可验证的模指数与双线性对外包计算方案研究

发布时间：2018-06-10 05:51

本文选题：云计算 + 外包计算　；参考：《湖北工业大学》2017年硕士论文

【摘要】：信息技术的高速发展和数据爆炸性增长,越来越多的互联网用户选择使用云服务,云计算技术的发展也达到了前所未有的新高度。由于资源有限,企业和个人已经无法在本地对数据进行存储和计算,外包云计算技术应运而生。外包计算技术允许用户外包海量数据存储或耗时科学计算任务给存储和计算能力强大的云服务器。但是,外包计算为人们提供方便的同时,也不可避免地带来了一些新的安全挑战和问题。模指数运算以及双线性对运算在密码学中是常见的复杂科学计算,尤其在公钥密码体制中应用比较广泛,通常用来构造安全的密码算法。为了安全考量,在设计密码算法的时候我们常会选用较大的数来进行运算。虽然,模指数和双线性对安全外包计算的研究已经取得了一些成就,但是大多数安全外包方案需要使用两个云服务器来进行操作,并且要求至少有一个云服务器表现是诚实的,这就使得外包方案在实际应用中实现比较困难。本文围绕安全模指数和双线性对外包运算协议展开研究,主要研究内容包括以下三个方面:1.首先,研究国内外现有的安全模指数外包方案,对现有方案的局限性进行总结,以可验证计算为基础提出改进方案。针对单个不可信服务器模型,提出了两种安全高效的模指数外包计算方案:Exp方案和Sexp方案。为保证用户输入输出数据的隐私性,在外包之前对数据进行拆分和盲化处理,服务器不能从中获取任何有关输入输出的信息。随后,对外包方案进行安全性分析与证明,证明方案达到安全高效的目标。2.其次,将可验证模指数外包计算方案进行延展,用于实际的密码构造算法中,提出OS-CSES方案和OS-SSS方案。运用本文所设计Exp方案,将Cramer-Shoup加密方案和Schnorr签名方案进行安全外包,通过理论证明和分析,证明这两种方案不仅保证了外包用户的数据安全,同时降低了计算开销。3.最后,本文提出了可验证的双线性对外包计算方案,方案基于单个不可信服务器。对于双线性对这种复杂的科学运算,普通用户在本地完成需要花费较大代价,采取外包方法可以有效完成计算。现有的方案大多基于两个云服务器这在现实生活中难实现。为解决这个问题,基于单个不可信云服务器,我们设计了一种可验证的双线性对外包计算方案NBP,该方案首先调用Rand子程序提高计算效率,生成随机盲化元组,并运用逻辑拆分技术对双线性对进行拆分,保证了外包数据的隐私性。通过证明与分析对比,证明本方案安全高效,具有较高的可行性。我们将NBP方案应用于密码学领域,设计BLS和BB04签名的安全外包方案,外包方案可以大大提高计算效率,同时可以保证数据安全。
[Abstract]:With the rapid development of information technology and the explosive growth of data, more and more Internet users choose to use cloud services, and the development of cloud computing technology has reached an unprecedented new height. Because of the limited resources, enterprises and individuals can no longer store and compute the data locally, so outsourcing cloud computing technology emerges as the times require. Outsourcing computing technology allows users to outsource massive data storage or time-consuming scientific computing tasks to cloud servers with powerful storage and computing capabilities. However, outsourcing computing not only provides convenience for people, but also inevitably brings some new security challenges and problems. Modular exponent operations and bilinear pair operations are common complex scientific computations in cryptography, especially in public key cryptosystems, which are commonly used to construct secure cryptographic algorithms. For security reasons, we often use large numbers to calculate when we design cryptographic algorithms. Although some achievements have been made in the research of modular exponent and bilinear security outsourcing computing, most security outsourcing schemes require two cloud servers to operate and require at least one cloud server to perform honestly. This makes it more difficult to implement the outsourcing scheme in practical applications. This paper focuses on the research of security module exponent and bilinear outsourcing protocol. The main research contents include the following three aspects: 1. First of all, we study the existing security module index outsourcing scheme at home and abroad, summarize the limitations of the existing scheme, and propose an improved scheme based on verifiable calculation. For a single untrusted server model, two secure and efficient modular exponential outsourcing schemes: Exp and Sexp are proposed. In order to ensure the privacy of the user's input and output data, the data is split and blinded before outsourcing, from which the server can not obtain any information about the input and output. Then, the security of outsourcing scheme is analyzed and proved, which proves that the scheme achieves the goal of security and efficiency. 2. Secondly, the verifiable modular exponentially outsourced computing scheme is extended and used in the actual cryptographic construction algorithm. The OS-CSES scheme and OS-SSS scheme are proposed. The Cramer-Shoup encryption scheme and the Schnorr signature scheme are outsourced using the Exp scheme designed in this paper. Through theoretical proof and analysis, it is proved that these two schemes not only guarantee the data security of the outsourced users, but also reduce the computational overhead of .3. Finally, a verifiable bilinear pairwise outsourced computing scheme is proposed, which is based on a single untrusted server. For the bilinear pair of complex scientific operations, ordinary users need to complete the local cost, and outsourcing method can be used to complete the calculation effectively. Most of the existing schemes are based on two cloud servers which are difficult to implement in real life. To solve this problem, based on a single untrusted cloud server, we design a verifiable bilinear pairwise outsourced computing scheme NBP.The scheme first calls Rand subroutine to improve computing efficiency and generate random blind tuples. The bilinear pair is split by logical splitting technology, which ensures the privacy of outsourced data. It is proved that this scheme is safe and efficient and has high feasibility by comparing with the analysis. We apply the NBP scheme to cryptography and design a security outsourcing scheme for BLS and BB04 signatures. The outsourcing scheme can greatly improve the computing efficiency and ensure the data security at the same time.
【学位授予单位】：湖北工业大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309

【参考文献】