Study In Secure Multiparty Computation Protocols And Typical Applications

Secure Multiparty Computation(SMC) refers to the problem where two or more parties want to jointly compute a task based on their private inputs, while no party is willing to disclose his privacy to any other one. Concretely, we assume the inputs are x₁,x₂,…,x_n where x_i is the input of party i, and compute the function (y₁,y₂,…,y_n)=f(x₁,x₂,…,x_n) such that party i is guaranteed to learn y_i but can get nothing more than that. Since the problem of secure two-party computation was firstly introduced by A. C. Yao in 1982, the research of secure multi-party computation has become one of the focuses in the international cryptographic fields. It should be clear that we have a very powerful tool if we can compute any function securely, because virtually all natural protocol problems are, or can be rephrased to be, special cases of the multi-party computation problems.Though the traditional Secure Multiparty Computation protocols mainly focus on how to acquire the general protocols which can calculate arbitrary functions, the applications of SMC in concrete environments have not been deeply researched. Aiming at different types of adversaries and networks, in this paper we will design suitable Secure Multiparty Computation protocols facing concrete applications and security requirements.To sum up, the works and innovations of this thesis could be summarized as follows:1. Proposing a new verifiable multi-secret sharing scheme based on general access structure. The sub-keys can be reused to share the multi-secret in this scheme. By verifying the information published by the dealer as well as the shadows of sub-keys provided by participants, this scheme can prevent both dealer and participant from cheating.2. Since the most of the existing secret sharing schemes are quite inefficient in sharing a large secret, a new secret sharing scheme based on ECC is proposed, in which multiple secrets can be shared in each session and the shadows are equal to each secret in length. The most time-consuming operation is only the Lagrange interpolation computation, which can improve the efficiency of secret sharing and make this scheme a practical and efficient one.3. Most protocols in the current literature for threshold cryptosystems were secure only against static adversary, especially for threshold RSA which is harder to be distributed than discrete logarithm schemes duo to the unknown order of RSA exponents, In this paper, we propose an efficient adaptive secure RSA signature, and the proof of adaptive secure simulation is given. 4. Signcryption is a cryptographic primitive that combines both the functions of digital signature and public key encryption in a logical step, at lower computational costs and communication overheads than the traditional signature-then-encryption approach. However, most studies about threshold signcryption in the current literature do not take into account multi-sender system models and deal with multi-sender threshold signcryption. In this paper, we first present a new identity-based signcryption scheme with public verifiability using the pairings and prove its security in the random oracle model. As compared with the typical signcryption schemes to date, our scheme achieves the higher efficiency. Secondly, combining the original signcryption scheme mentioned above with secure verifiable secret sharing(VSS), a multi-sender identity-based threshold signcryption scheme is presented. Finally, through protocol simulation, the scheme of threshold setting is proved as secure as the original signcryption scheme.5. To present an eclectic method to protect the privacy right of user and the monitor right of government, a new kind of robust key escrow scheme is proposed with a new secret sharing scheme in this paper. The scheme has the following properties: the user's key is generated by himself and KMC(Key Management Center), which can prevent from subliminal channels attack; malice escrow agency fail to obtain the user's secret key, even if the number of malice escrow agency is more than or equal to the value of threshold; every escrow agency can verify correctness of the secret shadow during secret shadow distribution; the monitor agency can exactly decide which escrow agency forges or tampers secret shadow during monitor procedure; our scheme is dynamic and can accept or fire a key agency easily; the problem of "once monitor, monitor forever" is solved effectively and it also against LEAF feedback attack.