잡음키를 가지는 신원기반 동형암호에 관한 연구

학위논문(박사)--서울대학교 대학원 :자연과학대학 수리과학부,2020. 2. 천정희.클라우드 상의 데이터 분석 위임 시나리오는 동형암호의 가장 효과적인 응용 시나리오 중 하나이다. 그러나, 다양한 데이터 제공자와 분석결과 요구자가 존재하는 실제 현실의 모델에서는 기본적인 암복호화와 동형 연산 외에도 여전히 해결해야 할 과제들이 남아있는 실정이다. 본 학위논문에서는 이러한 모델에서 필요한 여러 요구사항들을 포착하고, 이에 대한 해결방안을 논하였다. 먼저, 기존의 알려진 동형 데이터 분석 솔루션들은 데이터 간의 층위나 수준을 고려하지 못한다는 점에 착안하여, 신원기반 암호와 동형암호를 결합하여 데이터 사이에 접근 권한을 설정하여 해당 데이터 사이의 연산을 허용하는 모델을 생각하였다. 또한 이 모델의 효율적인 동작을 위해서 동형암호 친화적인 신원기반 암호에 대하여 연구하였고, 기존에 알려진 NTRU 기반의 암호를 확장하여 module-NTRU 문제를 정의하고 이를 기반으로 한 신원기반 암호를 제안하였다. 둘째로, 동형암호의 복호화 과정에는 여전히 비밀키가 관여하고 있고, 따라서 비밀키 관리 문제가 남아있다는 점을 포착하였다. 이러한 점에서 생체정보를 활용할 수 있는 복호화 과정을 개발하여 해당 과정을 동형암호 복호화에 적용하였고, 이를 통해 암복호화와 동형 연산의 전 과정을 어느 곳에도 키가 저장되지 않은 상태로 수행할 수 있는 암호시스템을 제안하였다. 마지막으로, 동형암호의 구체적인 안전성 평가 방법을 고려하였다. 이를 위해 동형암호가 기반하고 있는 이른바 Learning With Errors (LWE) 문제의 실제적인 난해성을 면밀히 분석하였고, 그 결과 기존의 공격 알고리즘보다 평균적으로 1000배 이상 빠른 공격 알고리즘들을 개발하였다. 이를 통해 현재 사용하고 있는 동형암호 파라미터가 안전하지 않음을 보였고, 새로운 공격 알고리즘을 통한 파라미터 설정 방법에 대해서 논하였다.Secure data analysis delegation on cloud is one of the most powerful application that homomorphic encryption (HE) can bring. As the technical level of HE arrive at practical regime, this model is also being considered to be a more serious and realistic paradigm. In this regard, this increasing attention requires more versatile and secure model to deal with much complicated real world problems. First, as real world modeling involves a number of data owners and clients, an authorized control to data access is still required even for HE scenario. Second, we note that although homomorphic operation requires no secret key, the decryption requires the secret key. That is, the secret key management concern still remains even for HE. Last, in a rather fundamental view, we thoroughly analyze the concrete hardness of the base problem of HE, so-called Learning With Errors (LWE). In fact, for the sake of efficiency, HE exploits a weaker variant of LWE whose security is believed not fully understood. For the data encryption phase efficiency, we improve the previously suggested NTRU-lattice ID-based encryption by generalizing the NTRU concept into module-NTRU lattice. Moreover, we design a novel method that decrypts the resulting ciphertext with a noisy key. This enables the decryptor to use its own noisy source, in particular biometric, and hence fundamentally solves the key management problem. Finally, by considering further improvement on existing LWE solving algorithms, we propose new algorithms that shows much faster performance. Consequently, we argue that the HE parameter choice should be updated regarding our attacks in order to maintain the currently claimed security level.1 Introduction 1 1.1 Access Control based on Identity 2 1.2 Biometric Key Management 3 1.3 Concrete Security of HE 3 1.4 List of Papers 4 2 Background 6 2.1 Notation 6 2.2 Lattices 7 2.2.1 Lattice Reduction Algorithm 7 2.2.2 BKZ cost model 8 2.2.3 Geometric Series Assumption (GSA) 8 2.2.4 The Nearest Plane Algorithm 9 2.3 Gaussian Measures 9 2.3.1 Kullback-Leibler Divergence 11 2.4 Lattice-based Hard Problems 12 2.4.1 The Learning With Errors Problem 12 2.4.2 NTRU Problem 13 2.5 One-way and Pseudo-random Functions 14 3 ID-based Data Access Control 16 3.1 Module-NTRU Lattices 16 3.1.1 Construction of MNTRU lattice and trapdoor 17 3.1.2 Minimize the Gram-Schmidt norm 22 3.2 IBE-Scheme from Module-NTRU 24 3.2.1 Scheme Construction 24 3.2.2 Security Analysis by Attack Algorithms 29 3.2.3 Parameter Selections 31 3.3 Application to Signature 33 4 Noisy Key Cryptosystem 36 4.1 Reusable Fuzzy Extractors 37 4.2 Local Functions 40 4.2.1 Hardness over Non-uniform Sources 40 4.2.2 Flipping local functions 43 4.2.3 Noise stability of predicate functions: Xor-Maj 44 4.3 From Pseudorandom Local Functions 47 4.3.1 Basic Construction: One-bit Fuzzy Extractor 48 4.3.2 Expansion to multi-bit Fuzzy Extractor 50 4.3.3 Indistinguishable Reusability 52 4.3.4 One-way Reusability 56 4.4 From Local One-way Functions 59 5 Concrete Security of Homomorphic Encryption 63 5.1 Albrecht's Improved Dual Attack 64 5.1.1 Simple Dual Lattice Attack 64 5.1.2 Improved Dual Attack 66 5.2 Meet-in-the-Middle Attack on LWE 69 5.2.1 Noisy Collision Search 70 5.2.2 Noisy Meet-in-the-middle Attack on LWE 74 5.3 The Hybrid-Dual Attack 76 5.3.1 Dimension-error Trade-o of LWE 77 5.3.2 Our Hybrid Attack 79 5.4 The Hybrid-Primal Attack 82 5.4.1 The Primal Attack on LWE 83 5.4.2 The Hybrid Attack for SVP 86 5.4.3 The Hybrid-Primal attack for LWE 93 5.4.4 Complexity Analysis 96 5.5 Bit-security estimation 102 5.5.1 Estimations 104 5.5.2 Application to PKE 105 6 Conclusion 108 Abstract (in Korean) 120Docto

1-Piece Implant

Prosthodontic treatment using implants has many advantages in comparison with conventional treatment. However, it is reported that there are several complications associated with implants. They are divided into mechanical, biological, and esthetic aspects in prosthodontics. To overcome them, there have been numerous attempts such as a connection type of abutment-fixture, microthread, crestal module design, and abutment profile. Recently, one of the methods involves the development of a 1-piece implant. A 1-piece implant has many advantages in comparison with previous 2-piece implant. It is free of mechanical complications such as screw looseness, screw fracture, and fixture fracture. Also, in a biological aspect, absence of microgap, micromovement, and dis/reconnection of abutment leads to the stable maintenance of soft and hard tissue. However, 1-piece implants have limited indications. Selection of abutment is very strict and correction of the path is difficult after the installation of the fixture. Also, bone quality and primary stability are very important factors in 1-piece implants because it is based on immediate provisionalization. Although there are not many kinds of available 1-piece implants, one of the most well-known 1-piece implants is NobelDirect® (Nobel Biocare). However, clinical results of NobelDirect® are controversial and improvement is necessary. In most studies, it is reported that long term studies and improvements of implant design are required. Therefore, this research focuses on the advantages, design, clinical application and practical result of 1-piece implants.ope

(The) influence of internal gap and type of cement on retention of zirconia coping

치의학과/석사본 연구는 내면 간격의 크기를 다르게 제작한 지르코니아 코핑을 동일한 형태로 삭제된 자연치에 3가지 시멘트로 합착 시 시멘트의 종류 및 내면 간격의 크기에 따른 지르코니아 코핑의 유지력 차이를 비교하고자 하였다. 최근 발거된 48개의 치아를 computer aided design and manufacturing (CAD/CAM) 시스템을 이용하여 수렴각 20도, 높이 2.5 mm의 지대치 형태로 삭제하였다. 지르코니아 코핑 역시 CAD/CAM 시스템을 이용하여 내면 간격의 크기를 40 ㎛와 160 ㎛ 두 군으로 각각 24개씩 제작하였다. 제작된 지르코니아 코핑의 내면에 50 ㎛ alumina particle로 air-abrasion을 시행한 후 10-methacryloyloxydecyldihydrogenphosphate (MDP)를 포함한 레진 시멘트 (Panavia F), 자가 접착 레진 시멘트 (RelyX Unicem), 레진 강화형 글래스 아이오노머 시멘트 (RelyX Luting)를 이용하여 지르코니아 코핑과 자연치를 합착하였다. 합착된 모든 시편은 37℃에서 24시간 보관 후 5℃와 55℃의 열순환기에서 10,000회의 열순환을 시행한 후 universal testing machine을 이용하여 crosshead speed 0.5 mm/min로 치아의 장축을 따라서 지르코니아 코핑이 치아에서 탈락될 때까지 pull out test를 시행하였다. 수집된 자료는 one-way ANOVA test와 two-way ANOVA test를 통해 분석하였으며 다음과 같은 결과를 얻었다. 1. RelyX Unicem과 RelyX Luting은 내면 간격이 증가해도 유지력의 차이가 없었지만 Panavia F는 내면 간격이 증가하면 유지력이 현저히 감소하였다.2. 내면 간격의 크기에 상관없이 레진 시멘트(RelyX Unicem, Panavia F)는 레진 강화형 글래스 아이오노머 시멘트(RelyX Luting)보다 높은 유지력을 보였다.3. 내면 간격의 크기가 40 ㎛ 인 경우 유지력의 크기는 Panavia F > RelyX Unicem > RelyX Luting의 순서였으나, 내면 간격의 크기가 160 ㎛ 인 경우는 RelyX Unicem > Panavia F > RelyX Luting의 순서로 유지력의 크기가 나타났다.ope

Influence of internal-gap width and cement type on the retentive force of zirconia copings in pullout testing

OBJECTIVES: The purpose of this study was to evaluate the influence of internal-gap width and cement type on the retentive force of zirconia copings. METHODS: A CAD/CAM system was used to mill 48 identical abutments on extracted human molars and fabricate 48 zirconia copings. The internal-gap width for cement was set to 40 μm or 160 μm (n=24 each). Three cement types (Panavia F, RelyX Unicem, and RelyX Luting) were used with each internal-gap width (n=8/cement type). The intaglio surfaces of the copings were airborne-particle abraded, and each coping was cemented onto the corresponding abutment using the indicated luting agent. After 10,000 cycles of thermocycling, the retentive force was evaluated by pullout tests. Kruskal-Wallis and Wilcoxon Rank Sum tests were used for data analysis (α=0.05). RESULTS: In the 40-μm gap groups, Panavia F had the highest mean retentive force compared to RelyX Unicem and RelyX Luting (P<0.000). In 160-μm gap groups, RelyX Unicem had the highest mean retentive force compared to Panavia F and RelyX Luting (P<0.000). CONCLUSIONS: With the increase in internal gap width, a resin cement with self-etching agents as a co-initiator for autopolymerization resulted in significantly decreased retentive force, whereas a resin-modified glass ionomer cement or a self-adhesive resin cement did not. Use of resin cements rather than resin-modified glass ionomer cements improved the retentive force of zirconia copings regardless of the amount of internal gap width.ope

Accuracy of implant impressions without impression copings: a three-dimensional analysis

STATEMENT OF PROBLEM: Implant impressions without impression copings can be used for cement-retained implant restorations. A comparison of the accuracy of implant impressions with and without impression copings is needed. PURPOSE: The purpose of this study was to evaluate and compare the dimensional accuracy of implant definitive casts that are fabricated by implant impressions with and without impression copings. MATERIAL AND METHODS: An acrylic resin maxillary model was fabricated, and 3 implant replicas were secured in the right second premolar, first, and second molars. Two impression techniques were used to fabricate definitive casts (n=10). For the coping group (Group C), open tray impression copings were used for the final impressions. For the no-coping group (Group NC), cementable abutments were connected to the implant replicas, and final impressions were made assuming the abutments were prepared teeth. Computerized calculation of the centroids and long axes of the implant or stone abutment replicas was performed. The Mann-Whitney U test analyzed the amount of linear and rotational distortion between groups (α =.05). RESULTS: At the first molar site, Group NC showed significantly greater linear distortion along the Y-axis, with a small difference between the groups (Group C, 7.8 ± 7.4 μm; Group NC, 19.5 ± 12.2). At the second molar site, increased distortion was noted in Group NC for every linear and rotational variable, except for linear distortion along the Z-axis. CONCLUSIONS: Implant impression with open tray impression copings produced more accurate definitive casts than those fabricated without impression copings, especially those with greater inter-abutment distance.ope