CT-ISG: On the Design of Secure Hash Functions and Privacy-Preserving Protocols

CT-ISG：关于安全哈希函数和隐私保护协议的设计

• 批准号: 0716690
• 负责人: Victor Shoup
• 金额: --
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-08-15 至 2011-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716690&HistoricalAwards=false
• 关键词: CT; ISG; Design; Secure; Hash

While the mathematical study of cryptography has yielded a rich theory, and while the use of cryptography has become quite widespread, there is unfortunately still a significant gap between the theory and practice of cryptography. The goal of this research is to try to bridge this gap. The emphasis is on the design and analysis of fundamental cryptographic primitives that are practical yet theoretically sound. This research focuses on two specific areas: the design and use of secure hash functions, and the design of more efficient privacy-preserving protocols. Because of recently discovered weaknesses in industry-standard hash functions, there is renewed interest and urgency to study the basic design principles of hash functions, as well as how such hash functions should be appropriately used in applications. Indeed, although hash functions were originally designed to serve as message digests, which should provide a form of security known as collision resistance, they are actually used in many different types of applications where the security requirements may be somewhat different: sometimes the security requirement of the hash function in a given application may be weaker than, stronger than, or perhaps just incomparable to collision resistance. This project investigates new methodologies for constructing hash functions that satisfy the various security requirements required in applications, as well as how the applications themselves may be adapted so as to minimize the security requirements placed on the hash function. With the widespread use of computers and the Internet in daily transactions, concerns about privacy issues have taken on new urgency. One key aspect of privacy is deniability: if a user runs a protocol, it should not be possible for an eavesdropper, or even another participant in the protocol, to convince a third party that the transaction actually occurred. While there are compelling reasons to focus on this area for its own sake, there are also a number of technical issues that arise that overlap with some of the subproblems associated with hash functions.

虽然密码学的数学研究已经产生了丰富的理论，虽然密码学的使用已经变得相当广泛，但不幸的是，密码学的理论和实践之间仍然有很大的差距。这项研究的目标是试图弥合这一差距。重点是设计和分析基本的密码原语，这些原语既实用又理论上合理。这项研究集中在两个特定的领域：安全哈希函数的设计和使用，以及更有效的隐私保护协议的设计。由于最近发现的行业标准哈希函数的弱点，研究哈希函数的基本设计原则以及如何在应用中适当地使用这种哈希函数重新引起了人们的兴趣和紧迫性。事实上，尽管哈希函数最初被设计为用作消息摘要，这应该提供一种称为抗冲突的安全形式，但它们实际上被用于许多不同类型的应用中，其中安全要求可能有所不同：有时，给定应用中的哈希函数的安全要求可能弱于、强于或仅不能与抗冲突相比拟。本项目研究构建满足应用程序中所需的各种安全要求的散列函数的新方法，以及如何调整应用程序本身以最小化施加在散列函数上的安全要求。随着电脑和互联网在日常交易中的广泛使用，人们对隐私问题的担忧也变得更加紧迫。隐私的一个关键方面是可否认性：如果用户运行协议，窃听者，甚至协议的另一个参与者，应该不可能让第三方相信交易实际上发生了。虽然有令人信服的理由将重点放在这一领域本身，但也出现了一些技术问题，这些问题与与散列函数相关的一些子问题重叠。