后量子轻量级1-out-n遗忘传输协议资源-CSDN文库

57 浏览量 2021-03-08 05:28:06 上传评论收藏 1.11MB PDF 举报

后量子轻量级1-out-n遗忘传输协议是一项先进的加密协议研究，主要针对后量子时代以及IoT（物联网）部署中的安全性问题进行设计。随着量子计算能力的增强，传统加密方法面临被破解的风险，因此，如何保证未来IoT环境下的数据安全成为一个关键问题。本文提出的协议基于NTRU加密原语，是一种轻量级的1-out-n遗忘传输协议，适用于异构和分布式环境，并具有较高的效率和低计算与通信成本。让我们来了解遗忘传输（Oblivious Transfer，简称OT）的概念。遗忘传输协议最初由Wiesner提出，并被广泛应用于实现包括比特承诺、零知识证明、安全多方计算以及电子支付等密码学应用中。OT协议允许发送方与接收方在传输信息时，接收方只能获取到自己选择的特定消息之一，而发送方不知道接收方究竟获取了哪一个消息。这种传输方式保护了接收方的隐私，同时避免了发送方获取接收方的交互信息。在后量子密码学中，研究者们关注的是一种即使在量子计算机面前也足够安全的加密方法。本论文提出的遗忘传输协议正是基于此考虑，利用NTRU这一后量子加密算法，设计了一个新型的1-out-n遗忘传输协议。该协议相比2015年Chou和Orlandi提出的方案，在计算成本和通信成本方面都有显著的提升。这种提升尤其对于异构和分布式环境来说，意味着在物联网环境中部署时能够更加高效地重用编码数据集。为保障IoT部署的安全性，本协议的提出者们主要解决了以下几个关键点： 1. 后量子安全性：由于量子计算机的潜在威胁，传统的加密算法将不再安全。新提出的协议必须能够抵御量子计算机的攻击，确保即使在量子计算时代，传输的信息仍然是安全的。 2. 轻量级设计：物联网设备往往资源有限，计算能力和存储空间都是宝贵的。因此，设计的遗忘传输协议需要具备轻量级特性，才能确保在资源受限的IoT设备上高效运行。 3. 异构和分布式环境的适用性：物联网由大量不同类型、不同厂商、不同操作系统和不同安全能力的设备组成。一个能够适应异构和分布式环境的协议，能够更好地在现实世界的物联网设备上部署。 4. 通信和计算成本：协议需要优化以减少通信和计算成本。在物联网场景中，设备之间通信成本以及处理数据所需消耗的计算资源是影响整体性能和效率的重要因素。 5. 可重用的编码数据集：在多任务环境下，能够重用编码数据集将显著提高效率和减少资源消耗。总结来说，后量子轻量级1-out-n遗忘传输协议的研究，对当前和未来可能面临的量子计算安全威胁提供了解决方案。在物联网安全领域，这一研究不仅有助于提高整体的安全性，也为物联网设备间的高效、安全通信提供了新的技术基础。本论文展示的成果，不仅包括了理论上的协议设计，还通过性能评估来证明了新协议在实际应用中的优势，为后量子时代的密码学应用提供了重要参考。

资源推荐

资源详情

资源评论

Computers and Electrical Engineering 75 (2019) 90–100

Contents lists available at ScienceDirect

Computers and Electrical Engineering

journal homepage: www.elsevier.com/locate/compeleceng

A post-quantum light weight 1-out- n oblivious transfer

protocol

Bo Mi

, Darong Huang

, Shaohua Wan

b , ∗

, Yu Hu

, Kim-Kwang Raymond Choo

School of Information Science and Engineering, Chongqing Jiaotong University, Chongqing 40 0 074, China

School of Information and Safety Engineering, Zhongnan University of Economics and Law, Wuhan 430073, China

College of Physics and Engineering, Chengdu Normal University, Chengdu 611130 , China

Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX 78249-0631, USA

a r t i c l e i n f o

Article history:

Received 12 September 2018

Revised 2 January 2019

Accepted 16 January 2019

Available online 21 February 2019

Keywords:

Oblivious transfer

NTRU

Privacy-preserving

Post-quantum security

Universal composability

a b s t r a c t

Security is a key concern in any IoT deployment, particularly if we have to take into consid-

eration future attacks facilitated by the use of quantum computers. Therefore, in this paper,

we present a post-quantum lightweight 1-out- n oblivious transfer (OT) protocol, based on

the NTRU cryptographic primitive. Compared to the OT scheme proposed by Chou and Or-

landi in LATINCRYPT 2015, our protocol is more suitable for deployment in heterogeneous

and distributed environment, due to the reusability of encoded data set. Findings from the

performance evaluation indicate that the proposed protocol outperforms that of Chou and

Orlandi [13] protocol, in terms of computation and communication costs.

Introduction

Oblivious Transfer (OT), originally proposed by Wiesner [1] , is now a widely used building block in implement various

cryptographic applications like bit commitment, zero-knowledge proof, secure multi-party computation and electronic pay-

ment [2,3] . Although there are a number of different OT variants in terms of their functionality, security and/or eﬃciency,

OT schemes can be broadly generalized as 1-out- n OT (OT

) schemes. Speciﬁcally, in such schemes the receiver is in a po-

sition to obtain 1 out of n messages possessed by the sender, while the sender remains oblivious on which message has

been actually chosen. In fact, 1-out- n oblivious transfer can be considered enhanced private information retrieval. In other

words, we can express F

as an interactive function F

. This implies that we can have a trusted third-party secretly

communicating with both sender and receiver, while satisfying the desired prerequisites:

Input:

- Sender inputs m

, m

, ··· , m

n −1

∈ M

- Receiver inputs

τ ∈ { 0 , 1 , ··· , n − 1 }

Output:

- Sender outputs ⊥ (nothing)

- Receiver outputs m

Reviews processed and recommended for publication to the Editor-in-Chief by Guest Editor Dr. Weizhi Meng.

∗

Corresponding author.

E-mail address: shaohua.wan@ieee.org (S. Wan).

https://doi.org/10.1016/j.compeleceng.2019.01.021

B. Mi, D. Huang and S. Wan et al. / Computers and Electrical Engineering 75 (2019) 90–100 91

However, in practice, a trusted authority may not always be available or exists. This necessitates the design of a self-

contained privacy-preserving information fetching scheme; in other words, the need for an OT scheme. As for the 1-out- n

OT protocol (scheme and protocol are used interchangeably in the literature and this paper), F

, the sender holds n

messages belonging to the plaintext space M while the receiver expects to obtain τ th message from the sender. Similar

to private information retrieval (PIR), it is required that the sender must be unaware of the receiver’s choice τ , but an

additional prerequisite (i.e., sender should keep all other messages private) is also required in OT.

In other words, in an OT protocol, the sender must faithfully and securely deliver all messages and the receiver should

only be able to recover one of them after the right conversation has taken place. Consequently, when the number of

candidate messages is considerable, such protocol is also practical if the plaintexts are obfuscated and distributed once

for all.

The ﬁrst instantiation of 1-out- n OT protocol is presented in [4] . Since then, there have been a (large) number of proto-

cols presented in the literature, for example to improve the eﬃciency and security for fully simulatable adaptive OT, such

as the universally composable (UC) OT scheme of Green and Hohenberger [5] with an initialization overhead of O ( n ). How-

ever, Cao and Liu [6] pointed out that the parameters of Green and Hohenberger’s scheme are redundant, and presented

an improved scheme by removing the unnecessary generators. A comparative summary of the performance comparison of

standard model-based OT protocols is available in [7,8] .

However, as quantum computing fast becoming a reality, we need to also design quantum secure / resilient OT (and

other cryptographic) protocols. Lattice-based cryptography is one of the most promising post-quantum candidates [9] . While

there have been a number of different lattice-based cryptosystems, there are only a very small number of lattice-based OT

protocols. For example, by extending the trap-door generator proposed by Micciancio and Peikert, Li et al. [10] designed an

eﬃcient 1-out- n OT protocol based on ring learning with errors (R-LWE) hardness. Using short integer solution (SIS) and

learning with errors (LWE), Libert et al. [11] proposed an adaptive OT protocol for access control, capable of enforcing any

access policy in NC1 (Nick’s Class 1). Other related studies include those of Liu et al. [12] .

At the time of this research, one of the most eﬃcient 1-out- n OT scheme is that of Chou and Orlandi [13] . Speciﬁcally,

due to the fast scalar multiplications on twisted Edwards curve, the scheme of Chou and Orlandi achieves approximately

10,0 0 0 1-out-2 OTs per second, where the computational cost is only n +6 exponentiation (i.e., 3 for the receiver, n + 3 for

the sender) and only 2 group elements have to be transmitted during the 1-out- n OT phase. Despite the authors’ claim that

their scheme is fully simulatable and resistant to timing attacks in the random oracle model, Li and Micciancio [14] argued

that it is not secure against corrupted senders under the equational framework [15] . In addition, when the number of

message entries scales up signiﬁcantly, the key exchange in their protocol will be expensive due to the exponentiation on

large moduli.

In this paper, we use the lattice-based NTRU cryptographic primitive to design a quantum secure and eﬃcient 1-out- n

OT protocol. Our choice of NTRU been used as the underlying cryptographic primitive is because it is known that to be

quantum computing attack resilience [16] . In the next section, we will present related background materials relating to

NTRU. We then describe our proposed 1-out- n OT protocol in Section 3 . In Sections 4 and 5 , we will present the security

and performance evaluation of our proposed protocol. In the last section, we conclude this paper.

2. NTRU primitive

The building block of our protocol is mainly based on a quotient ring R = Z[ x ] / (x

− 1) , whose elements can be repre-

sented as a series of vectors a = (a

, a

, ··· , a

N−1

) ∈ Z

. In fact, the ring R can also be considered as a composition, consist-

ing of convolution polynomials

a (x ) = a

+ a

x + a

+ ···+ a

N−1

. (1)

Since identifying the irreducible polynomial factors for a truncated polynomial is reducible to the shortest vector problem

(SVP) on lattice, NTRUEncrypt is believed to be resistant against quantum computing attacks. Due to the simple convolution

polynomial multiplications used in NTRU, its computational cost only increases quadratically with the key size.

Each NTRU cryptosystem is determined by three parameters p, q and N , where N, p should be prime and the condition

gcd (N, q ) = gcd (p, q ) = 1 must be satisﬁed. According to p and q , the convolution polynomial ring R can be truncated as two

sub-rings R

= (Z/pZ)[ x ] / (x

− 1) and R

= (Z/qZ)[ x ] / (x

− 1) , whose elements are equivalent to that of R by central lifting.

To generate a NTRU key pair, the receiver randomly samples two vectors f ∈ J (d + 1 , d) and g ∈ J (d , d ) , in terms of a

predeﬁned integer d , where

J (d

, d

) =

⎧

⎪

⎨

⎪

⎩

a ∈ {−1 , 0 , 1 }

elements of a are 1

elements of a are − 1

ot her elements of a are 0

⎫

⎪

⎬

⎪

⎭

, (2)

Then, one computes the inverse of f as f

= f

−1

∈ R

and f

= f

−1

∈ R

respectively. Noting that the vector f must be

re-sampled if any of the inverses does not exist. Therefore, the receiver is in a position to determine out and distribute

h = f

∗ g ∈ R

as his/her public key while keeping ( f , f

) private.

剩余10页未读，继续阅读

评论收藏

内容反馈

weixin_38645133

粉丝: 7
资源: 964

后量子轻量级1-out-n遗忘传输协议

1-out-of-n:JavaScript中n分之一的遗忘传输协议

基于NTRU遗忘传输的高效LBS安全保护

遗忘算法介绍

实用的服务器辅助n-out-n遗忘传输协议

一种利用量子隐形传态的经典信息隐蔽传输协议

量子链白皮书：价值传输协议及去中心化应用平台

7、量子链白皮书：价值传输协议及去中心化应用平台-V0.61

一种利用EPR块状传输的量子密钥协议 (2012年)

量子计算和量子信息-量子计算部分

量子框架--QP RTOS V5.6.5

量子计算动摇了丘奇-图灵论点吗

量子信息计算库--matlab

FIPS203后量子安全密码算法ML-KEM

基于分组交换的量子通信网络传输协议及性能分析

基于量子不经意密钥传输的量子匿名认证密钥交换协议

基于DDH假设的即刻选择的双边遗忘传输协议

量子力学教程-曾谨言-第一版1

量子计算与人工智能--量子计算：人工智能的洪荒.doc编程资料

开发技术-硬件-量子态隐形传输辅助克隆及重构的理论研究.zip

论文研究-辫群上的不经意传输协议.pdf

2022全球量子计算产业发展报告-2022-162页.pdf

中国移动-量子时代区块链技术白皮书-2020.11-16页精品报告2020.pdf

量子容量.docx

2022-量子安全技术白皮书-中国信息协会量子信息分会1

量子通信--量子群组测试

量子力学复习题--大题-11页.pdf

边缘计算中的轻量级安全机制.pptx

计算机行业科创板系列二（国盾量子）：量子保密通信行业龙头-0411-中泰证券-23页.pdf

基于编码后量子密码Post quantum cryptosystems

在rf-SQUID磁通量子比特中因Landau-Zener转变引起的量子干涉

最新资源