711 research outputs found
計算コストの小さい準最適な不正検知可能秘密分散法
A cheating detectable secret sharing scheme is a secret sharing scheme that can detect forged shares in reconstructing a secret. For example, if we store shares in cloud storage, there is a possibility of it being forged. If the administrators of cloud storage are malicious, it is easy for them to forge a share. Therefore, cheating detectable secretsharing schemes have attracted attention, and many efficient schemes have been proposed. However, most existing schemes are not suitable for implementation. The reasons are as follows. First, the computational cost ofthe schemes is very high. Second, the required finite field for implementation depends on the secret. Finally, the schemes do not support secrets that are bit strings.In this paper, we propose a cheating detectable secret sharing scheme suitable for implementation. However, we assume that cheaters do not know the secret. The basicidea is a bit-decomposing technique. The bit length of the proposed scheme is an optimum. Moreover, the proposed scheme is applicable to any linear secret sharing schemes
Information-Theoretic Secure Outsourced Computation in Distributed Systems
Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir\u27s secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using SSS to protect privacy in distributed signal processing. There are three main contributions to this dissertation. First, the proposed computing framework is shown to be significantly more efficient than GC. Second, a novel game-theoretical framework is proposed to analyze different types of collusion attacks. Third, using the proposed game-theoretical framework, specific mechanism designs are developed to deter collusion attacks in a fully distributed manner. Specifically, for a collusion attack with known detectors, I analyze it as games between secret owners and show that the attack can be effectively deterred by an explicit retaliation mechanism. For a general attack without detectors, I expand the scope of the game to include the computing agents and provide deterrence through deceptive collusion requests. The correctness and privacy of the protocols are proved under a covert adversarial model. Our experimental results demonstrate the efficiency of SSS-based protocols and the validity of our mechanism design
Practical unconditionally secure signature schemes and related protocols
The security guarantees provided by digital signatures are vital to many modern applications such as online banking, software distribution, emails and many more. Their ubiquity across digital communications arguably makes digital signatures one of the most important inventions in cryptography. Worryingly, all commonly used schemes – RSA, DSA and ECDSA – provide only computational security, and are rendered completely insecure by quantum computers. Motivated by this threat, this thesis focuses on unconditionally secure signature (USS) schemes – an information theoretically secure analogue of digital signatures. We present and analyse two new USS schemes. The first is a quantum USS scheme that is both information-theoretically secure and realisable with current technology. The scheme represents an improvement over all previous quantum USS schemes, which were always either realisable or had a full security proof, but not both. The second is an entirely classical USS scheme that uses minimal resources and is vastly more efficient than all previous schemes, to such an extent that it could potentially find real-world application. With the discovery of such an efficient classical USS scheme using only minimal resources, it is difficult to see what advantage quantum USS schemes may provide. Lastly, we remain in the information-theoretic security setting and consider two quantum protocols closely related to USS schemes – oblivious transfer and quantum money. For oblivious transfer, we prove new lower bounds on the minimum achievable cheating probabilities in any 1-out-of-2 protocol. For quantum money, we present a scheme that is more efficient and error tolerant than all previous schemes. Additionally, we show that it can be implemented using a coherent source and lossy detectors, thereby allowing for the first experimental demonstration of quantum coin creation and verification
Unconditionally verifiable blind computation
Blind Quantum Computing (BQC) allows a client to have a server carry out a
quantum computation for them such that the client's input, output and
computation remain private. A desirable property for any BQC protocol is
verification, whereby the client can verify with high probability whether the
server has followed the instructions of the protocol, or if there has been some
deviation resulting in a corrupted output state. A verifiable BQC protocol can
be viewed as an interactive proof system leading to consequences for complexity
theory. The authors, together with Broadbent, previously proposed a universal
and unconditionally secure BQC scheme where the client only needs to be able to
prepare single qubits in separable states randomly chosen from a finite set and
send them to the server, who has the balance of the required quantum
computational resources. In this paper we extend that protocol with new
functionality allowing blind computational basis measurements, which we use to
construct a new verifiable BQC protocol based on a new class of resource
states. We rigorously prove that the probability of failing to detect an
incorrect output is exponentially small in a security parameter, while resource
overhead remains polynomial in this parameter. The new resource state allows
entangling gates to be performed between arbitrary pairs of logical qubits with
only constant overhead. This is a significant improvement on the original
scheme, which required that all computations to be performed must first be put
into a nearest neighbour form, incurring linear overhead in the number of
qubits. Such an improvement has important consequences for efficiency and
fault-tolerance thresholds.Comment: 46 pages, 10 figures. Additional protocol added which allows
arbitrary circuits to be verified with polynomial securit
Data Processing over Concealed Data
研究成果の概要 (和文) : 情報を秘匿したまま情報処理を行う秘匿演算方式に関しては,多項目間の相関を計算するクロス集計方式,生体認証方式,および検索を暗号化したまま実現する方式を提案した.複数のユーザが自分の入力を秘匿したままで関数の計算を行うマルチパーティ計算に関しては,マルチパーティ計算において不正を防止するための基礎技術となる不正を検知,あるいは不正者を特定することが可能な秘密分散法の提案を行った.また,関数計算時にユーザ間の通信が不要となる非対話型マルチパーティ計算やd乗算可能な秘密分散に関して,理論的限界の証明や効率の良い方式の提案を行った.研究成果の概要 (英文) : With respect to secure computation over encrypted data that enables us to process encrypted data without decrypting them, we constructed protocols for cross tabulation, biometric authentication, and keyword search. With respect to secure multiparty computation (MPC) that enables multiple users to compute function without revealing inputs possessed by users, we constructed efficient cheating detectable secret sharing and cheater identifiable secret sharing which are used as building blocks to construct MPC. Moreover, we study MPC which does not require user interaction during protocol execution. Namely, we proved theoretical limitation about such protocols, and give efficient construction for them
Cryptanalysis of Random Affine Transformations for Encrypted Control
Cloud-based and distributed computations are of growing interest in modern
control systems. However, these technologies require performing computations on
not necessarily trustworthy platforms and, thus, put the confidentiality of
sensitive control-related data at risk. Encrypted control has dealt with this
issue by utilizing modern cryptosystems with homomorphic properties, which
allow a secure evaluation at the cost of an increased computation or
communication effort (among others). Recently, a cipher based on a random
affine transformation gained attention in the encrypted control community. Its
appeal stems from the possibility to construct security providing homomorphisms
that do not suffer from the restrictions of ``conventional'' approaches.
This paper provides a cryptanalysis of random affine transformations in the
context of encrypted control. To this end, a deterministic and probabilistic
variant of the cipher over real numbers are analyzed in a generalized setup,
where we use cryptographic definitions for security and attacker models. It is
shown that the deterministic cipher breaks under a known-plaintext attack, and
unavoidably leaks information of the closed-loop, which opens another angle of
attack. For the probabilistic variant, statistical indistinguishability of
ciphertexts can be achieved, which makes successful attacks unlikely. We
complete our analysis by investigating a floating point realization of the
probabilistic random affine transformation cipher, which unfortunately suggests
the impracticality of the scheme if a security guarantee is needed.Comment: 8 pages, 2 figures, to be published in the proceedings of the 22nd
World Congress of the International Federation of Automatic Control (2023
Recurring Contingent Service Payment
Fair exchange protocols let two mutually distrustful parties exchange digital data in a way that neither party can cheat. They have various applications such as the exchange of digital items, or the exchange of digital coins and digital services between a buyer and seller. At CCS 2017, two blockchain-based protocols were proposed to support the fair exchange of digital coins and a certain service; namely, "proofs of retrievability" (PoR). In this work, we identify two notable issues of these protocols, (1) waste of the seller's resources, and (2) real-time information leakage. To rectify these issues, we formally define and propose a blockchain-based generic construction called "recurring contingent service payment" (RC-S-P). RC-S-P lets a fair exchange of digital coins and verifiable service occur periodically while ensuring that the buyer cannot waste the seller's resources, and the parties' privacy is preserved. It supports arbitrary verifiable services, such as PoR, or verifiable computation and imposes low on-chain overheads. Also, we present a concrete efficient instantiation of RC-S-P when the verifiable service is PoR. The instantiation is called "recurring contingent PoR payment" (RC-PoR-P). We have implemented RC-PoR-P and analysed its cost. When it deals with a 4-GB outsourced file, a verifier can check a proof in 90 milliseconds, and a dispute between prover and verifier is resolved in 0.1 milliseconds
- …