RSA-Based Password-Authenticated Key Exchange, Revisited

The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e; (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.

基于加同态公钥密码体制的匿名数字指纹方案

提出了一种基于加同态公钥密码算法的匿名数字指纹方案，并给出了具有匿名功能的公钥和私钥对的具体构造方法，从而使该匿名指纹方案在发现盗版的情况下，销售商不需要第三方的帮助就能鉴别出数字多媒体作品的非法分发者，解决版权纠纷时也不需要购买者参与并提供相关的秘密信息，从而达到实现两方审判的目的．分析结果表明，该方案具有用户匿名及不可关联、销售商的可保证安全性和用户的可保证安全性等特点．

纯公钥模型下对NP语言的高效并发零知识证明系统

提出了一种从3轮公开掷币的对任何NP语言的诚实验证者零知识证明系统到纯公钥模型下4轮f轮最优）对同一语言的具有并发合理性的并发零知识证明系统．该转化方法有如下优点：1）它只引起D（1）（常数个）额外的模指数运算，相比DiCrescenzo等人在ICALP05上提出的需要qn）个额外的模指数运算的转化方法孩系统在效率上有着本质上的提高，而所需的困难性假设不变；2）在离散对数假设下，该转化方法产生一个完美零知识证明系统．注意到DiCrescenzo等人提出的系统只具有计算零知识性质．该转化方法依赖于一个特殊的对承诺中的离散对数的3轮诚实验证者零知识的证明系统．构造了两个基于不同承诺方案的只需要常数个模指数运算的系统这种系统可能有着独立价值．

基于安全芯片的防伪数码相机

为了改进现有防伪数码相机不能处理通过翻拍伪造数码照片的缺陷,提出了一种新的基于安全芯片的防伪数码相机架构。在拍摄时将所拍摄的区域分成多个小单元,并用对焦测距系统测量各个单元到相机的距离。用安全芯片对图像元数据、图像内容及距离信息进行数字签名,并将签名内容及距离信息都保存在图像文件的元数据里。通过验证数字签名有效且距离信息不完全相等来保证图片的真实可信。该防伪数码相机能同时发现照片在拍摄后被篡改和翻拍问题,所拍摄照片真实可信。

基于随机背包的公钥密码

该文构造了一个背包型公钥密码算法。该背包公钥密码具有如下优点:加解密只需要加法和模减法运算,因此加解密速度快;该算法是基于随机背包问题而不是易解背包问题而构造的;证明了在攻击者不掌握私钥信息情况下该密码算法能抵抗直接求解背包问题的攻击,包括低密度攻击和联立丢番图逼近攻击等;证明了攻击者能够恢复私钥信息与攻击者能够分解一个大整数是等价的。分析表明,该算法是一个安全高效的公钥加密算法。