In cryptography,oblivious transfer(OT)is an important multiparty cryptographic primitive and protocol,that is suitable for many upperlayer applications,such as secure computation,remote coin-flipping,electrical contra...In cryptography,oblivious transfer(OT)is an important multiparty cryptographic primitive and protocol,that is suitable for many upperlayer applications,such as secure computation,remote coin-flipping,electrical contract signing and exchanging secrets simultaneously.However,some nogo theorems have been established,indicating that one-out-of-two quantum oblivious transfer(QOT)protocols with unconditional security are impossible.Fortunately,some one-out-of-two QOT protocols using the concept of Crepeau’s reduction have been demonstrated not to conform to Lo’s no-go theorem,but these protocols require more quantum resources to generate classical keys using all-or-nothing QOT to construct one-out-of-two QOT.This paper proposes a novel and efficient one-out-of-two QOT which uses quantum resources directly instead of wasting unnecessary resources to generate classical keys.The proposed protocol is not covered by Lo’s no-go theorem,and it is able to check the sender’s loyalty and avoid the attack from the receiver.Moreover,the entangled state of the proposed protocol is reusable,so it can provide more services for the participants when necessary.Compared with otherQOT protocols,the proposed protocol is more secure,efficient,and flexible,which not only can prevent external and internal attacks,but also reduce the required resources and resource distribution time.展开更多
Oblivious key transfer(OKT)is a fundamental problem in the field of secure multi-party computation.It makes the provider send a secret key sequence to the user obliviously,i.e.,the user may only get almost one bit key...Oblivious key transfer(OKT)is a fundamental problem in the field of secure multi-party computation.It makes the provider send a secret key sequence to the user obliviously,i.e.,the user may only get almost one bit key in the sequence which is unknown to the provider.Recently,a number of works have sought to establish the corresponding quantum oblivious key transfer model and rename it as quantum oblivious key distribution(QOKD)from the well-known expression of quantum key distribution(QKD).In this paper,a new QOKD model is firstly proposed for the provider and user with limited quantum capabilities,where both of them just perform computational basis measurement for single photons.Then we show that the privacy for both of them can be protected,since the probability of getting other’s raw-key bits without being detected is exponentially small.Furthermore,we give the solutions to some special decision problems such as set-member decision and point-inclusion by announcing the improved shifting strategies followed QOKD.Finally,the further discussions and applications of our ideas have been presented.展开更多
With the development of cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Therefore,much of growing interest has been pursed in the context of the integrity verifica...With the development of cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Therefore,much of growing interest has been pursed in the context of the integrity verification of cloud storage.Provable data possession(PDP)and Proofs of retrievablity(POR)are two kinds of important scheme which can guarantee the data integrity in the cloud storage environments.The main difference between them is that POR schemes store a redundant encoding of the client data on the server so as to she has the ability of retrievablity while PDP does not have.Unfortunately,most of POR schemes support only static data.Stefanov et al.proposed a dynamic POR,but their scheme need a large of amount of client storage and has a large audit cost.Cash et al.use Oblivious RAM(ORAM)to construct a fully dynamic POR scheme,but the cost of their scheme is also very heavy.Based on the idea which proposed by Cash,we propose dynamic proofs of retrievability via Partitioning-Based Square Root Oblivious RAM(DPoR-PSR-ORAM).Firstly,the notions used in our scheme are defined.The Partitioning-Based Square Root Oblivious RAM(PSR-ORAM)protocol is also proposed.The DPOR-PSR-ORAM Model which includes the formal definitions,security definitions and model construction methods are described in the paper.Finally,we give the security analysis and efficiency analysis.The analysis results show that our scheme not only has the property of correctness,authenticity,next-read pattern hiding and retrievabiltiy,but also has the high efficiency.展开更多
In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the ...In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.展开更多
This research aims to review the developments in the field of quantum private query(QPQ), a type of practical quantum cryptographic protocol. The primary protocol, as proposed by Jacobi et al., and the improvements in...This research aims to review the developments in the field of quantum private query(QPQ), a type of practical quantum cryptographic protocol. The primary protocol, as proposed by Jacobi et al., and the improvements in the protocol are introduced.Then, the advancements made in sability, theoretical security, and practical security are summarized. Additionally, we describe two new results concerning QPQ security. We emphasize that a procedure to detect outside adversaries is necessary for QPQ, as well as for other quantum secure computation protocols, and then briefly propose such a strategy. Furthermore, we show that the shift-and-addition or low-shift-and-addition technique can be used to obtain a secure real-world implementation of QPQ, where a weak coherent source is used instead of an ideal single-photon source.展开更多
As a fundamental cryptographic primitive, oblivious transfer (OT) is developed for the sake of efficient usability and combinational feasibility. However, most OT protocols are built upon some quantum non-immune crypt...As a fundamental cryptographic primitive, oblivious transfer (OT) is developed for the sake of efficient usability and combinational feasibility. However, most OT protocols are built upon some quantum non-immune cryptosystems by assuming the hardness of discrete logarithm or factoring problem, whose security will break down directly in the quantum setting. Therefore, as a subarea of postquantum cryptography, lattice-based cryptography is viewed as a promising alternative and cornerstone to support for building post-quantum protocols since it enjoys some attractive properties, such as provable security against quantum adversaries and lower asymptotic complexity. In this paper, we first build an efficient 1-out-of-2 OT protocol upon the hardness of ring learning with errors (RLWE) problem, which is at least as hard as some worst-case ideal lattice problems. We show that this 1-out-of-2 OT protocol can be universally composable and secure against static corruptions in the random oracle model. Then we extend it to a general case, i.e., 1-out-of-N OT with achieving the same level of security. Furthermore, on the basis of the above OT structure, we obtain two improved OT protocols using two improved lattice-based key exchange protocols (respectively relying on the RLWE problem and learning with errors (LWE) problem, and both achieving better efficiency by removing the Gaussian sampling for saving cost) as building blocks. To show that our proposed OT protocol indeed achieves comparable security and efficiency, we make a comparison with another two lattice-based OT protocols in the end of the paper. With concerning on the potential threat from quantum computing and expecting on the practical use of OT with high efficiency, an efficient post-quantum OT protocol is pressing needed. As shown in this paper, our proposed OT protocols may be considered as post-quantum OT candidates since they can both preserve provable security relying on lattice problems and enjoy practical efficiency.展开更多
Oblivious polynomial evaluation(OPE)is a two-party protocol that allows a receiver,R to learn an evaluation f(α),of a sender,S's polynomial(f(x)),whilst keeping both a and f(x)private.This protocol has attracted ...Oblivious polynomial evaluation(OPE)is a two-party protocol that allows a receiver,R to learn an evaluation f(α),of a sender,S's polynomial(f(x)),whilst keeping both a and f(x)private.This protocol has attracted a lot of attention recently,as it has wide ranging applications in the field of cryptography.In this article we review some of these applications and,additionally,take an in-depth look at the special case of information theoretic OPE.Specifically,we provide a current and critical review of the existing information theoretic OPE protocols in the literature.We divide these protocols into two distinct cases(three-party and distributed OPE)allowing for the easy distinction and classification of future information theoretic OPE protocols.In addition to this work,we also develop several modifications and extensions to existing schemes,resulting in increased security,flexibility and efficiency.Lastly,we also identify a security flaw in a previously published OPE scheme.展开更多
Secure multi-party computation(MPC)allows a set of parties to jointly compute a function on their private inputs,and reveals nothing but the output of the function.In the last decade,MPC has rapidly moved from a purel...Secure multi-party computation(MPC)allows a set of parties to jointly compute a function on their private inputs,and reveals nothing but the output of the function.In the last decade,MPC has rapidly moved from a purely theoretical study to an object of practical interest,with a growing interest in practical applications such as privacy-preserving machine learning(PPML).In this paper,we comprehensively survey existing work on concretely ecient MPC protocols with both semi-honest and malicious security,in both dishonest-majority and honest-majority settings.We focus on considering the notion of security with abort,meaning that corrupted parties could prevent honest parties from receiving output after they receive output.We present high-level ideas of the basic and key approaches for designing di erent styles of MPC protocols and the crucial building blocks of MPC.For MPC applications,we compare the known PPML protocols built on MPC,and describe the eciency of private inference and training for the state-of-the-art PPML protocols.Further-more,we summarize several challenges and open problems to break though the eciency of MPC protocols as well as some interesting future work that is worth being addressed.This survey aims to provide the recent development and key approaches of MPC to researchers,who are interested in knowing,improving,and applying concretely ecient MPC protocols.展开更多
基金supported in part by the Ministry of Science and Technology(MOST)in Taiwan under Grants MOST108-2638-E-002-002-MY2,MOST109-2222-E-005-002-MY3,MOST110-2627-M-002-002,MOST110-2221-E-260-014,MOST110-2222-E-006-011,MOST111-2218-E-005-007-MBK,and MOST111-2119-M-033-001supported in part by Higher Education Sprout Project,Ministry of Education to the Headquarters of University Advancement at National Cheng Kung University.
文摘In cryptography,oblivious transfer(OT)is an important multiparty cryptographic primitive and protocol,that is suitable for many upperlayer applications,such as secure computation,remote coin-flipping,electrical contract signing and exchanging secrets simultaneously.However,some nogo theorems have been established,indicating that one-out-of-two quantum oblivious transfer(QOT)protocols with unconditional security are impossible.Fortunately,some one-out-of-two QOT protocols using the concept of Crepeau’s reduction have been demonstrated not to conform to Lo’s no-go theorem,but these protocols require more quantum resources to generate classical keys using all-or-nothing QOT to construct one-out-of-two QOT.This paper proposes a novel and efficient one-out-of-two QOT which uses quantum resources directly instead of wasting unnecessary resources to generate classical keys.The proposed protocol is not covered by Lo’s no-go theorem,and it is able to check the sender’s loyalty and avoid the attack from the receiver.Moreover,the entangled state of the proposed protocol is reusable,so it can provide more services for the participants when necessary.Compared with otherQOT protocols,the proposed protocol is more secure,efficient,and flexible,which not only can prevent external and internal attacks,but also reduce the required resources and resource distribution time.
基金This work is supported by National Natural Science Foundation of China under Grant Nos.61802118,61602316,61932005Open Foundation of State key Laboratory of Networking and Switching Technology(BUPT)under Grant No.SKLNST-2018-1-07,University Nursing Program for Young Scholars with Creative Talents in Heilongjiang Province under Grant No.UNPYSCT-2018015,Science and Technology Innovation Projects of Shenzhen under Grant Nos.JCYJ20190809152003992,JCYJ20170818140234295,JCYJ20170818144026871,JCYJ2017081802237376+3 种基金Guangdong Natural Science Foundation under Grant No.2017A030310134,2018A030313957Shenzhen Polytechnic Youth Innovation Project under Grant 6019310010K0Natural Science Foundation of Heilongjiang Province under Grant No.LH2019F031Hei Long Jiang Postdoctoral Foundation under Grant No.LBH-Z17048.Professor Shenggen Zheng and Xiangfu Zou also give us some helpful comments.We are grateful for their constructive opinions.
文摘Oblivious key transfer(OKT)is a fundamental problem in the field of secure multi-party computation.It makes the provider send a secret key sequence to the user obliviously,i.e.,the user may only get almost one bit key in the sequence which is unknown to the provider.Recently,a number of works have sought to establish the corresponding quantum oblivious key transfer model and rename it as quantum oblivious key distribution(QOKD)from the well-known expression of quantum key distribution(QKD).In this paper,a new QOKD model is firstly proposed for the provider and user with limited quantum capabilities,where both of them just perform computational basis measurement for single photons.Then we show that the privacy for both of them can be protected,since the probability of getting other’s raw-key bits without being detected is exponentially small.Furthermore,we give the solutions to some special decision problems such as set-member decision and point-inclusion by announcing the improved shifting strategies followed QOKD.Finally,the further discussions and applications of our ideas have been presented.
基金This work is supported,in part,by the National Natural Science Foundation of China under grant No.61872069in part,by the Fundamental Research Funds for the Central Universities(N171704005)in part,by the Shenyang Science and Technology Plan Projects(18-013-0-01).
文摘With the development of cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Therefore,much of growing interest has been pursed in the context of the integrity verification of cloud storage.Provable data possession(PDP)and Proofs of retrievablity(POR)are two kinds of important scheme which can guarantee the data integrity in the cloud storage environments.The main difference between them is that POR schemes store a redundant encoding of the client data on the server so as to she has the ability of retrievablity while PDP does not have.Unfortunately,most of POR schemes support only static data.Stefanov et al.proposed a dynamic POR,but their scheme need a large of amount of client storage and has a large audit cost.Cash et al.use Oblivious RAM(ORAM)to construct a fully dynamic POR scheme,but the cost of their scheme is also very heavy.Based on the idea which proposed by Cash,we propose dynamic proofs of retrievability via Partitioning-Based Square Root Oblivious RAM(DPoR-PSR-ORAM).Firstly,the notions used in our scheme are defined.The Partitioning-Based Square Root Oblivious RAM(PSR-ORAM)protocol is also proposed.The DPOR-PSR-ORAM Model which includes the formal definitions,security definitions and model construction methods are described in the paper.Finally,we give the security analysis and efficiency analysis.The analysis results show that our scheme not only has the property of correctness,authenticity,next-read pattern hiding and retrievabiltiy,but also has the high efficiency.
文摘In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.
基金supported by the National Natural Science Foundation of China(Grant Nos.61672110,61572081,61671082,61702469,and61771439)
文摘This research aims to review the developments in the field of quantum private query(QPQ), a type of practical quantum cryptographic protocol. The primary protocol, as proposed by Jacobi et al., and the improvements in the protocol are introduced.Then, the advancements made in sability, theoretical security, and practical security are summarized. Additionally, we describe two new results concerning QPQ security. We emphasize that a procedure to detect outside adversaries is necessary for QPQ, as well as for other quantum secure computation protocols, and then briefly propose such a strategy. Furthermore, we show that the shift-and-addition or low-shift-and-addition technique can be used to obtain a secure real-world implementation of QPQ, where a weak coherent source is used instead of an ideal single-photon source.
基金the National Key R&D Program of China (2017YFB0802000)the National Natural Science Foundations of China (Grant Nos. 61472309, 61672412)+1 种基金the National Cryptography Development Fund (MMJJ20170104)the China Scholarship Council (201406960041).
文摘As a fundamental cryptographic primitive, oblivious transfer (OT) is developed for the sake of efficient usability and combinational feasibility. However, most OT protocols are built upon some quantum non-immune cryptosystems by assuming the hardness of discrete logarithm or factoring problem, whose security will break down directly in the quantum setting. Therefore, as a subarea of postquantum cryptography, lattice-based cryptography is viewed as a promising alternative and cornerstone to support for building post-quantum protocols since it enjoys some attractive properties, such as provable security against quantum adversaries and lower asymptotic complexity. In this paper, we first build an efficient 1-out-of-2 OT protocol upon the hardness of ring learning with errors (RLWE) problem, which is at least as hard as some worst-case ideal lattice problems. We show that this 1-out-of-2 OT protocol can be universally composable and secure against static corruptions in the random oracle model. Then we extend it to a general case, i.e., 1-out-of-N OT with achieving the same level of security. Furthermore, on the basis of the above OT structure, we obtain two improved OT protocols using two improved lattice-based key exchange protocols (respectively relying on the RLWE problem and learning with errors (LWE) problem, and both achieving better efficiency by removing the Gaussian sampling for saving cost) as building blocks. To show that our proposed OT protocol indeed achieves comparable security and efficiency, we make a comparison with another two lattice-based OT protocols in the end of the paper. With concerning on the potential threat from quantum computing and expecting on the practical use of OT with high efficiency, an efficient post-quantum OT protocol is pressing needed. As shown in this paper, our proposed OT protocols may be considered as post-quantum OT candidates since they can both preserve provable security relying on lattice problems and enjoy practical efficiency.
文摘Oblivious polynomial evaluation(OPE)is a two-party protocol that allows a receiver,R to learn an evaluation f(α),of a sender,S's polynomial(f(x)),whilst keeping both a and f(x)private.This protocol has attracted a lot of attention recently,as it has wide ranging applications in the field of cryptography.In this article we review some of these applications and,additionally,take an in-depth look at the special case of information theoretic OPE.Specifically,we provide a current and critical review of the existing information theoretic OPE protocols in the literature.We divide these protocols into two distinct cases(three-party and distributed OPE)allowing for the easy distinction and classification of future information theoretic OPE protocols.In addition to this work,we also develop several modifications and extensions to existing schemes,resulting in increased security,flexibility and efficiency.Lastly,we also identify a security flaw in a previously published OPE scheme.
基金the National Key Research and Development Program of China(Grant No.2018YFB0804105)in part by the National Natural Science Foundation of China(Grant Nos.62102037,61932019).
文摘Secure multi-party computation(MPC)allows a set of parties to jointly compute a function on their private inputs,and reveals nothing but the output of the function.In the last decade,MPC has rapidly moved from a purely theoretical study to an object of practical interest,with a growing interest in practical applications such as privacy-preserving machine learning(PPML).In this paper,we comprehensively survey existing work on concretely ecient MPC protocols with both semi-honest and malicious security,in both dishonest-majority and honest-majority settings.We focus on considering the notion of security with abort,meaning that corrupted parties could prevent honest parties from receiving output after they receive output.We present high-level ideas of the basic and key approaches for designing di erent styles of MPC protocols and the crucial building blocks of MPC.For MPC applications,we compare the known PPML protocols built on MPC,and describe the eciency of private inference and training for the state-of-the-art PPML protocols.Further-more,we summarize several challenges and open problems to break though the eciency of MPC protocols as well as some interesting future work that is worth being addressed.This survey aims to provide the recent development and key approaches of MPC to researchers,who are interested in knowing,improving,and applying concretely ecient MPC protocols.