臺灣博碩士論文加值系統

由於網路是一個公開且透明的環境，透過網路進行通訊時，可能潛藏許多危機與攻擊，因此必須藉由密碼系統來保護通訊雙方的隱私安全，而模糊傳輸協定被視為密碼學中重要的基礎通訊技術，主要是因為模糊傳輸的機制可以被應用在許多方面，例如：電子商務、秘密資料交換、電子契約等等。在n選t的模糊傳輸協定中，傳送方擁有n個訊息，接收方可以選擇其中t個訊息，但傳送方無法得知接收方選擇的是哪t個訊息，接收方也無法得知其餘未選擇的n-t個訊息內容為何。將橢圓曲線密碼系統應用到模糊傳輸協定上，以點運算取代指數運算，相較於其它的密碼系統，不僅可以減少計算量，同時也可強化協定的安全性。
現今基於橢圓曲線密碼系統的模糊傳輸協定可區分為「先加密訊息後計算金鑰」與「先計算金鑰後加密訊息」二個運作模式。「先加密訊息後計算金鑰」是現今最普遍的模糊傳輸機制，無論是在2選1模糊傳輸協定、n選1模糊傳輸協定與n選t模糊傳輸協定的問題上已經有許多演算法與傳輸協定的導出與討論，但是在「先計算金鑰後加密訊息」的模式下，目前大部分相關的文獻中只有針對2選1模糊傳輸協定與n選1模糊傳輸協定的問題上有所討論，對於更為實用與複雜的n選t模糊傳輸協定的問題上缺乏完整的研究討論與設計實現。因此本論文特別針對此一問題，提出一個可基於橢圓曲線密碼系統技術下「先計算金鑰後加密訊息」模式下的n選t模糊傳輸協定。
本論文提出的n選t模糊傳輸協定除了利用橢圓曲線密碼系統的特性大幅降低了計算量之外，亦使用數學上Cantor配對函數來設計金鑰，以有效地區分出t個要選取與解密的訊息，但本協定的整體訊息傳輸量仍高於一般「先加密訊息後計算金鑰」模式下的n選t模糊傳輸協定，因此在本論文中進一步延伸討論如何將Cantor配對函數應用至模糊傳輸的協定上，以降低訊息的總傳輸量，使n選t模糊傳輸能更能符合實際應用上高安全性、高效率與低頻寬的需求。

The Internet is an open, public and transparent environment in which various security threats and malicious attack are hidden during communications. Cryptosystems are therefore utilized for protecting the privacy of communication parties. An oblivious transfer protocol has been regarded as an important secure communication technique in cryptology, mainly because the oblivious transfer mechanism could be applied to e-commerce, confidential information exchange, e-contract, and so on. In the t-out-of-n oblivious transfer protocol, the sender possesses n pieces of information, from which the receiver could choose t pieces of information. However, the sender could not know which information is selected by the receiver and the receiver does not know the contents of the rest n-t pieces of information. Comparing to other cryptosystems, applying elliptic curve cryptosystems to the oblivious transfer protocol and replacing exponent operations with point operations not only could reduce the computational cost of oblivious transfer but also reinforce the protocol security.
Current elliptic curve cryptosystem based oblivious transfer systems could be divided into the operation models of “first encrypting message and then calculating the key” and “first calculating the key and then encrypting message”. The former is the commonest oblivious transfer mechanism currently, with which 1-out-of-2, 1-out-of-n, and t-out-of-n oblivious transfer protocols have been derived from various algorithms and transfer protocols and discussed. Nevertheless, most research, under the model of “first calculating the key and then encrypting message”, focuses on 1-out-of-2 and 1-out-of-n oblivious transfer protocols. More practical and complicated t-out-of-n problems are lack of complete research discussion and design implementation. Aiming at such a problem, the t-out-of-n oblivious transfer protocol based on the model of “first calculating the key and then encrypting information” under the elliptic curve cryptosystem technology is proposed in this study.
In addition to largely reducing the calculation amount with the characteristics of elliptic curve cryptosystems, the proposed t-out-of-n oblivious transfer protocol also designs the key with Cantor pairing function to effectively distinguish t pieces of selected and decrypted information. Nonetheless, the overall information transfer amount through this protocol is higher than general t-out-of-n oblivious transfer protocols under the model of “first encrypting message and then calculating the key”. The application of Cantor pairing function to oblivious transfer protocols is therefore extended in this study to reduce the total information transfer amount and allow t-out-of-n oblivious transfer better conforming to the practical requirements of high security, high efficiency, and low bandwidth.

第一章 緒論 1
第一節 研究背景 1
第二節 研究動機 4
第三節 研究目的 5
第四節 章節概要 6
第二章 文獻探討 7
第一節 密碼系統 7
第二節 雙鎖密碼系統 8
第三節 橢圓曲線密碼系統 9
第四節 模糊傳輸協定 10
第五節 模糊傳輸協定之應用 15
第六節 基於橢圓曲線密碼系統之模糊傳輸協定 16
第三章 「先計算金鑰後加密訊息」的n選t模糊傳輸協定 23
第一節 先加密訊息後計算金鑰 23
第二節 先計算金鑰後加密訊息 26
第三節 Cantor 配對函數 28
第四節 基於橢圓曲線密碼系統之「先計算金鑰後加密訊息」的n選t模糊傳輸協定 30
第四章 Cantor配對函數應用於模糊傳輸協定之延伸討論 37
第一節 Cantor 廣義n元雙映射配對函數 37
第二節 基於Cantor配對函數之模糊傳輸協定 38
第五章 結論與未來展望 44
第一節 研究回顧與結論 44
第二節 未來展望 45
參考文獻 46

[1]Aiello, B., Ishai, Y. & Reingold, O. (2001). Priced oblivious transfer: How to sell digital goods, Lecture Notes in Computer Science, 2045, 119-135. doi:10.1007/3-540-44987-6_8.
[2]Bellare, M. & Micali, S. (1989). Non-Interactive Oblivious Transfer and Applications. Advances in Cryptology — CRYPTO’ 89 Proceedings, 435, 547-557. doi:10.1007/0-387-34805-0_48.
[3]Blum, M. (1981). Three applications of the oblivious transfer: Part I: Coin flipping by telephone; Part II: How to exchange secrets; Part III: How to send certified electronic mail. University of California, Berkeley, CA.
[4]Brassard, G. & Crépeau, C. (1997, May). Oblivious transfers and privacy amplification. In Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques, 16(4), 219-237.
[5]Cegielski, P. & Richard, D. (1999). On arithmetical first-order theories allowing encoding and decoding of lists. Theoretical Computer Science, 222(1), 55-75.
[6]Cégielski, P. & Richard, D. (2001). Decidability of the theory of the natural integers with the cantor pairing function and the successor. Theoretical Computer Science, 257(1), 51-77.
[7]Chang, C. C. & Lee, J. S. (2009). Robust t-out-of-n oblivious transfer mechanism based on CRT. Journal of network and computer applications, 32(1), 226-235.
[8]Chen, S. W., Chiang, D. L., Liu, C. H., Chen, T. S., Lai, F., Wang, H. & Wei, W. (2016). Confidentiality Protection of Digital Health Records in Cloud Computing. Journal of medical systems, 40(5), 1-12.
[9]Chen, Y., Chou, J. S. & Hou, X. W. (2010). A novel k-out-of-n Oblivious Transfer Protocols Based on Bilinear Pairings. IACR Cryptology ePrint Archive, 2010, 27.
[10]Chor, B., Kushilevitz, E., Goldreich, O. & Sudan, M. (1998). Private information retrieval. Journal of the ACM (JACM), 45(6), 965-981.
[11]Chou, T. & Orlandi, C. (2015). The Simplest Protocol for Oblivious Transfer. Progress in Cryptology--LATINCRYPT 2015, 40-58. doi:10.1007/978-3-319-22174-8_3.
[12]Di Crescenzo, G., Malkin, T. & Ostrovsky, R. (2000). Single database private information retrieval implies oblivious transfer. International Conference on the Theory and Applications of Cryptographic Techniques, 122-138. doi:10.1007/3-540-45539-6_10.
[13]Even, S., Goldreich, O. & Lempel, A. (1985). A randomized protocol for signing contracts. Communications of the ACM, 28(6), 637-647.
[14]Fueter, R. & Pólya, G. (1923). Rationale abzählung der gitterpunkte. Vierteljschr. Naturforsch. Ges. Zürich, 58, 380-386.
[15]Harn, L. & Lin, H. Y. (1990). Noninteractive oblivious transfer. Electronics Letters, 26(10), 635-636.
[16]Huang, H. F. & Chang, C. C. (2007). A new t-out-n oblivious transfer with low bandwidth. Applied Mathematical Sciences, 1(7), 311-320.
[17]Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of computation, 48(177), 203-209.
[18]Kocher, P. C. (1996, August). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Annual International Cryptology Conference, 104-113. doi:10.1007/3-540-68697-5_9.
[19]Li, J. Y.(2008). Oblivious Transfer Protocols Based on Elliptic Curve Cryptography, Department of Information Management, Southern Taiwan University of Science and Technology, unpublished.
[20]Lisi, M. (2007). Some remarks on the Cantor pairing function. Le Matematiche, 62(1), 55-65.
[21]Merkle, R. C. (1980, April). Protocols for Public Key Cryptosystems. IEEE Symposium on Security and privacy, 122. doi:10.1109/SP.1980.10006.
[22]Miller, V. S. (1985). Use of elliptic curves in cryptography. Advances in Cryptology—CRYPTO’85 Proceedings, 417-426. doi:10.1007/3-540-39799-X_31.
[23]Mu, Y., Zhang, J. & Varadharajan, V. (2002). m out of n Oblivious Transfer. Proc. of the 7th Australasian Conference on Information Security and Privacy (ACISP'02), LNCS 2384, 395-405. doi:10.1007/3-540-45450-0_30.
[24]Mu, Y., Zhang, J., Varadharajan, V. & Lin, Y. X. (2003). Robust non-interactive oblivious transfer. The Institute of Electrical and Electronics Engineers, 7(4), 153-155.
[25]Naor, M. & Pinkas, B. (1999). Oblivious transfer and polynomial evaluation. Proceedings of the thirty-first annual ACM symposium on Theory of computing, 245-254. doi:10.1145/301250.301312.
[26]Naor, M. & Pinkas, B. (2001). Efficient oblivious transfer protocols. Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms, 448-457.
[27]Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. International Conference on the Theory and Applications of Cryptographic Techniques, 223-238. doi:10.1007/3-540-48910-X_16.
[28]Parakh, A. (2006). Oblivious Transfer Using Elliptic Curves. IEEE CIC'06. 15th International Conference on Computing, 323-328. doi:10.1109/CIC.2006.49.
[29]Parakh, A. (2012). Communication Efficient Oblivious Transfer Using Elliptic Curves. IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), 173-174. doi:10.1109/HASE.2012.14.
[30]Rabin, M. O. (1981). How to Exchange Secrets with Oblivious Transfer. IACR Eprint archive.
[31]Rivest, R. L. Shamir, A. & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
[32]Stern, J. P. (1998). A new and efficient all-or-nothing disclosure of secrets protocol. International Conference on the Theory and Application of Cryptology and Information Security, 357-371. doi:10.1007/3-540-49649-1_28.
[33]Tarau, P. (2012). Deriving a fast inverse of the generalized cantor N-tupling bijection. LIPIcs-Leibniz International Proceedings in Informatics, 17, 312-322.
[34]Tzeng, W. G. (2004). Efficient 1-out-of-n oblivious transfer schemes with universally usable parameters. IEEE Transactions on Computers, 53(2), 232-240.
[35]Wakaha, O., & Ryota, S. (2004). k out of n Oblivious Transfer without Random Oracle. IEICE Transactions on Fundamentals of Electronics, Communication and Computer Sciences, 87(1), 147-15.
[36]Wu, Q. H., Zhang, J. H. & Wang, Y. M. (2003). Practical t-out-n oblivious transfer and its applications. International Conference on Information and Communications Security, 226-237. doi:10.1007/978-3-540-39927-8_21.
[37]Zeng, B., Tang, X., Xu, P. & Jing, J. (2011). Practical Frameworks For h-Out-Of-n Oblivious Transfer With Security Against Covert and Malicious Adversaries. IEEE Transactions on Information Forensics and Security, 7(2), 465-479.