security bound, by showing that the protocol is insecure against 4-body entanglement-based attacks, while being immune to 3-body entanglement-based attacks. Also, increasing the number of qubits in the protocol is useless for improving its security.展开更多
Oblivious key transfer(OKT)is a fundamental problem in the field of secure multi-party computation.It makes the provider send a secret key sequence to the user obliviously,i.e.,the user may only get almost one bit key...Oblivious key transfer(OKT)is a fundamental problem in the field of secure multi-party computation.It makes the provider send a secret key sequence to the user obliviously,i.e.,the user may only get almost one bit key in the sequence which is unknown to the provider.Recently,a number of works have sought to establish the corresponding quantum oblivious key transfer model and rename it as quantum oblivious key distribution(QOKD)from the well-known expression of quantum key distribution(QKD).In this paper,a new QOKD model is firstly proposed for the provider and user with limited quantum capabilities,where both of them just perform computational basis measurement for single photons.Then we show that the privacy for both of them can be protected,since the probability of getting other’s raw-key bits without being detected is exponentially small.Furthermore,we give the solutions to some special decision problems such as set-member decision and point-inclusion by announcing the improved shifting strategies followed QOKD.Finally,the further discussions and applications of our ideas have been presented.展开更多
With the development of cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Therefore,much of growing interest has been pursed in the context of the integrity verifica...With the development of cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Therefore,much of growing interest has been pursed in the context of the integrity verification of cloud storage.Provable data possession(PDP)and Proofs of retrievablity(POR)are two kinds of important scheme which can guarantee the data integrity in the cloud storage environments.The main difference between them is that POR schemes store a redundant encoding of the client data on the server so as to she has the ability of retrievablity while PDP does not have.Unfortunately,most of POR schemes support only static data.Stefanov et al.proposed a dynamic POR,but their scheme need a large of amount of client storage and has a large audit cost.Cash et al.use Oblivious RAM(ORAM)to construct a fully dynamic POR scheme,but the cost of their scheme is also very heavy.Based on the idea which proposed by Cash,we propose dynamic proofs of retrievability via Partitioning-Based Square Root Oblivious RAM(DPoR-PSR-ORAM).Firstly,the notions used in our scheme are defined.The Partitioning-Based Square Root Oblivious RAM(PSR-ORAM)protocol is also proposed.The DPOR-PSR-ORAM Model which includes the formal definitions,security definitions and model construction methods are described in the paper.Finally,we give the security analysis and efficiency analysis.The analysis results show that our scheme not only has the property of correctness,authenticity,next-read pattern hiding and retrievabiltiy,but also has the high efficiency.展开更多
In cryptography,oblivious transfer(OT)is an important multiparty cryptographic primitive and protocol,that is suitable for many upperlayer applications,such as secure computation,remote coin-flipping,electrical contra...In cryptography,oblivious transfer(OT)is an important multiparty cryptographic primitive and protocol,that is suitable for many upperlayer applications,such as secure computation,remote coin-flipping,electrical contract signing and exchanging secrets simultaneously.However,some nogo theorems have been established,indicating that one-out-of-two quantum oblivious transfer(QOT)protocols with unconditional security are impossible.Fortunately,some one-out-of-two QOT protocols using the concept of Crepeau’s reduction have been demonstrated not to conform to Lo’s no-go theorem,but these protocols require more quantum resources to generate classical keys using all-or-nothing QOT to construct one-out-of-two QOT.This paper proposes a novel and efficient one-out-of-two QOT which uses quantum resources directly instead of wasting unnecessary resources to generate classical keys.The proposed protocol is not covered by Lo’s no-go theorem,and it is able to check the sender’s loyalty and avoid the attack from the receiver.Moreover,the entangled state of the proposed protocol is reusable,so it can provide more services for the participants when necessary.Compared with otherQOT protocols,the proposed protocol is more secure,efficient,and flexible,which not only can prevent external and internal attacks,but also reduce the required resources and resource distribution time.展开更多
Oblivious transfer (OT) protocol is a fundamental cryptographical tool and widely used as a building block of secure computation. In this work, we propose two efficient t-out-of-n oblivious transfer schemes with the...Oblivious transfer (OT) protocol is a fundamental cryptographical tool and widely used as a building block of secure computation. In this work, we propose two efficient t-out-of-n oblivious transfer schemes with the designated receiver. A common advantage of the two schemes is efficient. The total computation cost of the sender and the receiver is n + 2t + 1 modular exponentiations in first scheme that is three-round, and the total one of the sender and receiver is n + 3t modular exponentiations in second scheme that is two-round. Another advantage of both schemes is designable.展开更多
In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the ...In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.展开更多
This paper is about distributed oblivious function evaluation (DOFE). In this setting one party (Alice) has a functionf(x), and the other party (Bob) with an input α wants to learnf(α) in an oblivious way with the h...This paper is about distributed oblivious function evaluation (DOFE). In this setting one party (Alice) has a functionf(x), and the other party (Bob) with an input α wants to learnf(α) in an oblivious way with the help of a set of servers. What Alice should do is to share her secret functionf(x) among the servers. Bob obtains what he should get by interacting with the servers. This paper proposes the model and security requirements for DOFE and analyzes three distributed oblivious polynomial evaluation protocols presented in the paper. Keywords oblivious function evaluation - oblivious polynomial evaluation - secure multiparty computation - distributed - information security The research is supported by the National Basic Research 973 Program of China under Grant No. 1999035802 and the National Natural Science Foundation of China under Grant No.60273029.Hong-Da Li was born in 1960. He received the Ph.D. degree from Northwestern Polytechnical University in 2001. His current research interests are cryptology and cryptographic protocol.Xiong Yang received the B.S. degree in mathematics from Yan'an University, China, in 1984. He is an associate professor in College of Economy and Trade at South China University of Tropical Agriculture. His research interest is information security.Deng-Guo Feng was born in 1963. He is now a Ph.D. supervisor. His research interests focus on information security.Bao Li was born in 1965. He received the Ph.D. degree in cryptography in 1995 from Xidian University. His research interests include cryptographic protocols and public key cryptosystems.展开更多
The problem of two-party oblivious polynomial evaluation (OPE) is studied, where one party (Alice) has a polynomial P(x) and the other party (Bob) with an input x wants to learn P(x) in such an oblivious way that Bob ...The problem of two-party oblivious polynomial evaluation (OPE) is studied, where one party (Alice) has a polynomial P(x) and the other party (Bob) with an input x wants to learn P(x) in such an oblivious way that Bob obtains P(x) without learning any additional information about P except what is implied by P(x) and Alice does not know Bob's input x. The former OPE protocols are based on an intractability assumption except for OT protocols. In fact, evaluating P(x) is equivalent to computing the product of the coefficient vectors (a(0),...,a(n)) and (1,...,x(n)). Using this idea, an efficient scale product protocol of two vectors is proposed first and then two OPE protocols are presented which do not need any other cryptographic assumption except for OT protocol. Compared with the existing OPE protocol, another characteristic of the proposed protocols is the degree of the polynomial is private. Another OPE protocol works in case of existence of untrusted third party. Keywords oblivious polynomial evaluation, oblivious transfer, secure multi-party computation, information.展开更多
Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built ...Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).展开更多
Oblivious polynomial evaluation(OPE)is a two-party protocol that allows a receiver,R to learn an evaluation f(α),of a sender,S's polynomial(f(x)),whilst keeping both a and f(x)private.This protocol has attracted ...Oblivious polynomial evaluation(OPE)is a two-party protocol that allows a receiver,R to learn an evaluation f(α),of a sender,S's polynomial(f(x)),whilst keeping both a and f(x)private.This protocol has attracted a lot of attention recently,as it has wide ranging applications in the field of cryptography.In this article we review some of these applications and,additionally,take an in-depth look at the special case of information theoretic OPE.Specifically,we provide a current and critical review of the existing information theoretic OPE protocols in the literature.We divide these protocols into two distinct cases(three-party and distributed OPE)allowing for the easy distinction and classification of future information theoretic OPE protocols.In addition to this work,we also develop several modifications and extensions to existing schemes,resulting in increased security,flexibility and efficiency.Lastly,we also identify a security flaw in a previously published OPE scheme.展开更多
As a fundamental cryptographic primitive, oblivious transfer (OT) is developed for the sake of efficient usability and combinational feasibility. However, most OT protocols are built upon some quantum non-immune crypt...As a fundamental cryptographic primitive, oblivious transfer (OT) is developed for the sake of efficient usability and combinational feasibility. However, most OT protocols are built upon some quantum non-immune cryptosystems by assuming the hardness of discrete logarithm or factoring problem, whose security will break down directly in the quantum setting. Therefore, as a subarea of postquantum cryptography, lattice-based cryptography is viewed as a promising alternative and cornerstone to support for building post-quantum protocols since it enjoys some attractive properties, such as provable security against quantum adversaries and lower asymptotic complexity. In this paper, we first build an efficient 1-out-of-2 OT protocol upon the hardness of ring learning with errors (RLWE) problem, which is at least as hard as some worst-case ideal lattice problems. We show that this 1-out-of-2 OT protocol can be universally composable and secure against static corruptions in the random oracle model. Then we extend it to a general case, i.e., 1-out-of-N OT with achieving the same level of security. Furthermore, on the basis of the above OT structure, we obtain two improved OT protocols using two improved lattice-based key exchange protocols (respectively relying on the RLWE problem and learning with errors (LWE) problem, and both achieving better efficiency by removing the Gaussian sampling for saving cost) as building blocks. To show that our proposed OT protocol indeed achieves comparable security and efficiency, we make a comparison with another two lattice-based OT protocols in the end of the paper. With concerning on the potential threat from quantum computing and expecting on the practical use of OT with high efficiency, an efficient post-quantum OT protocol is pressing needed. As shown in this paper, our proposed OT protocols may be considered as post-quantum OT candidates since they can both preserve provable security relying on lattice problems and enjoy practical efficiency.展开更多
A new secure oblivious transfer (OT) protocol from indistinguishability obfuscation (iO) is proposed in this paper. The candidate iO and a dual-mode cryptosystem are the main technical tools of this scheme. Garg e...A new secure oblivious transfer (OT) protocol from indistinguishability obfuscation (iO) is proposed in this paper. The candidate iO and a dual-mode cryptosystem are the main technical tools of this scheme. Garg et al. introduced a candidate construction of iO in 2013. Following their steps, a new k-out-of-1 OT protocol is presented here, and its realization from decisional Diffie-Hellman (DDH) is described in this paper, in which iO was combined with the dual-mode cryptosystem. The security of the scheme mainly relies on the indistinguishability of the obf-branches (corresponding to the two modes in dual-mode model). This paper explores a new way for the application of iO.展开更多
Function secret sharing(FSS)is a secret sharing technique for functions in a specific function class,mainly including distributed point function(DPF)and distributed comparison function(DCF).As an important basis for f...Function secret sharing(FSS)is a secret sharing technique for functions in a specific function class,mainly including distributed point function(DPF)and distributed comparison function(DCF).As an important basis for function secret sharing,DPF and DCF are the foundation for the extension of this technique to other more general and complex function classes.However,the function classes corresponding to the current DPF and DCF schemes are almost all unary function classes,and there is no efficient construction for multivariate function classes.The applications of FSS can be extended with the development of a multivariate scheme,e.g.,a multi-keyword private information retrieval scheme can be constructed.To solve this problem,this paper presents a binary DCF scheme based on the“two-layer binary tree”structure.In a binary tree structure,each node computes the seed of its child nodes based on its own seed.The key technique is to realize the transition transfer of seeds by using oblivious transfer,to connect two unary structures.Theoretical analysis and experimental results show that our binary scheme changes from single-round communication in the original definition to multiround communication,and has great advantages in communication cost and computation efficiency.For the security parameterλand input length n,the key size is reduced from to O(λn^(2))to O(λn)In addition,we explore the extensions and applications of the above method.In the batch computation,this paper uses oblivious transfer(OT)extension to realize the one-time transmission of multiple pairs of seeds and optimize its communication efficiency.By extending the structure from“two-layer”to“multi-layer”,a secret sharing scheme of multivariate mixed basic function is proposed based on the serial thought.Furthermore,by employing the parallel thought,a general 2-layer FSS structure from OT for multivariate mixed basic functions is explored to enhance the efficiency,where the first layer is composed of d parallel binary trees with d representing the input dimension,and the second layer is one binary tree of depth d.And the applications of our schemes in multi-keyword private information retrieval are presented.展开更多
Secure Multi-party Computation has been a research focus in international cryptographic community in recent years. In this paper the authors investigate how some computational geometric problems could be solved in a c...Secure Multi-party Computation has been a research focus in international cryptographic community in recent years. In this paper the authors investigate how some computational geometric problems could be solved in a cooperative environment, where two parties need to solve a geometric problem based on their joint data, but neither wants to disclose its private data to the other party. These problems are the distance between two private points, the relation between a private point and a circle area, the relation between a private point and an ellipse area and the shortest distance between two point sets. The paper gives solutions to these specific geometric. problems, and in doing so a building block is developed, the protocol for the distance between two private points, that is also useful in the solutions to other geometric problems and combinatorial problems.展开更多
This research aims to review the developments in the field of quantum private query(QPQ), a type of practical quantum cryptographic protocol. The primary protocol, as proposed by Jacobi et al., and the improvements in...This research aims to review the developments in the field of quantum private query(QPQ), a type of practical quantum cryptographic protocol. The primary protocol, as proposed by Jacobi et al., and the improvements in the protocol are introduced.Then, the advancements made in sability, theoretical security, and practical security are summarized. Additionally, we describe two new results concerning QPQ security. We emphasize that a procedure to detect outside adversaries is necessary for QPQ, as well as for other quantum secure computation protocols, and then briefly propose such a strategy. Furthermore, we show that the shift-and-addition or low-shift-and-addition technique can be used to obtain a secure real-world implementation of QPQ, where a weak coherent source is used instead of an ideal single-photon source.展开更多
文摘In a recent quantum oblivious transfer protocol proposed by Nagy et al., it was proven that attacks based on individual measurements and 2-qubit entanglement can all be defeated. Later we found that 5-body entanglement-based attacks can break the protocol. Here we further tighten the security bound, by showing that the protocol is insecure against 4-body entanglement-based attacks, while being immune to 3-body entanglement-based attacks. Also, increasing the number of qubits in the protocol is useless for improving its security.
基金This work is supported by National Natural Science Foundation of China under Grant Nos.61802118,61602316,61932005Open Foundation of State key Laboratory of Networking and Switching Technology(BUPT)under Grant No.SKLNST-2018-1-07,University Nursing Program for Young Scholars with Creative Talents in Heilongjiang Province under Grant No.UNPYSCT-2018015,Science and Technology Innovation Projects of Shenzhen under Grant Nos.JCYJ20190809152003992,JCYJ20170818140234295,JCYJ20170818144026871,JCYJ2017081802237376+3 种基金Guangdong Natural Science Foundation under Grant No.2017A030310134,2018A030313957Shenzhen Polytechnic Youth Innovation Project under Grant 6019310010K0Natural Science Foundation of Heilongjiang Province under Grant No.LH2019F031Hei Long Jiang Postdoctoral Foundation under Grant No.LBH-Z17048.Professor Shenggen Zheng and Xiangfu Zou also give us some helpful comments.We are grateful for their constructive opinions.
文摘Oblivious key transfer(OKT)is a fundamental problem in the field of secure multi-party computation.It makes the provider send a secret key sequence to the user obliviously,i.e.,the user may only get almost one bit key in the sequence which is unknown to the provider.Recently,a number of works have sought to establish the corresponding quantum oblivious key transfer model and rename it as quantum oblivious key distribution(QOKD)from the well-known expression of quantum key distribution(QKD).In this paper,a new QOKD model is firstly proposed for the provider and user with limited quantum capabilities,where both of them just perform computational basis measurement for single photons.Then we show that the privacy for both of them can be protected,since the probability of getting other’s raw-key bits without being detected is exponentially small.Furthermore,we give the solutions to some special decision problems such as set-member decision and point-inclusion by announcing the improved shifting strategies followed QOKD.Finally,the further discussions and applications of our ideas have been presented.
基金This work is supported,in part,by the National Natural Science Foundation of China under grant No.61872069in part,by the Fundamental Research Funds for the Central Universities(N171704005)in part,by the Shenyang Science and Technology Plan Projects(18-013-0-01).
文摘With the development of cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Therefore,much of growing interest has been pursed in the context of the integrity verification of cloud storage.Provable data possession(PDP)and Proofs of retrievablity(POR)are two kinds of important scheme which can guarantee the data integrity in the cloud storage environments.The main difference between them is that POR schemes store a redundant encoding of the client data on the server so as to she has the ability of retrievablity while PDP does not have.Unfortunately,most of POR schemes support only static data.Stefanov et al.proposed a dynamic POR,but their scheme need a large of amount of client storage and has a large audit cost.Cash et al.use Oblivious RAM(ORAM)to construct a fully dynamic POR scheme,but the cost of their scheme is also very heavy.Based on the idea which proposed by Cash,we propose dynamic proofs of retrievability via Partitioning-Based Square Root Oblivious RAM(DPoR-PSR-ORAM).Firstly,the notions used in our scheme are defined.The Partitioning-Based Square Root Oblivious RAM(PSR-ORAM)protocol is also proposed.The DPOR-PSR-ORAM Model which includes the formal definitions,security definitions and model construction methods are described in the paper.Finally,we give the security analysis and efficiency analysis.The analysis results show that our scheme not only has the property of correctness,authenticity,next-read pattern hiding and retrievabiltiy,but also has the high efficiency.
基金supported in part by the Ministry of Science and Technology(MOST)in Taiwan under Grants MOST108-2638-E-002-002-MY2,MOST109-2222-E-005-002-MY3,MOST110-2627-M-002-002,MOST110-2221-E-260-014,MOST110-2222-E-006-011,MOST111-2218-E-005-007-MBK,and MOST111-2119-M-033-001supported in part by Higher Education Sprout Project,Ministry of Education to the Headquarters of University Advancement at National Cheng Kung University.
文摘In cryptography,oblivious transfer(OT)is an important multiparty cryptographic primitive and protocol,that is suitable for many upperlayer applications,such as secure computation,remote coin-flipping,electrical contract signing and exchanging secrets simultaneously.However,some nogo theorems have been established,indicating that one-out-of-two quantum oblivious transfer(QOT)protocols with unconditional security are impossible.Fortunately,some one-out-of-two QOT protocols using the concept of Crepeau’s reduction have been demonstrated not to conform to Lo’s no-go theorem,but these protocols require more quantum resources to generate classical keys using all-or-nothing QOT to construct one-out-of-two QOT.This paper proposes a novel and efficient one-out-of-two QOT which uses quantum resources directly instead of wasting unnecessary resources to generate classical keys.The proposed protocol is not covered by Lo’s no-go theorem,and it is able to check the sender’s loyalty and avoid the attack from the receiver.Moreover,the entangled state of the proposed protocol is reusable,so it can provide more services for the participants when necessary.Compared with otherQOT protocols,the proposed protocol is more secure,efficient,and flexible,which not only can prevent external and internal attacks,but also reduce the required resources and resource distribution time.
基金Supported by Scientific Research Common Programof Beijing Municipal Commission of Education ( KM200610009011)Open Fund of State Key Laboratory of Information Security(Institute of Software of Chinese Academy of Sciences) (02-4)
文摘Oblivious transfer (OT) protocol is a fundamental cryptographical tool and widely used as a building block of secure computation. In this work, we propose two efficient t-out-of-n oblivious transfer schemes with the designated receiver. A common advantage of the two schemes is efficient. The total computation cost of the sender and the receiver is n + 2t + 1 modular exponentiations in first scheme that is three-round, and the total one of the sender and receiver is n + 3t modular exponentiations in second scheme that is two-round. Another advantage of both schemes is designable.
文摘In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.
文摘This paper is about distributed oblivious function evaluation (DOFE). In this setting one party (Alice) has a functionf(x), and the other party (Bob) with an input α wants to learnf(α) in an oblivious way with the help of a set of servers. What Alice should do is to share her secret functionf(x) among the servers. Bob obtains what he should get by interacting with the servers. This paper proposes the model and security requirements for DOFE and analyzes three distributed oblivious polynomial evaluation protocols presented in the paper. Keywords oblivious function evaluation - oblivious polynomial evaluation - secure multiparty computation - distributed - information security The research is supported by the National Basic Research 973 Program of China under Grant No. 1999035802 and the National Natural Science Foundation of China under Grant No.60273029.Hong-Da Li was born in 1960. He received the Ph.D. degree from Northwestern Polytechnical University in 2001. His current research interests are cryptology and cryptographic protocol.Xiong Yang received the B.S. degree in mathematics from Yan'an University, China, in 1984. He is an associate professor in College of Economy and Trade at South China University of Tropical Agriculture. His research interest is information security.Deng-Guo Feng was born in 1963. He is now a Ph.D. supervisor. His research interests focus on information security.Bao Li was born in 1965. He received the Ph.D. degree in cryptography in 1995 from Xidian University. His research interests include cryptographic protocols and public key cryptosystems.
文摘The problem of two-party oblivious polynomial evaluation (OPE) is studied, where one party (Alice) has a polynomial P(x) and the other party (Bob) with an input x wants to learn P(x) in such an oblivious way that Bob obtains P(x) without learning any additional information about P except what is implied by P(x) and Alice does not know Bob's input x. The former OPE protocols are based on an intractability assumption except for OT protocols. In fact, evaluating P(x) is equivalent to computing the product of the coefficient vectors (a(0),...,a(n)) and (1,...,x(n)). Using this idea, an efficient scale product protocol of two vectors is proposed first and then two OPE protocols are presented which do not need any other cryptographic assumption except for OT protocol. Compared with the existing OPE protocol, another characteristic of the proposed protocols is the degree of the polynomial is private. Another OPE protocol works in case of existence of untrusted third party. Keywords oblivious polynomial evaluation, oblivious transfer, secure multi-party computation, information.
基金Project supported by the National Key R&D Program of China(No.2017YFB0802000)the National Natural Science Foundation of China(Nos.61672412,61472309,and 61572390)the China Scholarship Council(No.201406960041)
文摘Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).
文摘Oblivious polynomial evaluation(OPE)is a two-party protocol that allows a receiver,R to learn an evaluation f(α),of a sender,S's polynomial(f(x)),whilst keeping both a and f(x)private.This protocol has attracted a lot of attention recently,as it has wide ranging applications in the field of cryptography.In this article we review some of these applications and,additionally,take an in-depth look at the special case of information theoretic OPE.Specifically,we provide a current and critical review of the existing information theoretic OPE protocols in the literature.We divide these protocols into two distinct cases(three-party and distributed OPE)allowing for the easy distinction and classification of future information theoretic OPE protocols.In addition to this work,we also develop several modifications and extensions to existing schemes,resulting in increased security,flexibility and efficiency.Lastly,we also identify a security flaw in a previously published OPE scheme.
基金the National Key R&D Program of China (2017YFB0802000)the National Natural Science Foundations of China (Grant Nos. 61472309, 61672412)+1 种基金the National Cryptography Development Fund (MMJJ20170104)the China Scholarship Council (201406960041).
文摘As a fundamental cryptographic primitive, oblivious transfer (OT) is developed for the sake of efficient usability and combinational feasibility. However, most OT protocols are built upon some quantum non-immune cryptosystems by assuming the hardness of discrete logarithm or factoring problem, whose security will break down directly in the quantum setting. Therefore, as a subarea of postquantum cryptography, lattice-based cryptography is viewed as a promising alternative and cornerstone to support for building post-quantum protocols since it enjoys some attractive properties, such as provable security against quantum adversaries and lower asymptotic complexity. In this paper, we first build an efficient 1-out-of-2 OT protocol upon the hardness of ring learning with errors (RLWE) problem, which is at least as hard as some worst-case ideal lattice problems. We show that this 1-out-of-2 OT protocol can be universally composable and secure against static corruptions in the random oracle model. Then we extend it to a general case, i.e., 1-out-of-N OT with achieving the same level of security. Furthermore, on the basis of the above OT structure, we obtain two improved OT protocols using two improved lattice-based key exchange protocols (respectively relying on the RLWE problem and learning with errors (LWE) problem, and both achieving better efficiency by removing the Gaussian sampling for saving cost) as building blocks. To show that our proposed OT protocol indeed achieves comparable security and efficiency, we make a comparison with another two lattice-based OT protocols in the end of the paper. With concerning on the potential threat from quantum computing and expecting on the practical use of OT with high efficiency, an efficient post-quantum OT protocol is pressing needed. As shown in this paper, our proposed OT protocols may be considered as post-quantum OT candidates since they can both preserve provable security relying on lattice problems and enjoy practical efficiency.
基金supported by Opening Project of State Key Laboratory of Cryptology, Scientific Research and Postgraduate Training Cooperation Project-Scientific Research Base-New Theory of Block Cipher and Obfuscation and their Application Research, and Information Management and Professional Building of Information System
文摘A new secure oblivious transfer (OT) protocol from indistinguishability obfuscation (iO) is proposed in this paper. The candidate iO and a dual-mode cryptosystem are the main technical tools of this scheme. Garg et al. introduced a candidate construction of iO in 2013. Following their steps, a new k-out-of-1 OT protocol is presented here, and its realization from decisional Diffie-Hellman (DDH) is described in this paper, in which iO was combined with the dual-mode cryptosystem. The security of the scheme mainly relies on the indistinguishability of the obf-branches (corresponding to the two modes in dual-mode model). This paper explores a new way for the application of iO.
基金supported by National Key R&D Program of China(No.2022ZD0161901)the National Natural Science Foundation of China(Grant No.62072023)+3 种基金Beijing Natural Science Foundation(No.4242024)the Open Project Fund of the State Key Laboratory of Cryptology,China(No.MMKFKT202120)the Exploratory Optional Project Fund of the State Key Laboratory of Complex&Critical Software Environment(No.SKLCCSE-2025ZX-XX)the Fundamental Research Funds of Beihang University,China(Nos.YWF-21-BJ-J-1041 and YWF-23-L-1033).
文摘Function secret sharing(FSS)is a secret sharing technique for functions in a specific function class,mainly including distributed point function(DPF)and distributed comparison function(DCF).As an important basis for function secret sharing,DPF and DCF are the foundation for the extension of this technique to other more general and complex function classes.However,the function classes corresponding to the current DPF and DCF schemes are almost all unary function classes,and there is no efficient construction for multivariate function classes.The applications of FSS can be extended with the development of a multivariate scheme,e.g.,a multi-keyword private information retrieval scheme can be constructed.To solve this problem,this paper presents a binary DCF scheme based on the“two-layer binary tree”structure.In a binary tree structure,each node computes the seed of its child nodes based on its own seed.The key technique is to realize the transition transfer of seeds by using oblivious transfer,to connect two unary structures.Theoretical analysis and experimental results show that our binary scheme changes from single-round communication in the original definition to multiround communication,and has great advantages in communication cost and computation efficiency.For the security parameterλand input length n,the key size is reduced from to O(λn^(2))to O(λn)In addition,we explore the extensions and applications of the above method.In the batch computation,this paper uses oblivious transfer(OT)extension to realize the one-time transmission of multiple pairs of seeds and optimize its communication efficiency.By extending the structure from“two-layer”to“multi-layer”,a secret sharing scheme of multivariate mixed basic function is proposed based on the serial thought.Furthermore,by employing the parallel thought,a general 2-layer FSS structure from OT for multivariate mixed basic functions is explored to enhance the efficiency,where the first layer is composed of d parallel binary trees with d representing the input dimension,and the second layer is one binary tree of depth d.And the applications of our schemes in multi-keyword private information retrieval are presented.
文摘Secure Multi-party Computation has been a research focus in international cryptographic community in recent years. In this paper the authors investigate how some computational geometric problems could be solved in a cooperative environment, where two parties need to solve a geometric problem based on their joint data, but neither wants to disclose its private data to the other party. These problems are the distance between two private points, the relation between a private point and a circle area, the relation between a private point and an ellipse area and the shortest distance between two point sets. The paper gives solutions to these specific geometric. problems, and in doing so a building block is developed, the protocol for the distance between two private points, that is also useful in the solutions to other geometric problems and combinatorial problems.
基金supported by the National Natural Science Foundation of China(Grant Nos.61672110,61572081,61671082,61702469,and61771439)
文摘This research aims to review the developments in the field of quantum private query(QPQ), a type of practical quantum cryptographic protocol. The primary protocol, as proposed by Jacobi et al., and the improvements in the protocol are introduced.Then, the advancements made in sability, theoretical security, and practical security are summarized. Additionally, we describe two new results concerning QPQ security. We emphasize that a procedure to detect outside adversaries is necessary for QPQ, as well as for other quantum secure computation protocols, and then briefly propose such a strategy. Furthermore, we show that the shift-and-addition or low-shift-and-addition technique can be used to obtain a secure real-world implementation of QPQ, where a weak coherent source is used instead of an ideal single-photon source.
