Computer Standards & Interfaces最新文献_第5页

Practically secure linear-map vector commitment and its applications 实用安全的线性映射向量承诺及其应用

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-07-09 DOI: 10.1016/j.csi.2024.103885

{"title":"Practically secure linear-map vector commitment and its applications","authors":"","doi":"10.1016/j.csi.2024.103885","DOIUrl":"10.1016/j.csi.2024.103885","url":null,"abstract":"<div><p>The primitive of vector commitment scheme allows a user to commit to an ordered sequence of messages (i.e., a vector) and later open the commitment at any position subset of the vector. The most important and desirable feature of vector commitment schemes is that the size of the opening proof is sublinear in the length of the committed vector. The original vector commitment scheme has now been extended to support several new functionalities like aggregation, updatability and homomorphism, and has applications ranging from verifiable data streaming to stateless cryptocurrency. Among these extensions, the linear-map vector commitment (LVC) scheme enables a user to open a general linear map evaluated on the committed vector, rather than those messages of the committed vector as in the original vector commitment scheme. However, the existing LVC schemes are only proved to be secure under the idealized assumptions, i.e., using the algebraic group model, which might be unpractical in the real world. To this end, we eliminate the use of algebraic group model, and propose a practically secure LVC construction. Our construction achieves practical security by additionally generating degree proofs for polynomials that enable a verifier to check the degree of polynomials publicly. We prove the security of the proposed LVC construction in the standard model under a <span><math><mi>q</mi></math></span>-type complexity assumption over bilinear groups. Moreover, we demonstrate how to use the proposed LVC scheme to construct maintainable vector commitments and verifiable data streaming protocols. The theoretical comparison and experimental results indicate that our proposal provides stronger security guarantee, while being competitive in terms of efficiency.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141623150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Improving efficiency and security of Camenisch–Lysyanskaya signatures for anonymous credential systems 提高匿名凭证系统的卡梅尼施-利辛斯卡亚签名的效率和安全性

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-07-08 DOI: 10.1016/j.csi.2024.103886

{"title":"Improving efficiency and security of Camenisch–Lysyanskaya signatures for anonymous credential systems","authors":"","doi":"10.1016/j.csi.2024.103886","DOIUrl":"10.1016/j.csi.2024.103886","url":null,"abstract":"<div><p>Camenisch–Lysyanskaya signature scheme with randomizability, namely CL signatures, at CRYPTO’04 has been well adopted for many privacy-preserving constructions, especially in the context of anonymous credential systems. Unfortunately, CL signatures suffer from linear size drawbacks. The signature size grows linearly based on the signing messages, which decreases the interest in practice, as each user may have multiple attributes (messages). Its standard EUF-CMA security was first proven under an interactive assumption. While the interactive assumption is not desirable in cryptography, Fuchsbauer et al. revisited its security at CRYPTO’18 by proving the scheme under the discrete logarithm (Dlog) assumption in the algebraic group model (AGM) that idealizes the adversary’s computation to be algebraic, yet the reduction loss is non-tight. In this work, we propose a new variant of CL signatures, namely CL+ signatures, that improves efficiency and security. The proposed CL+ signatures possess randomizability without the linear size drawback, such that signature size is a constant of three group elements. Besides, we prove the security of CL+ signatures can be tightly reduced to the DLog problem in AGM with only a loss factor of 3. Lastly, we show how CL+ signatures can also be instantiated to anonymous credential systems.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000552/pdfft?md5=1c1214ab7bbdb123b5edc48b58eb293e&pid=1-s2.0-S0920548924000552-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141693217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Efficient multi-party PSI and its application in port management 高效的多方 PSI 及其在港口管理中的应用

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-07-06 DOI: 10.1016/j.csi.2024.103884

{"title":"Efficient multi-party PSI and its application in port management","authors":"","doi":"10.1016/j.csi.2024.103884","DOIUrl":"10.1016/j.csi.2024.103884","url":null,"abstract":"<div><p>Private Set Intersection (PSI) technology is a cryptographic tool that allows the parties holding private data to determine the intersection of sets in a joint computation without revealing any additional privacy information. As a critical component of secure multi-party computation, this technology has been widely used in the security domain of artificial intelligence and data mining. With the emergence of the era of multi-source data sharing, protocols for private set intersection computation applicable to multiple participants have also emerged. However, the performance of existing multi-party private set intersection (MPSI) protocols is suboptimal when some participants use devices with limited communication or computational capabilities, such as mobile devices. To overcome the above issues, we design a cloud-aided multi-party private set intersection protocol (Cloud-Aided-MPSI) based on oblivious programmable pseudorandom functions (OPPRF) and oblivious key–value stores (OKVS). Due to the protocol efficiently outsourcing partial computational and communication tasks to cloud servers, our performance has been further enhanced compared to existing work. Through the Cloud-Aided-MPSI protocol, we propose a port scheduling protocol for coordinated management scenarios of ships arriving and departing from ports. The protocol effectively addresses the privacy protection concerns of port management when scheduling the arrival and departure of ships. We analyze the performance of this protocol.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141639251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fast bicriteria streaming algorithms for submodular cover problem under noise models 噪声模型下亚模态覆盖问题的快速双标准流算法

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-29 DOI: 10.1016/j.csi.2024.103883

Bich-Ngan T. Nguyen , Phuong N.H. Pham , Canh V. Pham , Vaclav Snasel

引用次数: 0

Metric cake shop: A serious game for supporting education on ISO/IEC/IEEE 15939:2017 – Systems and software engineering – Measurement process in the context of an undergraduate software engineering course 公制蛋糕店：支持 ISO/IEC/IEEE 15939:2017 - 系统和软件工程 - 本科软件工程课程中的测量过程教育的严肃游戏

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-24 DOI: 10.1016/j.csi.2024.103879

Ivan García , Carla Pacheco , Itahí López , Jose A. Calvo-Manzano , Brenda L. Flores-Rios

{"title":"Metric cake shop: A serious game for supporting education on ISO/IEC/IEEE 15939:2017 – Systems and software engineering – Measurement process in the context of an undergraduate software engineering course","authors":"Ivan García , Carla Pacheco , Itahí López , Jose A. Calvo-Manzano , Brenda L. Flores-Rios","doi":"10.1016/j.csi.2024.103879","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103879","url":null,"abstract":"<div><p>The educational use of serious games has increased in recent years and their pedagogical benefits have been widely documented, especially for teaching specialized knowledge on Software Engineering at undergraduate level. The results achieved by several studies in this area show that it has been possible to increase the student interest and motivation in learning complex topics that tend to be difficult to understand when knowledge is imparted through traditional lectures, as is the case with software process standards. In this regard, the ISO/IEC/IEEE 15939:2017 standard describes a software measurement process, one of the main topics that must be addressed in any curriculum for undergraduate degree programs in Software Engineering. However, despite their relevance in industry, many students are leaving university without basic software measurement skills. With the aim of identifying serious games for teaching the software measurement process at undergraduate level, a Systematic Literature Review was conducted in order to collect, classify and analyze information which enabled the authors of this study to propose a serious game that improves the understanding and education on the ISO/IEC/IEEE 15939:2017 standard. The results from an empirical evaluation involving Computer Science undergraduates provided evidence that positive learning experiences occurred when playing the created serious game.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141483958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Agile governance practices by aligning CMMI V2.0 with portfolio SAFe 5.0 将 CMMI V2.0 与组合 SAFe 5.0 相结合的敏捷管理实践

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-22 DOI: 10.1016/j.csi.2024.103881

Valeria Henriquez , Jose A. Calvo-Manzano , Ana M. Moreno , Tomas San Feliu

引用次数: 0

Leveraging complex event processing for monitoring and automatically detecting anomalies in Ethereum-based blockchain networks 利用复杂事件处理监控和自动检测基于以太坊的区块链网络中的异常情况

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-22 DOI: 10.1016/j.csi.2024.103882

Jesús Rosa-Bilbao , Juan Boubeta-Puig , Jesús Lagares-Galán , Mark Vella

{"title":"Leveraging complex event processing for monitoring and automatically detecting anomalies in Ethereum-based blockchain networks","authors":"Jesús Rosa-Bilbao , Juan Boubeta-Puig , Jesús Lagares-Galán , Mark Vella","doi":"10.1016/j.csi.2024.103882","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103882","url":null,"abstract":"<div><p>Blockchain is a relatively recent technology that provides immutability, traceability and transparency of information, thus building trust in the digital society. Blockchain networks generate a large amount of logs which capture and describe data flowing through the network in the form of transactions, blocks and events. Monitoring these blockchain data from the off-chain world is needed to detect anomalies with the aim of mitigating the risks that may arise as a result of using blockchain technology. However, the real-time monitoring of these logs by off-chain systems has become a challenge from the beginning of 2018 when the blockchain networks reached a high number of daily transactions. In this paper, we propose a portable, maintainable and easily configurable architecture integrating blockchain and complex event processing technologies that allows for both the real-time monitoring of logs generated in Ethereum Virtual Machine (EVM)-compatible blockchain networks and the automatic detection of anomalies in these networks by matching event patterns. This architecture was tested by using vast amounts of blockchain data already publicly registered in Ethereum and Polygon networks. The results demonstrate that the proposed architecture is able to automatically detect anomalies which occur in different blockchain networks, making analytics of blockchain data possible by off-chain systems.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000515/pdfft?md5=894c93d9ed7ae669b6deb8fe4431f790&pid=1-s2.0-S0920548924000515-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141483952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ISH: Isogeny-based Secret Handshakes with friendly communication costs ISH：基于同源性的秘密握手，通信成本友好

IF 4.1 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-17 DOI: 10.1016/j.csi.2024.103880

Chao Chen , Fangguo Zhang , Zhiyuan An , Jing Zhang

{"title":"ISH: Isogeny-based Secret Handshakes with friendly communication costs","authors":"Chao Chen , Fangguo Zhang , Zhiyuan An , Jing Zhang","doi":"10.1016/j.csi.2024.103880","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103880","url":null,"abstract":"<div><p>Secret handshake schemes allow members from the same organization to authenticate each other anonymously. After its proposal, various schemes have been introduced to achieve advanced privacy protection. Regrettably, all the schemes based on number theoretic assumptions are insecure under quantum computers, and the known post-quantum designs are impractical because of the overhead cost (<span><math><mo>></mo></math></span> 10 MB). To fill the gap, we present the first isogeny-based secret handshake scheme (i.e., <span><math><mi>ISH</mi></math></span>) with a friendly communication cost (67 KB). In particular, we apply the CSI-FiSh signature scheme to generate group keys and credentials. For each zero-knowledge transcript in the credential, we generate a signature for handshake via the Fiat–Shamir paradigm, while it fails anonymous authentication. To fix the issue, we modify the Fiat–Shamir-type signature by embedding the CSIDH ephemeral private key into the challenge space. After verifying the modified signatures, two users recover the right ephemeral private key if they are in the same group, then they can negotiate a session key and authenticate each other. Our scheme is proved secure under the Group Action Inverse Problems (GAIP) in the random oracle model, and deniability, as an attractive property, also holds for <span><math><mi>ISH</mi></math></span>, enabling user’s ability to deny their interactions in the finished handshakes. Via choosing appropriate parameters, the communication cost surpasses all the existing post-quantum secret handshakes.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141483959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Pricing4APIs: A rigorous model for RESTful API pricings Pricing4APIs：RESTful API 定价的严格模型

IF 5 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-06-10 DOI: 10.1016/j.csi.2024.103878

Rafael Fresno-Aranda , Pablo Fernandez , Antonio Gamez-Diaz , Amador Duran , Antonio Ruiz-Cortes

{"title":"Pricing4APIs: A rigorous model for RESTful API pricings","authors":"Rafael Fresno-Aranda , Pablo Fernandez , Antonio Gamez-Diaz , Amador Duran , Antonio Ruiz-Cortes","doi":"10.1016/j.csi.2024.103878","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103878","url":null,"abstract":"<div><p>APIs are increasingly becoming new business assets for organizations and consequently, API functionality and its pricing should be precisely defined for customers. Pricing is typically composed by different plans that specify a range of limitations, e.g., a Free plan allows 100 monthly requests while a Gold plan has 10000 requests per month. In this context, the OpenAPI Specification (OAS) has emerged to model the functional part of an API, becoming a de facto industry standard and boosting a rich ecosystem of vendor-neutral tools to assist API providers and consumers. In contrast, there is no proposal for modeling API pricings (i.e., their plans and limitations) and this lack hinders the creation of tools that can leverage this information. To deal with this gap, this paper presents a pricing modeling framework that includes: (a) <em>Pricing4APIs</em> model, a comprehensive and rigorous model of API pricings, along <em>SLA4OAI</em>, a serialization that extends OAS; (b) an operation to validate the description of API pricings, with a toolset (<em>sla4oai-analyzer</em>) that has been developed to automate this operation. Additionally, we analyzed 268 real-world APIs to assess the expressiveness of our proposal and created a representative dataset of 54 pricing models to validate our framework.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141423423","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Testability-driven development: An improvement to the TDD efficiency 可测试性驱动开发：提高 TDD 效率

IF 5 2区计算机科学

Computer Standards & Interfaces Pub Date : 2024-05-29 DOI: 10.1016/j.csi.2024.103877

Saeed Parsa , Morteza Zakeri-Nasrabadi , Burak Turhan

{"title":"Testability-driven development: An improvement to the TDD efficiency","authors":"Saeed Parsa , Morteza Zakeri-Nasrabadi , Burak Turhan","doi":"10.1016/j.csi.2024.103877","DOIUrl":"https://doi.org/10.1016/j.csi.2024.103877","url":null,"abstract":"<div><p>Test-first development (TFD) is a software development approach involving automated tests before writing the actual code. TFD offers many benefits, such as improving code quality, reducing debugging time, and enabling easier refactoring. However, TFD also poses challenges and limitations, requiring more effort and time to write and maintain test cases, especially for large and complex projects. Refactoring for testability is improving the internal structure of source code to make it easier to test. Refactoring for testability can reduce the cost and complexity of software testing and speed up the test-first life cycle. However, measuring testability is a vital step before refactoring for testability, as it provides a baseline for evaluating the current state of the software and identifying the areas that need improvement. This paper proposes a mathematical model for calculating class testability based on test effectiveness and effort and a machine-learning regression model that predicts testability using source code metrics. It also introduces a testability-driven development (TsDD) method that conducts the TFD process toward developing testable code. TsDD focuses on improving testability and reducing testing costs by measuring testability frequently and refactoring to increase testability without running the program. Our testability prediction model has a mean squared error of 0.0311 and an R<sup>2</sup> score of 0.6285. We illustrate the usefulness of TsDD by applying it to 50 Java classes from three open-source projects. TsDD achieves an average of 77.81 % improvement in the testability of these classes. Experts’ manual evaluation confirms the potential of TsDD in accelerating the TDD process.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":5.0,"publicationDate":"2024-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141322444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0