{"title":"社会主义百万富翁问题的有效解决方案","authors":"Maryam Hezaveh, C. Adams","doi":"10.1109/CCECE.2017.7946602","DOIUrl":null,"url":null,"abstract":"We present a two-round protocol to solve the socialist millionaire problem based on the homomorphic property of the Goldwasser-Micali (GM) cryptosystem. We require the proposed protocol to be secure against active and passive attacks. However, homomorphic encryption schemes are malleable by design [14][1]. To tackle this problem we apply an authenticated encryption scheme, called Encrypt-then-MAC, to our protocol [3]. We analyze the security of the proposed protocol, and we show that an active adversary, who has access to the ciphertext on the communication channel and the decryption oracle, cannot forge another ciphertext which leads him to guess the plaintext (IND-CCA2 security). Moreover, the active adversary cannot modify the ciphertext which leads to a desired modification of the plaintext to affect the outcome of the protocol (NM-CCA2 security). Note that our solution can be applied to other problems which are solvable with an exclusive- or homomorphic property.","PeriodicalId":238720,"journal":{"name":"2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)","volume":"221 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"An efficient solution to the socialist millionaires' problem\",\"authors\":\"Maryam Hezaveh, C. Adams\",\"doi\":\"10.1109/CCECE.2017.7946602\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a two-round protocol to solve the socialist millionaire problem based on the homomorphic property of the Goldwasser-Micali (GM) cryptosystem. We require the proposed protocol to be secure against active and passive attacks. However, homomorphic encryption schemes are malleable by design [14][1]. To tackle this problem we apply an authenticated encryption scheme, called Encrypt-then-MAC, to our protocol [3]. We analyze the security of the proposed protocol, and we show that an active adversary, who has access to the ciphertext on the communication channel and the decryption oracle, cannot forge another ciphertext which leads him to guess the plaintext (IND-CCA2 security). Moreover, the active adversary cannot modify the ciphertext which leads to a desired modification of the plaintext to affect the outcome of the protocol (NM-CCA2 security). Note that our solution can be applied to other problems which are solvable with an exclusive- or homomorphic property.\",\"PeriodicalId\":238720,\"journal\":{\"name\":\"2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)\",\"volume\":\"221 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCECE.2017.7946602\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCECE.2017.7946602","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An efficient solution to the socialist millionaires' problem
We present a two-round protocol to solve the socialist millionaire problem based on the homomorphic property of the Goldwasser-Micali (GM) cryptosystem. We require the proposed protocol to be secure against active and passive attacks. However, homomorphic encryption schemes are malleable by design [14][1]. To tackle this problem we apply an authenticated encryption scheme, called Encrypt-then-MAC, to our protocol [3]. We analyze the security of the proposed protocol, and we show that an active adversary, who has access to the ciphertext on the communication channel and the decryption oracle, cannot forge another ciphertext which leads him to guess the plaintext (IND-CCA2 security). Moreover, the active adversary cannot modify the ciphertext which leads to a desired modification of the plaintext to affect the outcome of the protocol (NM-CCA2 security). Note that our solution can be applied to other problems which are solvable with an exclusive- or homomorphic property.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
