{"title":"双陷阱门哈希函数和多陷阱门哈希函数方案的密码分析","authors":"Xu An Wang, Yunxuan Su, Jindan Zhang","doi":"10.1109/NaNA53684.2021.00055","DOIUrl":null,"url":null,"abstract":"Cloud-based storage systems are the norm in our interconnected society, although there remain a number of research and operational challenges relating to the security of such systems. One ongoing research challenge is the design of efficient and secure query authentication mechanism for cloud-based storage systems, in the sense that data users can verify the authenticity and integrity of the retrieved data from the cloud servers. In 2017, Chandrasekhar and Singhal proposed a query authentication protocol for cloud-based storage systems, designed with efficiency and scalability in mind [IEEE Transactions on Services Computing, 10(4):520-533]. In this comment, we demonstrate that their protocol is not secure as claimed, due to weaknesses in two core building blocks of the protocol, namely: the double-trapdoor variant and the multi-trapdoor variant of the trapdoor hash function. By revealing this weakness, we hope future protocol designers can avoid similar mistake in their work.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cryptanalysis of Double-trapdoor Hash Function and Multi-Trapdoor Hash Function Schemes\",\"authors\":\"Xu An Wang, Yunxuan Su, Jindan Zhang\",\"doi\":\"10.1109/NaNA53684.2021.00055\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud-based storage systems are the norm in our interconnected society, although there remain a number of research and operational challenges relating to the security of such systems. One ongoing research challenge is the design of efficient and secure query authentication mechanism for cloud-based storage systems, in the sense that data users can verify the authenticity and integrity of the retrieved data from the cloud servers. In 2017, Chandrasekhar and Singhal proposed a query authentication protocol for cloud-based storage systems, designed with efficiency and scalability in mind [IEEE Transactions on Services Computing, 10(4):520-533]. In this comment, we demonstrate that their protocol is not secure as claimed, due to weaknesses in two core building blocks of the protocol, namely: the double-trapdoor variant and the multi-trapdoor variant of the trapdoor hash function. By revealing this weakness, we hope future protocol designers can avoid similar mistake in their work.\",\"PeriodicalId\":414672,\"journal\":{\"name\":\"2021 International Conference on Networking and Network Applications (NaNA)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Networking and Network Applications (NaNA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NaNA53684.2021.00055\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
基于云的存储系统是我们这个互联社会的常态,尽管在这类系统的安全性方面仍存在许多研究和操作挑战。一个正在进行的研究挑战是为基于云的存储系统设计高效和安全的查询认证机制,从某种意义上说,数据用户可以验证从云服务器检索数据的真实性和完整性。2017年,Chandrasekhar和Singhal提出了一种基于云存储系统的查询认证协议,该协议考虑了效率和可扩展性[IEEE Transactions on Services Computing, 10(4):520-533]。在这篇评论中,我们证明了他们的协议并不像声称的那样安全,因为协议的两个核心构建块存在弱点,即:双trapdoor变体和trapdoor哈希函数的多trapdoor变体。通过揭示这个弱点,我们希望未来的协议设计者可以在他们的工作中避免类似的错误。
Cryptanalysis of Double-trapdoor Hash Function and Multi-Trapdoor Hash Function Schemes
Cloud-based storage systems are the norm in our interconnected society, although there remain a number of research and operational challenges relating to the security of such systems. One ongoing research challenge is the design of efficient and secure query authentication mechanism for cloud-based storage systems, in the sense that data users can verify the authenticity and integrity of the retrieved data from the cloud servers. In 2017, Chandrasekhar and Singhal proposed a query authentication protocol for cloud-based storage systems, designed with efficiency and scalability in mind [IEEE Transactions on Services Computing, 10(4):520-533]. In this comment, we demonstrate that their protocol is not secure as claimed, due to weaknesses in two core building blocks of the protocol, namely: the double-trapdoor variant and the multi-trapdoor variant of the trapdoor hash function. By revealing this weakness, we hope future protocol designers can avoid similar mistake in their work.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
