Publications-Theses
Article View/Open
Publication Export
-
題名 適應於NuCypher之代理門檻廣播重加密機制
Development of Proxy Threshold Broadcast ReEncryption for NuCypher作者 黃仁志
Huang, Ren-Jr貢獻者 左瑞麟
Tso, Ray-lin
黃仁志
Huang, Ren-Jr關鍵詞 NuCypher
祕密分享
公鑰廣播加密
廣播重加密
區塊鏈
NuCypher
Secret Sharing
Broadcast Encrytion
Proxy Broadcast ReEncryption
Blockchain日期 2021 上傳時間 2-Sep-2021 18:18:11 (UTC+8) 摘要 近幾年隨著區塊鏈技術的蓬勃發展,誕生了許多基於區塊鏈及智能合約(Smart Contract) 的新型應用,特別是以去中心化為核心價值的DApps(Decentralized Application) 應用。其中於2020 年正式上線的NuCypher,旨在公鏈(Main Net) 上提供以密碼學基礎工程打造資料隱私保護(privacy preserving) 的服務,主要籍由智能合約的管控及密碼學中的重加密技術,達到在去中心化的環境中,依然能提供安全的資料分享應用。然而,在NuCypher 的機制中,對於資料的授權,只能提供一對一的分享服務,無法在同一時間,允許多位使用者存取同一份加密資料,而需個別設定,欠缺實務上的彈性及效率。所以本研究的重點在於改善其重加密機制以達成一對多分享的效果,使用代理廣播重加密(Proxy Broadcast ReEncryption PBRE) 演算法及祕密分享(Secret Sharing)技術,提出一個新機制來實現此一目標,除了達成原本NuCypher隱私資料分享的特性,也依然保留了適合去中心化架構下的分散式儲存金鑰安全性。
There are a bunch of applications based on Blockchain and Smart Contractlargely grow in recent years, especially, the development of DApps(DecentralizedApplications) based on the decentralized concept. One of many interestingBlockchain applications is NuCypher that focuses on providing securelyprivacypreservingservices. The NuCypher leverages the ReEncryptionmechanismand Smart Contract to build the datasharingsystem where runs underthe decentralized environment.As our observation, unfortunately, the NuCypher can just share the data1on1at the same time, it can not allow the data owner to share 1toN.Inthis case, It needs to set one by one so that it is inefficient and inflexible. So,our research focuses on enhancing the NuCypher cryptographic scheme toachieve 1toNsharing. We make use of the Proxy Broadcast ReEncryption(PBRE) algorithm and Secret Sharing scheme to propose our scheme. It doesnot only preserves the sharing feature as the NuCypher but also suitable fordecentralized environment to keep the distributed secure key management.Keywords: NuCypher, Secret Sharing, Broadcast Encrytion, Proxy BroadcastReEncryption,Blockchain.參考文獻 [1] S. Nakamoto, Bitcoin: A PeertoPeer Electronic Cash System. 2008.[2] J. Benet, IPFScontent addressed, versioned, P2P file system arXiv preprint arXiv:1407.3561, 2014.[3] Ethereum Name Service. https://ens.domains/.[4] V. Buterin, A Nextgeneration Smart Contract and Decentralized Application Platform. July 2016.[5] NuCypher https://www.nucypher.com/.[6] M. Egorov, M. Wilkison, and D. Nuñez, Nucypher kms: Decentralized key management system in Blockchain Protocol Analysis and Security Engineering 2018, Jan 2018.[7] M. Blaze, G. Bleumer, and M. Strauss, Divertible protocols and atomic proxy cryptography in International Conference on the Theory and Applications of Cryptographic Techniques, pp. 127–144, Springer, 1998.[8] A. Shamir, How to share a secret Commun. ACM, vol. 22, p. 612–613, Nov. 1979.[9] D. Boneh, C. Gentry, and B. Waters, Collusion resistant broadcast encryption with short ciphertexts and private keys in Advances in Cryptology – CRYPTO 2005 63(V. Shoup, ed.), (Berlin, Heidelberg), pp. 258–275, Springer Berlin Heidelberg, 2005.[10] M. Sun, C. Ge, L. Fang, and J. Wang, A proxy broadcast reencryption for cloud data sharing Multimedia Tools and Applications, vol. 77, no. 9, pp. 10455–10469, 2018.[11] M. Abe, R. Gennaro, K. Kurosawa, and V. Shoup, TagKEM/DEM: A new framework for hybrid encryption and a new analysis of KurosawaDesmedt KEM in Annual international conference on the theory and applications of cryptographic techniques, pp. 128–146, Springer, 2005.[12] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, Improved proxy reencryption schemes with applications to secure distributed storage ACM Transactions on Information and System Security (TISSEC), vol. 9, no. 1, pp. 1–30, 2006.[13] D. Boneh and M. Franklin, Identitybased encryption from the weil pairing SIAM journal on computing, vol. 32, no. 3, pp. 586–615, 2003.[14] Y. Dodis and A. Yampolskiy, A verifiable random function with short proofs and keys in International Workshop on Public Key Cryptography, pp. 416–431, Springer, 2005.[15] D. Nunez, I. Agudo, and J. Lopez, NTRUReEncrypt: An efficient proxy reencryption scheme based on NTRU in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 179–189, 2015.[16] C.K. Chu, J. Weng, S. S. Chow, J. Zhou, and R. H. Deng, Conditional proxy broadcast reencryption in Australasian conference on information security and privacy, pp. 327–342, Springer, 2009.[17] C. Wang and S. Su, Secret sharing based on bilinear mapping in 2019 International Conference on Computer, Network, Communication and Information Systems (CNCI 2019), pp. 602–607, Atlantis Press, 2019.[18] D. Boneh and M. Franklin, Identitybased encryption from the weil pairing in Advances in Cryptology — CRYPTO 2001 (J. Kilian, ed.), (Berlin, Heidelberg), pp. 213–229, Springer Berlin Heidelberg, 2001.[19] A. Joux, A one round protocol for tripartite diffie–hellman in International algorithmic number theory symposium, pp. 385–393, Springer, 2000.[20] A. Joux and K. Nguyen, Separating decision diffiehellman from diffiehellman in cryptographic groups Manuscript. Available from eprint. iacr. org, 2001.[21] Hardware Security Modules. https://en.wikipedia.org/wiki/Hardware_security_module.[22] HashiCorp Vault. https://www.vaultproject.io/.[23] Amazon CloudHSM. https://aws.amazon.com/cloudhsm/.[24] Google CloudHSM. https://cloud.google.com/security-key-management.[25] Asure Key Vault. https://azure.microsoft.com/services/key-vault/.[26] U. W. Chohan, The decentralized autonomous organization and governance issues Available at SSRN 3082055, 2017.[27] D. Nunez, Umbral: a threshold proxy reencryption scheme NuCypher Inc and NICS Lab, University of Malaga, Spain, 2018.[28] X. ANSI, 63: Public key cryptography for the financial services industry, key agreement and key transport using elliptic curve cryptography American National Standards Institute, 1998.[29] A. Fiat and M. Naor, Broadcast encryption in Annual International Cryptology Conference, pp. 480–491, Springer, 1993.[30] A. De Caro and V. Iovino, jpbc: Java pairing based cryptography in Proceedings of the 16th IEEE Symposium on Computers and Communications, ISCC 2011, pp. 850–855, IEEE, 2011.[31] B. Castle, The bouncy castle crypto apis for java 2010.[32] Cryptographic primitive implementations for secure cloud storage / computing applications https://github.com/liuweiran900217/CloudCrypto 描述 碩士
國立政治大學
資訊科學系碩士在職專班
108971010資料來源 http://thesis.lib.nccu.edu.tw/record/#G0108971010 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Ray-lin en_US dc.contributor.author (Authors) 黃仁志 zh_TW dc.contributor.author (Authors) Huang, Ren-Jr en_US dc.creator (作者) 黃仁志 zh_TW dc.creator (作者) Huang, Ren-Jr en_US dc.date (日期) 2021 en_US dc.date.accessioned 2-Sep-2021 18:18:11 (UTC+8) - dc.date.available 2-Sep-2021 18:18:11 (UTC+8) - dc.date.issued (上傳時間) 2-Sep-2021 18:18:11 (UTC+8) - dc.identifier (Other Identifiers) G0108971010 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/137168 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系碩士在職專班 zh_TW dc.description (描述) 108971010 zh_TW dc.description.abstract (摘要) 近幾年隨著區塊鏈技術的蓬勃發展,誕生了許多基於區塊鏈及智能合約(Smart Contract) 的新型應用,特別是以去中心化為核心價值的DApps(Decentralized Application) 應用。其中於2020 年正式上線的NuCypher,旨在公鏈(Main Net) 上提供以密碼學基礎工程打造資料隱私保護(privacy preserving) 的服務,主要籍由智能合約的管控及密碼學中的重加密技術,達到在去中心化的環境中,依然能提供安全的資料分享應用。然而,在NuCypher 的機制中,對於資料的授權,只能提供一對一的分享服務,無法在同一時間,允許多位使用者存取同一份加密資料,而需個別設定,欠缺實務上的彈性及效率。所以本研究的重點在於改善其重加密機制以達成一對多分享的效果,使用代理廣播重加密(Proxy Broadcast ReEncryption PBRE) 演算法及祕密分享(Secret Sharing)技術,提出一個新機制來實現此一目標,除了達成原本NuCypher隱私資料分享的特性,也依然保留了適合去中心化架構下的分散式儲存金鑰安全性。 zh_TW dc.description.abstract (摘要) There are a bunch of applications based on Blockchain and Smart Contractlargely grow in recent years, especially, the development of DApps(DecentralizedApplications) based on the decentralized concept. One of many interestingBlockchain applications is NuCypher that focuses on providing securelyprivacypreservingservices. The NuCypher leverages the ReEncryptionmechanismand Smart Contract to build the datasharingsystem where runs underthe decentralized environment.As our observation, unfortunately, the NuCypher can just share the data1on1at the same time, it can not allow the data owner to share 1toN.Inthis case, It needs to set one by one so that it is inefficient and inflexible. So,our research focuses on enhancing the NuCypher cryptographic scheme toachieve 1toNsharing. We make use of the Proxy Broadcast ReEncryption(PBRE) algorithm and Secret Sharing scheme to propose our scheme. It doesnot only preserves the sharing feature as the NuCypher but also suitable fordecentralized environment to keep the distributed secure key management.Keywords: NuCypher, Secret Sharing, Broadcast Encrytion, Proxy BroadcastReEncryption,Blockchain. en_US dc.description.tableofcontents 目錄誌謝 i摘要 iiAbstract iii目錄 iv圖目錄 vi表目錄 viii第一章 緒論 11.1 研究動機 11.2 研究方法及目標 31.3 論文架構 4第二章 背景知識 52.1 KEM/DEM 機制 52.2 代理重加密 62.3 祕密分享 92.4 雙線性映射系統及複雜性假設問題 11第三章 相關研究 133.1 NuCypher 133.1.1 NuCypher KMS 143.1.2 Umbral 173.2 公鑰廣播加密 (Public Key Broadcast Encryption) 193.2.1 演算法定義 213.2.2 正確性證明 223.3 代理廣播重加密 (Proxy Broadcast ReEncryption) 233.3.1 代理廣播重加密演算法 243.3.2 加解密一致性及安全模型 25第四章 代理門檻廣播重加密 274.1 設計概要 274.2 方法定義 284.3 演算法定義 32第五章 正確性及安全性分析 395.1 正確性證明 395.1.1 Decrypt1 正確性證明 395.1.2 Decrypt2 正確性證明 395.2 安全性分析 415.2.1 機密性 415.2.2 完整性 415.2.3 INDsSetCCA 安全性證明 41第六章 系統設計及實作 496.1 設計概要 496.2 實作結果 506.3 效能比較 59第七章 結論 62參考文獻 63 zh_TW dc.format.extent 3467371 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0108971010 en_US dc.subject (關鍵詞) NuCypher zh_TW dc.subject (關鍵詞) 祕密分享 zh_TW dc.subject (關鍵詞) 公鑰廣播加密 zh_TW dc.subject (關鍵詞) 廣播重加密 zh_TW dc.subject (關鍵詞) 區塊鏈 zh_TW dc.subject (關鍵詞) NuCypher en_US dc.subject (關鍵詞) Secret Sharing en_US dc.subject (關鍵詞) Broadcast Encrytion en_US dc.subject (關鍵詞) Proxy Broadcast ReEncryption en_US dc.subject (關鍵詞) Blockchain en_US dc.title (題名) 適應於NuCypher之代理門檻廣播重加密機制 zh_TW dc.title (題名) Development of Proxy Threshold Broadcast ReEncryption for NuCypher en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] S. Nakamoto, Bitcoin: A PeertoPeer Electronic Cash System. 2008.[2] J. Benet, IPFScontent addressed, versioned, P2P file system arXiv preprint arXiv:1407.3561, 2014.[3] Ethereum Name Service. https://ens.domains/.[4] V. Buterin, A Nextgeneration Smart Contract and Decentralized Application Platform. July 2016.[5] NuCypher https://www.nucypher.com/.[6] M. Egorov, M. Wilkison, and D. Nuñez, Nucypher kms: Decentralized key management system in Blockchain Protocol Analysis and Security Engineering 2018, Jan 2018.[7] M. Blaze, G. Bleumer, and M. Strauss, Divertible protocols and atomic proxy cryptography in International Conference on the Theory and Applications of Cryptographic Techniques, pp. 127–144, Springer, 1998.[8] A. Shamir, How to share a secret Commun. ACM, vol. 22, p. 612–613, Nov. 1979.[9] D. Boneh, C. Gentry, and B. Waters, Collusion resistant broadcast encryption with short ciphertexts and private keys in Advances in Cryptology – CRYPTO 2005 63(V. Shoup, ed.), (Berlin, Heidelberg), pp. 258–275, Springer Berlin Heidelberg, 2005.[10] M. Sun, C. Ge, L. Fang, and J. Wang, A proxy broadcast reencryption for cloud data sharing Multimedia Tools and Applications, vol. 77, no. 9, pp. 10455–10469, 2018.[11] M. Abe, R. Gennaro, K. Kurosawa, and V. Shoup, TagKEM/DEM: A new framework for hybrid encryption and a new analysis of KurosawaDesmedt KEM in Annual international conference on the theory and applications of cryptographic techniques, pp. 128–146, Springer, 2005.[12] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, Improved proxy reencryption schemes with applications to secure distributed storage ACM Transactions on Information and System Security (TISSEC), vol. 9, no. 1, pp. 1–30, 2006.[13] D. Boneh and M. Franklin, Identitybased encryption from the weil pairing SIAM journal on computing, vol. 32, no. 3, pp. 586–615, 2003.[14] Y. Dodis and A. Yampolskiy, A verifiable random function with short proofs and keys in International Workshop on Public Key Cryptography, pp. 416–431, Springer, 2005.[15] D. Nunez, I. Agudo, and J. Lopez, NTRUReEncrypt: An efficient proxy reencryption scheme based on NTRU in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 179–189, 2015.[16] C.K. Chu, J. Weng, S. S. Chow, J. Zhou, and R. H. Deng, Conditional proxy broadcast reencryption in Australasian conference on information security and privacy, pp. 327–342, Springer, 2009.[17] C. Wang and S. Su, Secret sharing based on bilinear mapping in 2019 International Conference on Computer, Network, Communication and Information Systems (CNCI 2019), pp. 602–607, Atlantis Press, 2019.[18] D. Boneh and M. Franklin, Identitybased encryption from the weil pairing in Advances in Cryptology — CRYPTO 2001 (J. Kilian, ed.), (Berlin, Heidelberg), pp. 213–229, Springer Berlin Heidelberg, 2001.[19] A. Joux, A one round protocol for tripartite diffie–hellman in International algorithmic number theory symposium, pp. 385–393, Springer, 2000.[20] A. Joux and K. Nguyen, Separating decision diffiehellman from diffiehellman in cryptographic groups Manuscript. Available from eprint. iacr. org, 2001.[21] Hardware Security Modules. https://en.wikipedia.org/wiki/Hardware_security_module.[22] HashiCorp Vault. https://www.vaultproject.io/.[23] Amazon CloudHSM. https://aws.amazon.com/cloudhsm/.[24] Google CloudHSM. https://cloud.google.com/security-key-management.[25] Asure Key Vault. https://azure.microsoft.com/services/key-vault/.[26] U. W. Chohan, The decentralized autonomous organization and governance issues Available at SSRN 3082055, 2017.[27] D. Nunez, Umbral: a threshold proxy reencryption scheme NuCypher Inc and NICS Lab, University of Malaga, Spain, 2018.[28] X. ANSI, 63: Public key cryptography for the financial services industry, key agreement and key transport using elliptic curve cryptography American National Standards Institute, 1998.[29] A. Fiat and M. Naor, Broadcast encryption in Annual International Cryptology Conference, pp. 480–491, Springer, 1993.[30] A. De Caro and V. Iovino, jpbc: Java pairing based cryptography in Proceedings of the 16th IEEE Symposium on Computers and Communications, ISCC 2011, pp. 850–855, IEEE, 2011.[31] B. Castle, The bouncy castle crypto apis for java 2010.[32] Cryptographic primitive implementations for secure cloud storage / computing applications https://github.com/liuweiran900217/CloudCrypto zh_TW dc.identifier.doi (DOI) 10.6814/NCCU202101410 en_US
