臺灣博碩士論文加值系統

如何保護網際網路通訊雙方的隱私與安全一直是個相當重要的議題，密碼技術便是能增進網路通訊安全的重要工具，而模糊傳送協定是近代密碼學裡一項重要且關鍵的基礎技術。在模糊傳送協定發展的過程中，在原始模糊傳送協定裡，傳送者握有一個秘密訊息，而接收者有二分之一的機會可以接收到秘密訊息，發展至今，傳送者握有n個秘密訊息，接收者可以從中選擇t個秘密訊息，其效率已有提昇。然而，目前所有的模糊傳送協定都視這些機密訊息具有相同價值與權重，但在某些應用環境中，可能因其資訊的成本、新舊或效益之不同而造成每個機密訊息的價值也不同，例如：多權值數位資料交易、多權值電子契約及分級制秘密交換等等，因此傳統的模糊傳送協定就不適用於這些環境與應用中。若要擴大模糊傳送的應用，則必需在協定中針對機密訊息加入權重設定，其中如何有效達成權重值的計算及驗證將成為設計權重型模糊傳送協定的成敗關鍵。因此本論文提出植基於RSA加密技術之n選t權重型模糊傳送協定及植基於金鑰交換加密技術之n選t權重型模糊傳送協定以增強模糊傳送協定的效能及可應用的環境。

How to protect the privacy and security of transmitting data in the Internet is a very important issue. Cryptographic techniques are the important tools to enhance the network transmission security. Oblivious transfer protocol is one of the key tools in the contemporary cryptography. In the original oblivious transfer protocol, a sender holds one secret message and a receiver can get the secret message with 1/2 probability. Now, t out of n oblivious transfer protocol allows that the sender holds n secret messages and the receiver only can choose and get t messages. The transmission efficiency is obviously improved. However, All oblivious transfer protocols evaluate secret messages with the same price and weight. But in some environments, the prices of those secret messages are different due to the cost, new/old or capability, e.g., multi-weighted digital data transactions, multi-weighted electronic contract signing and grading secret exchange, etc. Therefore, traditional oblivious transfer protocols are not suitable for these environments and applications. The only way to expand to those applications is to add weights to secret messages. But how to calculate and verify the weights will become main key point for designing weighted oblivious transfer protocols. The thesis will propose t out of n weighted oblivious transfer protocols by using RSA cryptosystem and key exchange encryption technologies. The protocols can be used to enhance the efficiency and extend the applied environments of oblivious transfer.

摘要 iv
Abstract v
致謝 vi
目錄 vii
表目錄 ix
圖目錄 x
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機與目的 14
1.3 章節概要 16
第二章 文獻探討 17
2.1 相關密碼學基礎 17
2.1.1 RSA密碼系統 17
2.1.2 DLP密碼系統 20
2.1.3 Diffie-Hellman金鑰交換法 21
2.1.4 乘法同態加密技術 22
2.2植基於Key Exchange技術之模糊傳送協定 23
2.2.1 all or nothing模糊傳送協定 23
2.2.2 2選1模糊傳送協定 27
第三章 植基於Key Exchange技術之模糊傳送協定 31
3.1植基於Key Exchange技術之n選1模糊傳送協定 31
3.1.1 協定介紹 31
3.1.2 安全性分析 34
3.2植基於Key Exchange技術之n選t模糊傳送協定 34
3.2.1 協定介紹 34
3.2.2 安全性分析 37
第四章 n選t權重型模糊傳送協定 39
4.1植基於RSA加密技術之n選t權重型模糊傳送協定A 39
4.1.1 協定介紹 40
4.1.2 安全性分析 43
4.2植基於RSA加密技術之n選t權重型模糊傳送協定B 45
4.2.1 協定介紹 45
4.2.2 安全性分析 49
4.3植基於Key Exchange技術之n選t權重型模糊傳送協定 51
4.3.1 協定介紹 51
4.3.2 安全性分析 57
4.4效能分析 58
4.5簡例 58
第五章 結論與未來展望 58
5.1 結論 58
5.2 未來展望 58
參考文獻 58

[1]王建智，”可驗證模糊傳送之研究”，南台科技大學資訊管理所碩士論文，民94年。
[2]林季玄，”可重覆使用之模糊傳送協定之研究”，南台科技大學資訊管理所碩士論文，民95年。
[3]A. Parakh “Oblivious Transfer using Elliptic Curves,” Proceedings of the 15th International Conference on Computing (CIC'06), 2006.
[4]A Parakh, “Oblivious Transfer based on key Exchange,” Cyptologia, Vol. 32-1, 2008, pp. 37-44.
[5]A. Sadeghi, “How to break a semi-anonymous fingerprinting scheme,” Information Hiding 2001, LNCS 2137, Springer-Verlage, 2001, pp. 384-394.
[6]B. Aiello, Y. Ishai, and O. Reingold, “Priced Oblivious Transfer: How to sell Digital Goods”, Advances in Cryptology – Eurocrypt 2001, LNCS 2045, 2001, pp. 119-135.
[7]B. Chor, O. Goldreich, E. Kushilevitz, and M. Susdan. “Private Information Retrieval,” Journal of the ACM 45(6), 1998, pp. 965-982.
[8]C. Crepeau and J. Kilian, “Achieving oblivious transfer using weakened security assumptions”, Proceedings of the 28th symposium on Foundations of Computer Science (Focs ‘88), IEEE, 1988, pp. 42-52.
[9]C. K. Chu and W. G. Tzeng, “Conditional oblivious cast” Proceedings of the Public Key Cryptography (PKC ‘06), Vol. 3958 of LNCS, Springer-Verlag, 2006, pp. 443-457.
[10]G. Brassard and C. Crepeau, “Oblivious Transfer and Privacy Amplification”, Proceedings Advances in Cryptology (Eurocrypt’97), 1997, pp. 334-346.
[11]G. D. Crescenzo, R. Ostrovsky, and S. Rajagopalan. “Conditional oblivious transfer and time-released encryption.” In Proc. EUROCRYPTO 99, LNCS, Vol. 1592, Springer-Verlag, 1999, pp. 74–89.
[12]H. F. Huang and C. C. Chang, "A New Design for Efficient t-out-n Oblivious Transfer Scheme," Proceedings of The First International Workshop on Information Networking and Applications, Vol. 2, Mar. 2005, pp. 499-502.
[13]H. Y. Lin and W. G. Tzeng. “An Efficient Solution to The Millionaires’ Problem Based on Homomorphic Encryption.” In proceedings of Applied Cryptography and Network Security 2005(ACNS’05), Vol. 3531 of LNCS, Springer-Verlag, 2005, pp. 456-466.
[14]I. F. Blake and V. Kolesnikov, “Strong Conditional Oblivious Transfer and Computing on Intervals” Proceedings of Advances in Cryptology ASIACRYPT 2004, LNCS 3329, Springer-Verlag Berlin Heidelberg, 2004, pp. 515–529.
[15]J. Domingo-Ferrer, “Anonymous fingerprinting based on committed oblivious transfer” PKC99, LNCS 1560, Springer-Verlag, 1999, pp.43-52.
[16]J. Ghoi, G. hanaoka, K. Rhee, and H. Imai, “How to Break COT-based Fingerprinting Schemes and Design New One”, IEICE TRANS. FUNDAMENTALS, Vol. E88A, No. 10, 2005, pp. 2800-2807.
[17]J. P. Stern, “A New and Efficient All-or-Nothing Disclosure of Secrets Protocol”, Proceedings Advances in Cryptology (Asiacrypt’98), 1998, pp. 357-371.
[18]J Ren, and L Harn, “Generalized Ring Signatures,” IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 3, 2008.
[19]K. Frikken, and M. Atallah, “Achieving Fairness in Private Contract Negotiation”, Financial Cryptography and Data Security: 9th International Conference, FC’05, 2005, pp. 270-285.
[20]K. Kurosawa and Q. Duong “How to Design Efficient Multiple-Use 1-out-n Oblivious Transfer,” IEICE Trans. Fundamentals, Vol. E87–A, No. 1, 2004, pp. 141-146.
[21]L. Harn and H. Y. Lin, “Noninteractive Oblivious Transfer”, Electronics Letters, Vol. 26, No. 10, 1990, pp. 635-636.
[22]M. Bellare and S. micali, “non-interactive oblivious transfer”, In Proceedings of Advances in Cryptology – Crypto 89, LNCS 435, Springer-Verlag, 1990, pp. 547-557.
[23]M. Blum, and M. Rabin, “How to send certified electronic mail”, Dept. EECS, University of California, Berkeley, Calif, 1981.
[24]M. Blum, “Three Application in of Oblivious Transfer: Part I: Coin flipping by telephone; Part II: How to exchange secrets; Part III: How to send certified electronic mail”, Dept. EECS, University of California, Berkeley, Calif, 1981.
[25]M. Naor and B. Pinkas, “Efficient Oblivious Transfer Protocols”, Proceedings 12th Ann. Symp. Discrete Algorithms, 2001, pp. 448-457.
[26]M. Naor and B. Pinkas, “Oblivious Transfer and Polyomial Evaluation”, Proc. 31st ACM Symp. Theory of Computing, 1999, pp. 145-254
[27]M. Naor and B. Pinkas, “Computationally Secure Oblivious Transfer”, Crypot 99, 1999.
[28]M. Rabin, “How to Exchange Secrets by Oblivious Transfer,” Technical Report TR-81, Aiken Computation Laboratory, Harvard University, 1981.
[29]M. Rabin, “Exchange of secrets”. Dept. of Applied Physics, Harvard University, Cambridge, Mass, 1981.
[30]N. Y. Lee and C.C. Wang, “Verifiable Oblivious Transfer Protocol,” IEICE Trans. Information and Systems, Vol. E88–D, No. 12, 2005, pp. 2890-2892.
[31]P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes.” In Proc, EUROCRYPT 99, LNCS, Vol. 1592, Springer-Verlag, 1999, pp. 223–238.
[32]Q. Wu, J. Zhang and Y. Wang, ”Practical m-out-of-n Oblivious Transfer and Its Applications,” Information and Communications Security, ICICS’03, LNCS 2836, 2003, pp. 226-237.
[33]R. L. Rivest, “Unconditionally secure commitment and oblivious transfer schemes using private channels and a trusted initializer,” Unpublished manuscript, 1999.
[34]R. Rivest, A. Shamir and L. Adleman. “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, Vol. 21, 1978, pp. 120-126.
[35]S. Even, O. Goldreich, and A. Lempel, “Randomized Protocol for Singning Contracts”, Communications of the ACM, Vol. 28, 1985, pp. 637-647.
[36]S. Matsuo, W. Ogata, “Matching Oblivious Transfer: How to Exchange Valuable Data”, IEICE TRANS. FUNDAMENTALS, Vol. E86A, No. 1, 2003, pp. 189-193.
[37]T. ELGamal, “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Trans. On Information Theory, Vol. IT-31, No. 4, 1985, pp. 469-472.
[38]T. Pedersen, “Non-Interactive and Information-Theoretical Secure Verifiable Secret Sharing”, Proc. Advances in Cryprology (Crypto ‘91), 1991, pp. 129-140.
[39]W. Diffie, and M. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. IT-22, No. 6, 1976, pp. 644-654.
[40]W.G. Tzeng, “Efficient Oblivious Transfer Scheme”, Proceedings of 2001 International Workshop on Practice and Theory in Public-Key Cryptography (PKC 02), LNCS 2274, Springer-Verlag, 2002.
[41]W.G. Tzeng, “Efficient 1-out-of-n oblivious transfer schemes with universally reusable parameters”, IEEE Transactions on Computers 53(2), 2004, pp. 232-240.
[42]W.G. Tzeng, “Efficient 1-out-of-n Oblivious Transfer Schemes”, PKC’02, 2002, pp. 159-171.
[43]Y. H. Chen, and T. Hwang, “ID-based non-interactive zero-knowledge Proof System Based on one-out-of-two Noninteractive Oblivious Transfer,” Computer Communications, Vol. 18, No. 12, 1995, pp. 993-996.
[44]Y. Mu, J. Zhang, V. Varadharajan, and Y. X. Lin, “Robust Non-Interactive Oblivious Transfer,” IEEE Communications Letters, Vol. 7, No. 4, 2003, pp. 153-155.
[45]Y. Mu, J. Zhang, and V. Varadharajan, “m out of n Oblivious Transfer”, ACISP 2002, LNCS 2384, 2002, pp. 395-405.