Huafei Zhu

Variations of Diffie-Hellman Problem

This paper studies various computational and decisional Diffie-Hellman problems by providing reductions among them in the high granularity setting. We show that all three variations of computational Diffie-Hellman problem: square Diffie-Hellman problem, inverse Diffie-Hellman problem and divisible Diffie-Hellman problem, are equivalent with optimal reduction. Also, we are considering variations of the decisional Diffie-Hellman problem in single sample and polynomial samples settings, and we are able to show that all variations are equivalent except for the argument DDH \(\Leftarrow\) SDDH. We are not able to prove or disprove this statement, thus leave an interesting open problem.

Computing of trust in wireless networks

The concept of small world in the context of wireless networks, first studied by A. Helmy (see IEEE Commun. Lett., vol.7, no.10, 2003), enables a path-finder to find paths from a source node to a designated target node in efficiently wireless networks. Based on this observation, we provide a practical approach to compute trust in wireless networks by viewing an individual mobile device as a node of a delegation graph, G, and mapping a delegation path from the source node, S, to the target node, T, into an edge in the correspondent transitive closure of the graph, G, from which a trust value is computed.

Sequential aggregate signatures for wireless routing protocols

Sequential aggregate signature, first introduced and formalized by A. Lysyanskaya et al. (see EUROCRYPT 2004, p.74-90, 2004), is emerging as a useful tool to ensure routing security and at the same time to improve performance. We propose a new mechanism to construct sequential aggregate signatures based on the cipher block chaining (CBC) mode, which is different from previous known results. We then construct an efficient sequential aggregate signature scheme and show that our construction is provably secure in the random oracle paradigm, assuming that the RSA problem is hard. Finally, we propose an interesting aggregate routing protocol for wireless ad hoc networks as an immediate application of our protocol.

Flexible Verification of MPEG-4 Stream in Peer-to-Peer CDN

The current packet based stream authentication schemes provide effective and efficient authentication over a group of packets transmitted on erasure channels. However, by fixing the packets in transmission, any packet manipulation will cause authentication failure. In p2p content delivery network where a proxy-in-the-middle is able to store, forward, transcode and transform the stream, previous schemes are simply unapplicable. To address the problem, we propose a flexible verification scheme that relies on special stream formats (i.e. Unequal Loss Protection ULP scheme [7]). We apply the so called Unequal Loss Verification ULV scheme into MPEG-4 framework. The encoding, packing, amortizing and verifying methods are elaborated in this paper. Our analysis shows that the scheme is secure and cost effective. The scheme is indeed content aware and ensures the verification rate intuitively reflecting a meaningful stream. Further on, we describe the general method of publishing and retrieving a stream in p2p CDN.

An Efficient Scheme for Encrypted Data Aggregation on Sensor Networks

It is an open problem of how to protect the traffics and at the same time, to support in-network processing in sensor networks. This paper tackles the problem by proposing an efficient model of categorizing encrypted data transmitted on sensor networks. An aggregator, an intermediate sensor node in our setting, is embedded with a set of searching keywords in encrypted format. Upon receiving an encrypted message, it matches the message with the keywords and then processes the message based on certain policies such as forwarding the original message to the next hop, updating it and forwarding or simply dropping it on detecting duplicates. The messages are encrypted before being sent out and decrypted only at their destination. Although the intermediate classifiers can categorize the messages, they learn nothing about the encrypted messages except several encrypted keywords, even the statistic information. The secure and efficient aggregation SEA scheme uses Bloom filter to further reduce transmission cost. The performance analysis shows that the computational cost and communication cost are well balanced

Sequential aggregate signatures working over independent homomorphic trapdoor one-way permutation domains

The contribution of this paper has two folds. In the first fold, we propose a generic construction of sequential aggregate signatures from families of certificated trapdoor one-way permutations. We show that our construction is provably secure in the random oracle model assuming that the underlying homomorphic permutations are trapdoor one-way. Compared to Lysyanskaya et al’s generic construction that is constructed from a trapdoor one-way permutation family working over the same domain [16], our scheme works over independent trapdoor one-way permutation domains. The flexible choice of the underlying permutation domains benefits our scheme to its applications in the real world where individual user may choose its working domain independently. In the second fold, we instantiate our generic construction with RSA so that the RSA moduli in our scheme can be chosen independently by individual user and thus the moduli is not required to be of the same length. Consequently, our proposed instantiation is the first scheme based on the RSA problem that works for any moduli – this is the most significant feature of our scheme different from the best results constructed from the RSA problem (say, Kawauchi et al’s scheme [14], and Lysyanskaya et al’s scheme [16]).

Multi-Source stream authentication framework in case of composite MPEG-4 stream

Multimedia community is moving from monolithic applications to more flexible and scalable integrated solutions. Stream authentication is more complex since a stream may consist of multiple sources and be transcoded by intermediate proxies. In this paper, we propose a multi-source stream authentication (mSSA) framework based on MPEG-4 stream format. We describe the overall authentication architecture and elaborate the encoding, hashing, signing, amortizing and verifying methods used in the basic scheme. Further on, we utilize advanced cryptographic primitives-aggregate signature schemes, to reduce the signatures’ size and improve the performance. We illustrate the scheme and discuss the extensions. Our analysis shows that the scheme is secure and efficient.

Securing return routability protocol against active attack

The paper reveals several subtleties regarding what assumptions are actually necessary for achieving the security properties. We then present a new protocol to guard against redirect attacks by making use of a digital signature scheme and show that the protocol is secure within our model.

Computing of trust in ad-hoc networks

Although, the notion of trust has been considered as a primitive for establishing relationships among nodes in ad-hoc networks, syntax and metrics of trust are not well defined. This paper studies computing of trust in ad-hoc networks and makes the following three contributions. Firstly, the notion of trust is formalized in terms of predict functions and strategy functions. Namely, the notion of trust in this paper is defined as a predict function that can be further evaluated by a strategy function for a pre-described action; Secondly, structures of trust are formalized as a map between a path in the underlying network graph and the corresponding edge of its transitive closure graph; Thirdly, a generic model for computing of trust in the small world is proposed.

Adaptive and composable oblivious transfer protocols (short paper)

An adaptive k-out-of-n oblivious transfer protocol (OT