949 resultados para Proof.
Resumo:
The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e; (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.
Resumo:
The need to make default assumptions is frequently encountered in reasoning about incompletely specified worlds. Inferences sanctioned by default are best viewed as beliefs which may well be modified or rejected by subsequent observations. It is this property which leads to the non-monotonicity of any logic of defaults. In this paper we propose a logic for default reasoning. We then specialize our treatment to a very large class of commonly occuring defaults. For this class we develop a complete proof theory and show how to interface it with a top down resolution theorem prover. Finally, we provide criteria under which the revision of derived beliefs must be effected.
Resumo:
Password authentication has been adopted as one of the most commonly used solutions in network environment to protect resources from unauthorized access. Recently, Lee–Kim–Yoo [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2) (2005) 181–183] and Lee-Chiu [N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards & Interfaces 27 (2) (2005) 177–180] respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme with formal security proof.
Resumo:
本论文主要研究共代数中的互模拟证明方法及其应用两个方面。 代数理论已被证实在计算机科学中具有广泛的应用,其对偶概念——共代数理论是近年来兴起的一个理论,它在描述无穷状态系统方面具有明显的优势。 因此,我们在本文中以共代数作为抽象的研究模型。 因为互模拟判定中的up-to方法能够非常有效地加速判定过程,我们首先将该方法从传统的集合论中 扩展到共代数理论。作为Sangiorgi的可靠函数的扩展,我们引入了一致函数。因此, 为了证明某个二元关系中的进程对都是互模拟等价的,只要证明该关系前进到其在某个一致函数作用下得到的新关系中即可。 另外,我们给出了span-互模拟和ref-互模拟之间的等价转换关系,并且,利用该结果证明了共代数中原有的up-to方法 都能被一致函数所覆盖。 一致函数是为单个函子$F$定义的。但是,当$F$是某种类型的多项式函子时,有可能存在一些 函数,它们与$F$的某些子函子一致却不与整个$F$一致。因此,我们将一致函数进一步扩展,定义 联合一致函数,它是那些只与某些子函子一致的函数在一定条件下的组合。联合一致函数使用起来和一致函数一样,能够用来产生 新的up-to证明方法。另外,我们也相应地给出了传统并发理论中的联合一致函数概念,并且利用它给出了 弱互模拟的up-to方法。 在抽象的共代数模型中给出一般化的up-to方法之后,本文继续研究其在具体的无穷状态系统,即 BPA系统上的应用。Caucal的self-互模拟理论在 BPA系统的互模拟判定算法中起着关键作用,而它恰恰 是运用up-to方法协助互模拟判定的一个典范。 因为一个BPA系统也是一个共代数,我们在共代数理论中利用一致函数证明了该理论。 同时,本文给出了一个tableau算法,用来判定包含normed 与unnormed BPA进程的全BPA系统的互模拟等价问题。该算法非常直接且易于理解。 利用该tableau算法,我们证明了Hans H\"{u}ttel 和 Colin Stirling 为normed BPA进程设计的等式理论对于全BPA系统同样是可靠的与完备的。
Resumo:
This paper study generalized Serre problem proposed by Lin and Bose in multidimensional system theory context [Multidimens. Systems and Signal Process. 10 (1999) 379; Linear Algebra Appl. 338 (2001) 125]. This problem is stated as follows. Let F ∈ Al×m be a full row rank matrix, and d be the greatest common divisor of all the l × l minors of F. Assume that the reduced minors of F generate the unit ideal, where A = K[x 1,...,xn] is the polynomial ring in n variables x 1,...,xn over any coefficient field K. Then there exist matrices G ∈ Al×l and F1 ∈ A l×m such that F = GF1 with det G = d and F 1 is a ZLP matrix. We provide an elementary proof to this problem, and treat non-full rank case.
Resumo:
S-盒是许多密码算法的唯一非线性部件 ,它的密码强度决定了整个密码算法的安全强度 .但是对于大的 S-盒的构造比较困难 ,而且软硬件实现也比较难 ,目前比较流行的是 8× 8的 S-盒 .基于 m-序列 ,提出一种构造 8× 8与 8× 6的 S-盒的方法 ,通过测试法从中选出了一批非线性性质与差分均匀性都比较好的 S-盒 .同时 ,基于正形置换构造了一批 4× 4的 S-盒 .这些 S-盒对进一步设计密码算法提供了非线性资源 .
Resumo:
分析了一个极小泄露证明协议的错误 ,给出一个更正的协议 ,并证明了其安全性 .
Resumo:
诊断信息自动生成是模型检测方法的基本特征之一,对分析和排错具有重要的意义,讨论了传值进程模型检测中诊断信息的生成问题,引入了两种诊断信息的表示结构:证明图和示例;提出了两种诊断信息的构造算法,所采用的方法是从检测过程保存的依赖信息中抽取证明图和示例,这样可以继承已有的信息,从而减少计算量,相应的算法已经实现并用实例作了分析测试,实验结果表明该方法是有效的。
Resumo:
消息认证码是保证消息完整性的重要工具,它广泛应用于各种安全系统中.随着可证明安全理论的逐渐成熟,具备可证明安全的消息认证码无疑成为人们的首选.本文基于XOR MAC和PMAC的构造方法,使用分组密码构造了一种确定性、可并行的消息认证码-DXOR MAC(Deterministic XOR MAC).在底层分组密码是伪随机置换的假设下,本文使用Game-Playing技术量化了攻击者成功伪造的概率,从而证明了其安全性.
Resumo:
提出了一种从3轮公开掷币的对任何NP语言的诚实验证者零知识证明系统到纯公钥模型下4轮f轮最优)对同一语言的具有并发合理性的并发零知识证明系统.该转化方法有如下优点:1)它只引起D(1)(常数个)额外的模指数运算,相比DiCrescenzo等人在ICALP05上提出的需要qn)个额外的模指数运算的转化方法孩系统在效率上有着本质上的提高,而所需的困难性假设不变;2)在离散对数假设下,该转化方法产生一个完美零知识证明系统.注意到DiCrescenzo等人提出的系统只具有计算零知识性质.该转化方法依赖于一个特殊的对承诺中的离散对数的3轮诚实验证者零知识的证明系统.构造了两个基于不同承诺方案的只需要常数个模指数运算的系统这种系统可能有着独立价值.
Resumo:
群签名是对一般数字签名的一种扩展,有很多重要应用.最近提出的一种高效的群签名,被声称没有采用知识签名,从而签名和验证的计算量远远少于著名的ACJT方案.在本文中,我们指出该方案其实采用了知识签名,但是由于使用上的不当,使得该方案完全不安全,即两个群成员合谋就可以伪造出对任意消息的群签名,且打开算法是无效的.[第一段]
Resumo:
计算机取证(computer forensics)是一个迅速成长的研究领域,在国家安全、消费者保护和犯罪调查方面有着重要的应用前景。由于计算机证据的特殊性,为了保证其满足证据的可采用性标准,即关联性、可靠性和合法性,其获取需要采取特殊的技术和方法,使用特殊的工具。本文对用于计算机取证的技术方法进行了较为详细的分析研究,分析对比了国内外的计算机取证工具。
Resumo:
提出一种改进的数据求精规则,并用关系模式进行描述。引入全局状态来描述程序所有可能的输入和输出,允许非平凡的初始化,允许前向模拟和后向模拟,能应用于消除具体模型的不确定性晚于消除抽象模型的不确定性的情况。并用实例说明了在Isabelle定理证明器中规则的应用方法。
Resumo:
中国计算机学会
