èŠ‚ç‚¹æ–‡çŒ®

å¯†ç å¦ä¸ä¿¡æ¯ç†è®ºå®‰å…¨çš„ç ”ç©¶

Research on Information-theoretic Security in Cryptography

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ åˆ˜èƒœåˆ©ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ è¥¿å®‰ç”µåç§‘æŠ€å¤§å¦ ï¼Œ å¯†ç å¦ï¼Œ 1999ï¼Œ åšå£«

ã€æ‘˜è¦ã€‘ ç›®å‰çš„å¯†é’¥ç³»ç»Ÿæ— è®ºæ˜¯å•é’¥ä½“åˆ¶è¿˜æ˜¯å…¬é’¥ä½“åˆ¶éƒ½å»ºç«‹åœ¨è®¡ç®—å®‰å…¨çš„æ¨¡åž‹ä¸Šã€‚åŽŸåˆ™ä¸Šè®²ï¼Œåˆ©ç”¨ç©·ä¸¾å¯†é’¥æ³•æ€»å¯ä»¥å°†ä¸Šè¿°çš„å¯†ç ç³»ç»Ÿé€ä¸ªæ”»ç ´ã€‚æœ¬æ–‡çš„ç ”ç©¶å·¥ä½œé’ˆå¯¹ä¿¡æ¯ç†è®ºå®‰å…¨å³æ— æ¡ä»¶å®‰å…¨å±•å¼€ã€‚å‡å®šæ•Œæ‰‹æ‹¥æœ‰æ— é™çš„æ—¶é—´ã€è®¾å¤‡å’Œèµ„é‡‘ï¼Œå¯¹æ•Œæ‰‹çš„è®¡ç®—èƒ½åŠ›ä¸åšä»»ä½•é™åˆ¶ï¼Œé‚£ä¹ˆå³ä½¿æ•Œæ‰‹èƒ½åœ¨å¾ˆçŸçš„æ—¶é—´å†…å°†æ‰€æœ‰çš„å¯†é’¥éƒ½éåŽ†ä¸€éçš„è¯ï¼ŒåŸºäºŽä¿¡æ¯ç†è®ºå®‰å…¨æ¨¡åž‹çš„å¯†ç ç³»ç»Ÿä¹Ÿä¸ä¼šè¢«æ”»ç ´ã€‚éšç€ç§‘æŠ€çš„è¿…çŒ›å‘å±•ï¼Œå…·æœ‰æ— é™è®¡ç®—èƒ½åŠ›çš„é‡åè®¡ç®—æœºåŠDNAè®¡ç®—æœºçš„å®žçŽ°ä¹Ÿä¸æ˜¯æ¢¦æƒ³ï¼Œæ•…æ— æ¡ä»¶å®‰å…¨æ¨¡åž‹çš„å»ºç«‹æœ‰ç€éžå¸¸çŽ°å®žçš„æ„ä¹‰ã€‚ é€šè¿‡é€‚å½“åœ°ä¿®æ”¹Shannonçš„å®Œå–„ä¿å¯†æ¨¡åž‹ï¼Œå¯ä»¥ä½¿ä¹‹æˆä¸ºä¸€ä¸ªæ›´åŠ æŽ¥è¿‘äºŽå®žé™…è€Œä¸”æ˜¯å¯è¯æ˜Žå®‰å…¨çš„æ— æ¡ä»¶å®‰å…¨å¯†ç ä½“åˆ¶ã€‚ç¬¬ä¸€ä¸ªä¿®æ”¹å°±æ˜¯æ”¾æ¾Shannonå¯¹æ˜Žæ–‡å’Œå¯†æ–‡æ¯«ä¸ç›¸å…³çš„é™åˆ¶ï¼Œä½¿æ˜Žæ–‡å’Œå¯†æ–‡æœ‰ä»»æ„å°çš„ç›¸å…³æ€§ï¼›ç¬¬äºŒä¸ªä¿®æ”¹æ˜¯åŽ»é™¤æ•Œæ‰‹èƒ½å¤ŸæŽ¥å—ä¸Žåˆæ³•ç”¨æˆ·ä¸€æ ·çš„ä¿¡æ¯è¿™ä¸€å‡è®¾ã€‚ç›®å‰æ‰€æå‡ºçš„æœ€å…¸åž‹çš„ä¸¤ä¸ªå®žçŽ°å°±æ˜¯é‡åä¿¡é“å’Œæœ‰æ‰°ä¿¡é“ã€‚ æ— è®ºæ˜¯é‡åä¿¡é“è¿˜æ˜¯æœ‰æ‰°ä¿¡é“ï¼Œéƒ½å¯ä»¥æŠ½è±¡ä¸ºè¿™æ ·ä¸€ä¸ªæ¨¡åž‹ï¼šé€šä¿¡åŒæ–¹Aliceå’ŒBobåŠæ•Œæ‰‹Eveåˆ†åˆ«å¾—åˆ°æ¦‚çŽ‡åˆ†å¸ƒä¸ºP_XYZçš„X,Y,Zä¸‰ä¸ªéšæœºå˜é‡ï¼Œä¹‹åŽä»–ä»¬åœ¨å…¬å…±ä¿¡é“ä¸Šè¿›è¡Œæ— æ¡ä»¶å®‰å…¨çš„ç§˜å¯†é’¥åå•†ã€‚ä¸€èˆ¬å¯ä»¥åˆ†ä¼˜å…ˆæå–ï¼Œä¿¡æ¯åå•†å’Œä¿å¯†å¢žå¼ºä¸‰ä¸ªé˜¶æ®µæ¥è¿›è¡Œã€‚ åœ¨è¿™ä¸€ç ”ç©¶é¢†åŸŸï¼Œä½œè€…çš„ä¸»è¦ç ”ç©¶æˆæžœå¦‚ä¸‹ï¼š 1.åœ¨è®¤è¯ä¿¡é“ä¸Šçš„åå•†ä¸ï¼Œç ”ç©¶äº†Aliceå’ŒBobé—´çš„ä¿¡æ¯åè°ƒæ‰€äº§ç”Ÿçš„è¾¹ä¿¡æ¯ å¯¹Eveçš„Renyiçš„ç†µå½±å“ï¼Œæç¤ºäº†ä¿¡æ¯åè°ƒä¸Žä¿å¯†å¢žå¼ºé—´çš„è”ç³»ã€‚ 2.åœ¨æ— æ¡ä»¶å®‰å…¨å¯†é’¥åå•†ä¸ï¼Œå‡å®šé€šä¿¡åŒæ–¹é€šè¿‡ç›¸äº’ç‹¬ç«‹çš„æ— è®°å¿†äºŒå…ƒå¯¹ç§° ä¿¡é“æ¥æŽ¥æ”¶äºŒå…ƒå¯¹ç§°ä¿¡æºæ‰€ä¼ é€çš„ä¿¡æ¯ä½œä¸ºåˆå§‹ä¿¡æ¯ï¼Œåœ¨è¿™ç§æ¡ä»¶ä¸‹ï¼Œæœ¬ æ–‡æå‡ºäº†ä¸€ç§åˆ©ç”¨ä»–ä»¬ä¹‹é—´çš„åˆå§‹ç›¸å…³ä¿¡æ¯å¯¹å…¬å…±ä¿¡é“ä¸Šçš„æ¶ˆæ¯è¿›è¡Œè®¤è¯ çš„å…·ä½“æ–¹æ¡ˆï¼Œä»Žè€Œä½¿å¾—æ— æ¡ä»¶å®‰å…¨å¯†é’¥åå•†å…·æœ‰æŠ—ä¸»åŠ¨æ”»å‡»çš„èƒ½åŠ›ã€‚ 3.æ ¹æ®ä¸€ç§åŸºäºŽçº é”™ç çš„æ— æ¡ä»¶è®¤è¯ç çš„æž„é€ åŽŸç†ï¼Œæœ‰æ•ˆåœ°è§£å†³äº†é€šä¿¡åŒæ–¹ é—´æœ‰è®¤è¯å¯†é’¥çš„æ¡ä»¶ä¸‹ä¿å¯†å¢žå¼ºä¸é˜²ä¸»åŠ¨æ”»å‡»çš„é—®é¢˜ã€‚ 4.å¯¹S.Wolfåœ¨æ–‡çŒ®[Wol98]ä¸æ‰€æå‡ºçš„å¼ºä¿å¯†å¢žå¼ºåè®®è¿›è¡Œäº†æ”¹è¿›ï¼Œåªè¦æ•Œæ‰‹ æ‰€çŸ¥çš„æœ‰å…³äºŽé€šä¿¡åŒæ–¹çš„å…±äº«ä¸²Sçš„äºŒé˜¶Renyiç†µè¶…è¿‡ä¸²é•¿nçš„ä¸€åŠè€Œä¸ æ˜¯2/3ï¼Œåˆ™å½“nå……åˆ†å¤§æ—¶ï¼Œå°±æœ‰å¯èƒ½åœ¨ä¸å®‰å…¨ä¸”éžè®¤è¯ä¿¡é“ä¸Šå®žçŽ°ä¿å¯†å¢žå¼ºã€‚ 5.æå‡ºäº†ä¸€ç§åœ¨æ²¡æœ‰è®¤è¯å¯†é’¥çš„æƒ…å†µä¸‹åˆ©ç”¨é€šä¿¡åŒæ–¹é—´çš„éƒ¨åˆ†ä¿å¯†çš„å…±äº«ä¿¡ æ¯å¯¹å…¬å…±ä¿¡é“ä¸Šçš„æ¶ˆæ¯è¿›è¡Œè®¤è¯çš„æ–¹æ³•ã€‚è¯¥æ–¹æ³•ä¸‹çš„ä¿å¯†å¢žå¼ºèƒ½ä»¥ä¸€å®šçš„ æ¦‚çŽ‡æŠ—å‡»ä¸»åŠ¨æ”»å‡»ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ Both the symmetric key systems and public key systems currently used are based on the model of computational security. In principle, all of them can be broken by trying the possible keys in sequence. This thesis focuses on information-theoretic security, i.e. unconditional security. In information-theoretic security, we can assume that adversaries have the infinite computing power, and the cryptographic systems based on the model of information-theoretic security will not be broken down even if the adversaries can try all the possible keys in sequence in short time. With the development of science and technology, quantum computers and DNA computers with infinite computing power will be available. Therefore, it is significant for us to focus our attention on the research of information-theoretic security.ShannonæŠ¯ model can be modified to make practical provably secure cryptosystems possible. The first modification is to relax the requirement that perfect security means complete independence between the plaintext and the adversaryæŠ¯ knowledge and to allow an arbitrarily small correlation. The second, crucial modification removes the assumption that the adversary receives exactly the same information as the legitimate users. The most realistic mechanisms proposed so far for limiting the information available to the adversary are quantum channels and noisy channels.Such a scenario can be abstracted from quantum channels and noisy channels: two communicants. Alice and Bob, and an adversary, Eve, receive three variables X, Y, Z which are distributed according to some probability distribution P~. Then Alice and Bob begin secret-key agreement over a public channel. Such a secret key agreement over a public channel usually consists of three phases, advantage distillation, information reconciliation and privacy amplification.The main work in this thesis is as follows:1.Demonstrate the effect of side information introduced by the communication over the public channel on EveæŠ¯ Renyi entropy and show the relationship between information reconciliation and privacy amplification.2.When two communicants and an adversary obtain correlated information through independent binary symmetric channels from a random source, and the adversaryæŠ¯ channel is noisier than those of communicants, an authentication scheme which uses the correlated information between the two communicants is proposed based on the coding theory to make possible information theoretic secret key agreement against active attacks.3With the help of the unconditional secure authentication codes constructed from error-correcting codes, privacy amplification secure against active attacks is possibleif the two communicants share some authentication key.4.An improvement is made to the strong protocol which is proposed by S.WolfJWol98] and implemented with help of interactive authentication. The improved strong protocol makes the privacy amplification by communication over an insecure and non-authentic channel possible for sufficiently large n ,the size of common string S shared by the two parties, when the adversaryæŠ¯ Ré–šyi entropy about S exceeds only n12 rather than 2n13 which is required in [Wo198].5.Another authentication scheme is proposed which uses the common string between the two communicants to authenticate the messages over the public channel. Such an authentication scheme can make privacy amplification secure against active attack with some probability under the condition that the two communicants have no authentication key.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ ä¿¡æ¯ç†è®ºå®‰å…¨ï¼› æ— æ¡ä»¶å®‰å…¨ï¼› å¯†é’¥åå•†ï¼› ä¿å¯†å¢žå¼ºï¼› ä¸»åŠ¨æ”»å‡»ï¼›
ã€Key wordsã€‘ Information-theoretic Security Unconditional securitySecret-key agreement Privacy amplification Active attackï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ è¥¿å®‰ç”µåç§‘æŠ€å¤§å¦

ã€åˆ†ç±»å·ã€‘TN918.1
ã€è¢«å¼•é¢‘æ¬¡ã€‘1
ã€ä¸‹è½½é¢‘æ¬¡ã€‘570
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

å¯†ç å­¦ä¸­ä¿¡æ¯ç†è®ºå®‰å…¨çš„ç ”ç©¶

Research on Information-theoretic Security in Cryptography

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

å¯†ç å¦ä¸ä¿¡æ¯ç†è®ºå®‰å…¨çš„ç ”ç©¶