臺灣博碩士論文加值系統

模糊傳送協定是密碼學中一個重要的基礎技術，在模糊傳送協定中有傳送方及接收方，傳送方想傳送所擁有的秘密值給接收方，接收方可以選擇想要的秘密值，然而傳送方不能知道接收方選擇那些秘密值，此外，接收方除了所選擇的秘密值之外，其他一概不能獲得。在模糊傳送裡，用訊息的傳輸量可分為非有即無模糊傳送協定、2選1模糊傳送協定、n選1模糊傳送協定和n選t模糊傳送協定。由於現今植基於橢圓曲線技術的模糊傳送協定只發展到2選1模糊傳送協定，因此本論文再更進一步的提出了植基於橢圓曲線密碼技術的n選1模糊傳送協定和n選t模糊傳送協定，強化了模糊傳送協定的應用環境與效能。

Oblivious transfer protocol is an important research topic in the field of cryptography. It includes two parties: Sender and Receiver, where sender wants to convey secret values to receiver, and receiver can choose the secret value he wanted. But the sender cannot know which secret value the receiver chose. Moreover, the receiver cannot get any secret values that he did not choose. According to the amount of secret values that the sender holds and the receiver can choose, oblivious transfer protocols can be classified as all or nothing oblivious transfer protocols, 1 out of 2 oblivious transfer protocols, 1 out of n oblivious transfer protocols and t out of n oblivious transfer protocols. However, only 1 out of 2 oblivious transfer protocols based on elliptic curve cryptography are designed. Therefore, this essay will propose 1 out of n oblivious transfer protocol and t out of n oblivious transfer protocol based on elliptic curve cryptography to enhance the effects and extend the applied environments.

目　　次
摘要…………………………………………………………………….……..………..i
ABSTRACT…………………………………………………………..………….……ii
誌謝…………………………………………………………..………….……………iii
次目………………………………………..………………………………….….…iv
表目錄………………………………………………..…………………………….…vi
圖目錄……………………………………………..……………………….…….…..vii
第一章 緒 論……………………………………...……………………….……..1
1.1 研究背景……………….……………………………………………….….1
1.2 研究動機與目的……….……………………………….…………….…....7
1.3 章節概要……………….…………………………………………….…….8
第二章 文獻探討………………………………………….................………....…..9
2.1 橢圓曲線密碼系統……………………………….................………….…9
2.1.1 橢圓曲線簡介……………..………………….............................…9
2.1.2 橢圓曲線的加解密……….………….......................................…12
2.1.3 橢圓曲線密碼系統的安全性……..………..............................…13
2.2 基於橢圓曲線密碼技術之模糊傳送協定….…….............................….13
2.2.1 非有即無模糊傳送協定……………......................................……14
2.2.2 2選1模糊傳送協定…………...…………...............................….16
第三章 基於橢圓曲線密碼技術之n選1模糊傳送協定….............................….19
3.1 n選1模糊傳送協定……………….………………............................….19
3.1.1 系統設定…………………………………...............................…..19
3.1.2 訊息傳送……………….........................................................…..20
3.2 安全分析…………………………………….………...............................22
3.3 效能分析…………………………………….……...............................…24
第四章 基於橢圓曲線密碼技術之n選t模糊傳送協定……...........................…27
4.1 n選t模糊傳送協定…………………….................………………..……27
4.1.1 系統設定…………………………...……….............................….28
4.1.2 訊息傳送……………………………………….............................28
4.2 安全分析…………………….……………………...............................…30
4.3 效能分析…………………….……………………............................…...33
第五章 結論與未來展望……………………………………….............................36
5.1 結論…………………………….……………………...............................36
5.2 未來展望……………………………..………………..............................36
參考文獻………………………………………………………….............................38

[1]A. Beimel and Y. Stahl, “Robust Information-Theoretic Private Information Retrieval”, Proc. of the 3rd Conference on Security in Communication Networks, vol. 2576 of Lecture Notes in Computer Science, pp. 326-341, 2002.
[2]A. Parakh “Oblivious Transfer using Elliptic Curves,” Proceedings of the 15th International Conference on Computing (CIC'06), 2006.
[3]A. Sadeghi, “How to break a semi-anonymous fingerprinting scheme,” Information Hiding 2001, LNCS 2137, pp. 384-394, Springer-Verlage, 2001.
[4]B. Aiello, Y. Ishai, O. Reingold, “Priced Oblivious Transfer: How to sell Digital Goods”, Advances in Cryptology – Eurocrypt 2001, LNCS 2045, pp. 119-135, 2001.
[5]B. Chor, O. Goldreich, E. Kushilevitz, M. Susdan. “Private Information Retrieval,” Journal of the ACM 45(6), pp. 965-982, 1998.
[6]B. Chor, O. Goldreich, Eyal Kushilevitz and Madhu Sudan, “Private Information Retrieval”, Journal of ACM,45, pp. 965-981, 1998.
[7]B. Chor, O. Goldreich, Eyal Kushilevitz, Madhu Sudan, “Private Information Retrieval”, In Proc. of the 36 th IEEE Symposium on Foundations of Computer Science (FOCS), pp.41-50, 1995.
[8]C. Crepeau and J. Kilian, “Achieving oblivious transfer using weakened security assumptions”, Proceedings of the 28th symposium on Foundations of Computer Science (Focs ‘88), pp. 42-52, IEEE, 1988.
[9]C. K. Chu and W. G. Tzeng, “ Conditional oblivious cast” Proceedings of the Public Key Cryptography (PKC ‘06), Volume 3958 of LNCS,page 443-457, Springer-Verlag, 2006.
[10]D. Asonov, “Private Infornation Retrieval – An overview and current trends.Proceedings of the ECDPvA Workshop”, Informatik 2001,Vienna, Austria, September 2001.
[11]D. Asonov, J C. Freytag , “Private Information Retrieval”, Optimal for Users and Secure Coprocessors, 2002.
[12]D. Asonov, J C. Freytag,” Almost Optimal Private Information Retrieval”, Privacy Enhancing Technologies, pp. 239-243, 2003.
[13]D. Johnson, A. Menezes, and S. Vanstone, “The Elliptic Curve Digital Signature Algorithm (ECDSA)”,International Journal of Information Security,Vol. 1,Issue 1,Springer-Verlag, pp.33-36, 2001.
[14]E. Y. Yang, X. Jie and K. H. Bennett, “A Fault-Tolerant Approach to Secure Private Retrieval”, IEEE , pp. 12~21, 2002.
[15]E. Y. Yang, X. Jie. and K. H. Bennett, “Private Information Retrieval in the Presence of Malicious Failures”, Computer Software and Applications Conference, COMPSAC, pp. 805-810, 2002.
[16]E. Mohammed,A. E. Emarah,K. El-Shennawy, ”Elliptic Cure Cryptosystems on Smart Cards”, Security Technology,2001 IEEE 35th International Carnahan Conference on Oct 2001, pp. 213-222, 2001.
[17]G. Brassard and C. Crepeau, “Oblivious Transfer and Privacy Amplification”, Proceedings Advances in Cryptology (Eurocrypt’97), pp.334-346, 1997.
[18]G. D. Crescenzo, R. Ostrovsky, and S. Rajagopalan. “Conditional oblivious transfer and time-released encryption.” In Proc. EUROCRYPTO 99, pages 74–89 Lecture Notes in Computer Science, vol. 1592, Springer-Verlag, 1999.
[19]H. F. Huang and C. C. Chang, "A New Design for Efficient t-out-n Oblivious Transfer Scheme," Proceedings of The First International Workshop on Information Networking and Applications, pp. Vol. 2, 499-502, Mar. 2005.
[20]H. Huang and C. Chang, “A New Design for Efficient t-out-of-n Oblivious Transfer Scheme,” In Proc. of the 19th International Conference on Advanced Information Networking and Applications (AINA’05), Vol. 2, pp. 499-502, 2005.
[21]I. F. Blake and V. Kolesnikov, “Strong Conditional Oblivious Transfer and Computing on Intervals” Proceedings of Advances in Cryptology ASIACRYPT 2004, LNCS 3329, pp. 515–529, 2004, Springer-Verlag Berlin Heidelberg, 2004.
[22]J. Domingo-Ferrer, “Anonymous fingerprinting based on committed oblivious transfer” PKC99, LNCS 1560, pp.43-52, Springer-Verlag, 1999.
[23]J. Ghoi, G. hanaoka, K. Rhee, and H. Imai, “How to Break COT-based Fingerprinting Schemes and Design New One”, IEICE TRANS. FUNDAMENTALS, VOL.E88 A, NO.10 pp.2800-2807, 2005.
[24]J. Pollard,“Monte Carlo Method for index computation mod p”,Mathematics of Computation, Vol.32, pp.918-924, 1978.
[25]J. P. Stern, “A New and Efficient All-or-Nothing Disclosure of Secrets Protocol”, Proceedings Advances in Cryptology (Asiacrypt’98), pp. 357-371, 1998.
[26]K. Frikken, M. Atallah, “Achieving Fairness in Private Contract Negotiation”, Financial Cryptography and Data Security: 9th International Conference, FC’05, pp.270-285, 2005.
[27]K. Kurosawa and Q. Duong “How to Design Efficient Multiple-Use 1-out-n Oblivious Transfer,” IEICE Trans. Fundamentals, Vol.E87–A, No.1, pp.141-146, 2004.
[28]L. Harn and H. Y. Lin, “Noninteractive Oblivious Transfer”, Electronics Letters, vol.26, No.10, pp.635-636, 1990.
[29]M. Bellare and S. micali, “non-interactive oblivious transfer”, In Proceedings of Advances in Cryptology – Crypto 89, Lecture Notes in Computer Science 435, pp.547-557, Springer-Verlag, 1990.
[30]M. Blum, “Three Application in of Oblivious Transfer: Part I: Coin flipping by telephone; Part II: How to exchange secrets; Part III: How to send certified electronic mail”, Dept. EECS, University of California, Berkeley, Calif, 1981.
[31]M. Blum, M. Rabin, “How to send certified electronic mail”, Dept. EECS, University of California, Berkeley, Calif, 1981.
[32]M. Naor and B. Pinkas, “Computationally Secure Oblivious Transfer”, Crypot 99, 1999.
[33]M. Naor and B. Pinkas, “Efficient Oblivious Transfer Protocols”, Proceedings 12th Ann. Symp. Discrete Algorithms, pp. 448-457, 2001.
[34]M. Naor and B. Pinkas, “Oblivious Transfer and Polyomial Evaluation”, Proc. 31st ACM Symp. Theory of Computing, pp. 145-254, 1999.
[35]M. Rabin, “Exchange of secrets”. Dept. of Applied Physics, Harvard University, Cambridge, Mass, 1981.
[36]M. Rabin, “How to Exchange Secrets by Oblivious Transfer,” Technical Report TR-81, Aiken Computation Laboratory, Harvard Univ, 1981.
[37]N. Y. Lee and C.C. Wang, “Verifiable Oblivious Transfer Protocol,” IEICE Trans. Information and Systems, Vol.E88–D, No.12, pp.2890-2892, 2005.
[38]P. Gutmann, “An open-source cryptographic coprocessor”, In Proc. of the 9th Usenix Security Symposium, 2000.
[39]P. Oorschot, M. Wiener,“Parallel collision search with cryptanalysis applications”,Journal of Cryptology, Vol.12, pp.1-28, 1999.
[40]Q. Wu, J. Zhang and Y. Wang, ”Practical m-out-of-n Oblivious Transfer and Its Applications,” Information and Communications Security, ICICS’03, LNCS 2836, pp. 226-237, 2003.
[41]R. L. Rivest, “Unconditionally secure commitment and oblivious transfer schemes using private channels and a trusted initializer,” unpublished manuscript, 1999.
[42]S. Even, O. Goldreich, and A. Lempel, “Randomized Protocol for Singning Contracts”, Communications of the ACM, vol.28, pp.637-647, 1985.
[43]S. Matsuo W. Ogata, “Matching Oblivious Transfer: How to Exchange Valuable Data”, IEICE TRANS. FUNDAMENTALS, VOL.E86 A, NO.1 pp. 189-193, 2003.
[44]S. Pohlig, M. Hellman,“An Improved Algorithm for Computing Logarithms Over GF(p) and Its Cryptographic Significance”, IEEE Trans on Information Theory, 24(1), pp.106-110, 1978.
[45]S. W. Smith and D. Safford, “Practical private information retrieval with secure coprocessors”, Technical report, IBM Research Division, T. J. Watson Research Center, July 2000.
[46]S. W. Smith and D. Safford, “Practical server privacy with secure coprocessors”, IBM System Journal, September 2001.
[47]S. W. Smith, E. R. Palmer and S. H. Weingart, “Using a high-performance, programmable secure coprocessor”, In Proceedings of the 2 nd International Conference on Financial Cryptography, February 1998.
[48]T. Pedersen, “Non-Interactive and Information-Theoretical Secure Verifiable Secret Sharing”, Proc. Advances in Cryprology (Crypto ‘91), pp. 129-140, 1991.
[49]W. Tzeng, “Efficient 1-out-of-n Oblivious Transfer Schemes”, PKC’02, pp. 159-171, 2002.
[50]W. G. Tzeng, “Efficient Oblivious Transfer Scheme”, Proceedings of 2001 International Workshop on Practice and Theory in Public-Key Cryptography (PKC 02), Lecture Notes in Computer Science 2274, Springer-Verlag, 2002.
[51]Y. Mu, J. Zhang, and V. Varadharajan, “m out of n Oblivious Transfer”, ACISP 2002, LNCS 2384, pp. 395-405, 2002.
[52]Y. Mu, J. Zhang, V. Varadharajan, and Y. X. Lin, “Robust Non-Interactive Oblivious Transfer,” IEEE Communications Letters, vol. 7, no. 4, pp.153-155, 2003.