基于椭圆曲线的零知识证明方法对Kerberos系统的改进

Kerberos是一个成熟的产品,广泛应用于金融、邮电、保险等行业.但仍存在一些隐患,例如:重放攻击、密码猜测、会话中选择明文攻击等等.该文针对Kerberos系统登录时可能遭到密码猜测,即所谓的离线字典攻击(Off line Dictionary Attack)的问题,提出一种基于椭圆曲线的零知识证明方法对系统进行改进,并给出相应的协议.

公开可验证的零知识水印检测

对称水印方案的水印检测密钥可以被用来伪造和移去水印，因此要求它在检测过程中也是保密的．零知识的水印检测方案利用密码学中零知识和知识证明的思想和算法，实现在水印检测时使得验证者确信水印存在性的同时又不泄漏水印检测密钥．提出了公开可验证的零知识水印检测的安全需求，给出一个公开可验证的承诺方案和一个证明知道被承诺值的离散对数的零知识知识证明协议．在此基础上提出了一个公开可验证的零知识水印方案，并讨论了它的安全性．

基于零知识集的群组密钥分配方案

零知识集是一种新的具有零知识性质的集合.这种集合的构造使得证明者对于任意元素都可以给出一个证明,证明该元素属于这个集合或者不属于这个集合,同时不泄漏额外的信息.本文基于Pedersen承诺设计一种新的群组密钥分配方案,利用零知识集的性质实现密钥分配.协议不仅保证了组成员可以安全动态的获得组密钥,而且保证了组成员除了获取组密钥,不会得到群组中其它成员的相关信息.与先前工作相比,本文提出的方案提供了更高的安全特性,适合应用于一些较特殊的网络应用,如网络秘密会议.

实例依赖的可验证随机函数的高效构造

实例依赖的可验证随机函数是由文献[1]提出的一个新的密码学概念,它也是构造高安全性的零知识协议(如可重置零知识论证系统)的一个强有力的工具,而这些高安全性的零知识协议在智能卡和电子商务中有着重要的潜在价值。基于非交互ZAP证明系统和random oracle模型中∑OR-协议,给出了实例依赖的可验证伪随机函数的两个高效的实现和相应的安全性证明,提升了这一工具的应用价值。

从Σ-协议到公共参考串模型下可否认零知识的高效编译器

给出公共参考串(CRS)模型下可否认零知识的一个正面结果:从Σ-协议到CRS模型下的可否认零知识的高效转化.由Pass在CRYPTO 2003中给出的下界可知,我们的编译器取得了最优的轮效率.此外,转化所增加的通信复杂度较小.

The legality of online Privacy-Enhancing Technologies

L’utilisation d’Internet prend beaucoup d’ampleur depuis quelques années et le commerce électronique connaît une hausse considérable. Nous pouvons présentement acheter facilement via Internet sans quitter notre domicile et avons accès à d’innombrables sources d’information. Cependant, la navigation sur Internet permet également la création de bases de données détaillées décrivant les habitudes de chaque utilisateur, informations ensuite utilisées par des tiers afin de cerner le profil de leur clientèle cible, ce qui inquiète plusieurs intervenants. Les informations concernant un individu peuvent être récoltées par l’interception de données transactionnelles, par l’espionnage en ligne, ainsi que par l’enregistrement d’adresses IP. Afin de résoudre les problèmes de vie privée et de s’assurer que les commerçants respectent la législation applicable en la matière, ainsi que les exigences mises de l’avant par la Commission européenne, plusieurs entreprises comme Zero-knowledge Systems Inc. et Anonymizer.com offrent des logiciels permettant la protection de la vie privée en ligne (privacy-enhancing technologies ou PETs). Ces programmes utilisent le cryptage d’information, une méthode rendant les données illisibles pour tous à l’exception du destinataire. L’objectif de la technologie utilisée a été de créer des systèmes mathématiques rigoureux pouvant empêcher la découverte de l’identité de l’auteur même par le plus déterminé des pirates, diminuant ainsi les risques de vol d’information ou la divulgation accidentelle de données confidentielles. Malgré le fait que ces logiciels de protection de la vie privée permettent un plus grand respect des Directives européennes en la matière, une analyse plus approfondie du sujet témoigne du fait que ces technologies pourraient être contraires aux lois concernant le cryptage en droit canadien, américain et français.

Practical and Foundational Aspects of Secure Computation

Il y a des problemes qui semblent impossible a resoudre sans l'utilisation d'un tiers parti honnete. Comment est-ce que deux millionnaires peuvent savoir qui est le plus riche sans dire a l'autre la valeur de ses biens ? Que peut-on faire pour prevenir les collisions de satellites quand les trajectoires sont secretes ? Comment est-ce que les chercheurs peuvent apprendre les liens entre des medicaments et des maladies sans compromettre les droits prives du patient ? Comment est-ce qu'une organisation peut ecmpecher le gouvernement d'abuser de l'information dont il dispose en sachant que l'organisation doit n'avoir aucun acces a cette information ? Le Calcul multiparti, une branche de la cryptographie, etudie comment creer des protocoles pour realiser de telles taches sans l'utilisation d'un tiers parti honnete. Les protocoles doivent etre prives, corrects, efficaces et robustes. Un protocole est prive si un adversaire n'apprend rien de plus que ce que lui donnerait un tiers parti honnete. Un protocole est correct si un joueur honnete recoit ce que lui donnerait un tiers parti honnete. Un protocole devrait bien sur etre efficace. Etre robuste correspond au fait qu'un protocole marche meme si un petit ensemble des joueurs triche. On demontre que sous l'hypothese d'un canal de diusion simultane on peut echanger la robustesse pour la validite et le fait d'etre prive contre certains ensembles d'adversaires. Le calcul multiparti a quatre outils de base : le transfert inconscient, la mise en gage, le partage de secret et le brouillage de circuit. Les protocoles du calcul multiparti peuvent etre construits avec uniquements ces outils. On peut aussi construire les protocoles a partir d'hypoth eses calculatoires. Les protocoles construits a partir de ces outils sont souples et peuvent resister aux changements technologiques et a des ameliorations algorithmiques. Nous nous demandons si l'efficacite necessite des hypotheses de calcul. Nous demontrons que ce n'est pas le cas en construisant des protocoles efficaces a partir de ces outils de base. Cette these est constitue de quatre articles rediges en collaboration avec d'autres chercheurs. Ceci constitue la partie mature de ma recherche et sont mes contributions principales au cours de cette periode de temps. Dans le premier ouvrage presente dans cette these, nous etudions la capacite de mise en gage des canaux bruites. Nous demontrons tout d'abord une limite inferieure stricte qui implique que contrairement au transfert inconscient, il n'existe aucun protocole de taux constant pour les mises en gage de bit. Nous demontrons ensuite que, en limitant la facon dont les engagements peuvent etre ouverts, nous pouvons faire mieux et meme un taux constant dans certains cas. Ceci est fait en exploitant la notion de cover-free families . Dans le second article, nous demontrons que pour certains problemes, il existe un echange entre robustesse, la validite et le prive. Il s'effectue en utilisant le partage de secret veriable, une preuve a divulgation nulle, le concept de fantomes et une technique que nous appelons les balles et les bacs. Dans notre troisieme contribution, nous demontrons qu'un grand nombre de protocoles dans la litterature basee sur des hypotheses de calcul peuvent etre instancies a partir d'une primitive appelee Transfert Inconscient Veriable, via le concept de Transfert Inconscient Generalise. Le protocole utilise le partage de secret comme outils de base. Dans la derniere publication, nous counstruisons un protocole efficace avec un nombre constant de rondes pour le calcul a deux parties. L'efficacite du protocole derive du fait qu'on remplace le coeur d'un protocole standard par une primitive qui fonctionne plus ou moins bien mais qui est tres peu couteux. On protege le protocole contre les defauts en utilisant le concept de privacy amplication .

Cryptographic techniques for personal communication systems security

The advent of personal communication systems within the last decade has depended upon the utilization of advanced digital schemes for source and channel coding and for modulation. The inherent digital nature of the communications processing has allowed the convenient incorporation of cryptographic techniques to implement security in these communications systems. There are various security requirements, of both the service provider and the mobile subscriber, which may be provided for in a personal communications system. Such security provisions include the privacy of user data, the authentication of communicating parties, the provision for data integrity, and the provision for both location confidentiality and party anonymity. This thesis is concerned with an investigation of the private-key and public-key cryptographic techniques pertinent to the security requirements of personal communication systems and an analysis of the security provisions of Second-Generation personal communication systems is presented. Particular attention has been paid to the properties of the cryptographic protocols which have been employed in current Second-Generation systems. It has been found that certain security-related protocols implemented in the Second-Generation systems have specific weaknesses. A theoretical evaluation of these protocols has been performed using formal analysis techniques and certain assumptions made during the development of the systems are shown to contribute to the security weaknesses. Various attack scenarios which exploit these protocol weaknesses are presented. The Fiat-Sharmir zero-knowledge cryptosystem is presented as an example of how asymmetric algorithm cryptography may be employed as part of an improved security solution. Various modifications to this cryptosystem have been evaluated and their critical parameters are shown to be capable of being optimized to suit a particular applications. The implementation of such a system using current smart card technology has been evaluated.

Provable Security for Cryptocurrencies

The past several years have seen the surprising and rapid rise of Bitcoin and other “cryptocurrencies.” These are decentralized peer-to-peer networks that allow users to transmit money, tocompose financial instruments, and to enforce contracts between mutually distrusting peers, andthat show great promise as a foundation for financial infrastructure that is more robust, efficientand equitable than ours today. However, it is difficult to reason about the security of cryptocurrencies. Bitcoin is a complex system, comprising many intricate and subtly-interacting protocol layers. At each layer it features design innovations that (prior to our work) have not undergone any rigorous analysis. Compounding the challenge, Bitcoin is but one of hundreds of competing cryptocurrencies in an ecosystem that is constantly evolving. The goal of this thesis is to formally reason about the security of cryptocurrencies, reining in their complexity, and providing well-defined and justified statements of their guarantees. We provide a formal specification and construction for each layer of an abstract cryptocurrency protocol, and prove that our constructions satisfy their specifications. The contributions of this thesis are centered around two new abstractions: “scratch-off puzzles,” and the “blockchain functionality” model. Scratch-off puzzles are a generalization of the Bitcoin “mining” algorithm, its most iconic and novel design feature. We show how to provide secure upgrades to a cryptocurrency by instantiating the protocol with alternative puzzle schemes. We construct secure puzzles that address important and well-known challenges facing Bitcoin today, including wasted energy and dangerous coalitions. The blockchain functionality is a general-purpose model of a cryptocurrency rooted in the “Universal Composability” cryptography theory. We use this model to express a wide range of applications, including transparent “smart contracts” (like those featured in Bitcoin and Ethereum), and also privacy-preserving applications like sealed-bid auctions. We also construct a new protocol compiler, called Hawk, which translates user-provided specifications into privacy-preserving protocols based on zero-knowledge proofs.

Understanding the role of knowledge in the practice of expert nephrology nurses in Australia

This paper, which is abstracted from a larger study into the acquisition and exercise of nephrology nursing expertise, aims to explore the role of knowledge in expert practice. Using grounded theory methodology, the study involved 17 registered nurses who were practicing in a metropolitan renal unit in New South Wales, Australia. Concurrent data collection and analysis was undertaken, incorporating participants' observations and interviews. Having extensive nephrology nursing knowledge was a striking characteristic of a nursing expert. Expert nurses clearly relied on and utilized extensive nephrology nursing knowledge to practice. Of importance for nursing, the results of this study indicate that domain-specific knowledge is a crucial feature of expert practice.

A new model to study healing of a complex femur fracture with concurrent soft tissue injury in sheep

High energy bone fractures resulting from impact trauma are often accompanied by subcutaneous soft tissue injuries, even if the skin remains intact. There is evidence that such closed soft tissue injuries affect the healing of bone fractures, and vice versa. Despite this knowledge, most impact trauma studies in animals have focussed on bone fractures or soft tissue trauma in isolation. However, given the simultaneous impact on both tissues a better understanding of the interaction between these two injuries is necessary to optimise clinical treatment. The aim of this study was therefore to develop a new experimental model and characterise, for the first time, the healing of a complex fracture with concurrent closed soft tissue trauma in sheep. A pendulum impact device was designed to deliver a defined and standardised impact to the distal thigh of sheep, causing a reproducible contusion injury to the subcutaneous soft tissues. In a subsequent procedure, a reproducible femoral butterfly fracture (AO C3-type) was created at the sheep’s femur, which was initially stabilised for 5 days by an external fixator construct to allow for soft tissue swelling to recede, and ultimately in a bridging construct using locking plates. The combined injuries were applied to twelve sheep and the healing observed for four or eight weeks (six animals per group) until sacrifice. The pendulum impact led to a moderate to severe circumferential soft tissue injury with significant bruising, haematomas and partial muscle disruptions. Posttraumatic measurements showed elevated intra-compartmental pressure and circulatory tissue breakdown markers, with recovery to normal, pre-injury values within four days. Clinically, no neurovascular deficiencies were observed. Bi-weekly radiological analysis of the healing fractures showed progressive callus healing over time, with the average number of callus bridges increasing from 0.4 at two weeks to 4.2 at eight weeks. Biomechanical testing after sacrifice showed increasing torsional stiffness between four and eight weeks healing time from 10% to 100%, and increasing ultimate torsional strength from 10% to 64% (relative to the contralateral control limb). Our results demonstrate the robust healing of a complex femur fracture in the presence of a severe soft tissue contusion injury in sheep and demonstrate the establishment of a clinically relevant experimental model, for research aimed at improving the treatment of bone fractures accompanied by closed soft tissue injuries.

Advancing nursing practice : redefining the theoretical and practical integration of knowledge

Aim The aim of this paper is to offer an alternative knowing-how knowing-that framework of nursing knowledge, which in the past has been accepted as the provenance of advanced practice. Background The concept of advancing practice is central to the development of nursing practice and has been seen to take on many different forms depending on its use in context. To many it has become synonymous with the work of the advanced or expert practitioner; others have viewed it as a process of continuing professional development and skills acquisition. Moreover, it is becoming closely linked with practice development. However, there is much discussion as to what constitutes the knowledge necessary for advancing and advanced practice, and it has been suggested that theoretical and practical knowledge form the cornerstone of advanced knowledge. Design The design of this article takes a discursive approach as to the meaning and integration of knowledge within the context of advancing nursing practice. Method A thematic analysis of the current discourse relating to knowledge integration models in an advancing and advanced practice arena was used to identify concurrent themes relating to the knowing-how knowing-that framework which commonly used to classify the knowledge necessary for advanced nursing practice. Conclusion There is a dichotomy as to what constitutes knowledge for advanced and advancing practice. Several authors have offered a variety of differing models, yet it is the application and integration of theoretical and practical knowledge that defines and develops the advancement of nursing practice. An alternative framework offered here may allow differences in the way that nursing knowledge important for advancing practice is perceived, developed and coordinated. Relevance to clinical practice What has inevitably been neglected is that there are various other variables which when transposed into the existing knowing-how knowing-that framework allows for advanced knowledge to be better defined. One of the more notable variables is pattern recognition, which became the focus of Benner’s work on expert practice. Therefore, if this is included into the knowing-how knowing-that framework, the knowing-how becomes the knowledge that contributes to advancing and advanced practice and the knowing-that becomes the governing action based on a deeper understanding of the problem or issue.

Feasibility of a stepped wedge cluster RCT and concurrent observational sub-study to evaluate the effects of modified ward night lighting on inpatient fall rates and sleep quality: A protocol for a pilot trial

Background: Falls among hospitalised patients impose a considerable burden on health systems globally and prevention is a priority. Some patient-level interventions have been effective in reducing falls, but others have not. An alternative and promising approach to reducing inpatient falls is through the modification of the hospital physical environment and the night lighting of hospital wards is a leading candidate for investigation. In this pilot trial, we will determine the feasibility of conducting a main trial to evaluate the effects of modified night lighting on inpatient ward level fall rates. We will test also the feasibility of collecting novel forms of patient level data through a concurrent observational sub-study. Methods/design: A stepped wedge, cluster randomised controlled trial will be conducted in six inpatient wards over 14 months in a metropolitan teaching hospital in Brisbane (Australia). The intervention will consist of supplementary night lighting installed across all patient rooms within study wards. The planned placement of luminaires, configurations and spectral characteristics are based on prior published research and pre-trial testing and modification. We will collect data on rates of falls on study wards (falls per 1000 patient days), the proportion of patients who fall once or more, and average length of stay. We will recruit two patients per ward per month to a concurrent observational sub-study aimed at understanding potential impacts on a range of patient sleep and mobility behaviour. The effect on the environment will be monitored with sensors to detect variation in light levels and night-time room activity. We will also collect data on possible patient-level confounders including demographics, pre-admission sleep quality, reported vision, hearing impairment and functional status. Discussion: This pragmatic pilot trial will assess the feasibility of conducting a main trial to investigate the effects of modified night lighting on inpatient fall rates using several new methods previously untested in the context of environmental modifications and patient safety. Pilot data collected through both parts of the trial will be utilised to inform sample size calculations, trial design and final data collection methods for a subsequent main trial.