(JBE Vol. 20, No. 1, January 2015) (Regular Paper) 20 1, (JBE Vol. 20, No. 1, January 2015) ISSN 228

Similar documents
09권오설_ok.hwp

(JBE Vol. 21, No. 1, January 2016) (Regular Paper) 21 1, (JBE Vol. 21, No. 1, January 2016) ISSN 228

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE. vol. 29, no. 10, Oct ,,. 0.5 %.., cm mm FR4 (ε r =4.4)

08김현휘_ok.hwp

public key private key Encryption Algorithm Decryption Algorithm 1

DBPIA-NURIMEDIA

012임수진

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Feb.; 29(2), IS

[ReadyToCameral]RUF¹öÆÛ(CSTA02-29).hwp

À±½Â¿í Ãâ·Â

°í¼®ÁÖ Ãâ·Â

디지털포렌식학회 논문양식

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Jun.; 27(6),

<30362E20C6EDC1FD2DB0EDBFB5B4EBB4D420BCF6C1A42E687770>

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Dec.; 27(12),

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Nov.; 26(11),

DBPIA-NURIMEDIA

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE. vol. 29, no. 6, Jun Rate). STAP(Space-Time Adaptive Processing)., -

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Mar.; 25(3),

#Ȳ¿ë¼®

Ⅰ. 들어가는 말 2005년 6월에 발생한 인터넷뱅킹 해킹 사건이 2005년 가장 기억에 남는 정보보호 뉴 스로 선정되었다고 한다. 해킹 등으로 인해 개인의 PC가 악의적인 해커에 의해 장악이 된 경우에는 어떤 보안시스템도 제 기능을 다하지 못함에도 불구하고, 해킹 사

인문사회과학기술융합학회

DBPIA-NURIMEDIA

03-ÀÌÁ¦Çö

14.531~539(08-037).fm

DBPIA-NURIMEDIA

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Sep.; 30(9),

Journal of Educational Innovation Research 2017, Vol. 27, No. 4, pp DOI: A Study on the Opti

6.24-9년 6월

(JBE Vol. 20, No. 6, November 2015) (Regular Paper) 20 6, (JBE Vol. 20, No. 6, November 2015) ISSN

example code are examined in this stage The low pressure pressurizer reactor trip module of the Plant Protection System was programmed as subject for

DBPIA-NURIMEDIA

09김정식.PDF

07변성우_ok.hwp

2 : (Jaeyoung Kim et al.: A Statistical Approach for Improving the Embedding Capacity of Block Matching based Image Steganography) (Regular Paper) 22

2 : (JEM) QTBT (Yong-Uk Yoon et al.: A Fast Decision Method of Quadtree plus Binary Tree (QTBT) Depth in JEM) (Special Paper) 22 5, (JBE Vol. 2

(JBE Vol. 21, No. 3, May 2016) HE-AAC v2. DAB+ 120ms..,. DRM+(Digital Radio Mondiale plus) [3] xhe-aac (extended HE-AAC). DRM+ DAB HE-AAC v2 xhe-aac..

<31325FB1E8B0E6BCBA2E687770>

04_이근원_21~27.hwp

DBPIA-NURIMEDIA

???? 1

63-69±è´ë¿µ

본 강의에 들어가기 전

Microsoft PowerPoint - 27.pptx

I

Journal of Educational Innovation Research 2017, Vol. 27, No. 2, pp DOI: : Researc

untitled

20(53?)_???_O2O(Online to Offline)??? ???? ??.hwp

<B8F1C2F72E687770>

공연영상

<35335FBCDBC7D1C1A42DB8E2B8AEBDBAC5CDC0C720C0FCB1E2C0FB20C6AFBCBA20BAD0BCAE2E687770>

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Jul.; 27(7),

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Jun.; 27(6),

DBPIA-NURIMEDIA

02손예진_ok.hwp

Output file

10(3)-09.fm

19_9_767.hwp

Journal of Educational Innovation Research 2018, Vol. 28, No. 1, pp DOI: * A Analysis of

Lumbar spine

<30312DC1A4BAB8C5EBBDC5C7E0C1A4B9D7C1A4C3A52DC1A4BFB5C3B62E687770>

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Mar.; 28(3),

록들 Hl, 53l f크 c>c> 동성정보릉선(주) 빼빼빼빼빼 廳 빼빼 :줬했 :~:::::::::::: 텔레뱅킹 ; 음성 쩔훌F 싼섣섣섣1 온앵서버 홈뱅 킹 PC 모덤 i..",.q));;,"ss-=- PC 뱅킹 폈 도듣] 스크린폰 ; 흠칭 ;될01 -

(JBE Vol. 24, No. 1, January 2019) (Regular Paper) 24 1, (JBE Vol. 24, No. 1, January 2019) ISSN 2287

<353020B9DAC3E1BDC42DC5ACB6F3BFECB5E520C4C4C7BBC6C3BFA1BCADC0C720BAB8BEC820B0EDB7C1BBE7C7D7BFA120B0FCC7D120BFACB1B82E687770>

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Dec.; 26(12),

8-VSB (Vestigial Sideband Modulation)., (Carrier Phase Offset, CPO) (Timing Frequency Offset),. VSB, 8-PAM(pulse amplitude modulation,, ) DC 1.25V, [2

(JBE Vol. 23, No. 6, November 2018) (Special Paper) 23 6, (JBE Vol. 23, No. 6, November 2018) ISSN 2

도비라

Journal of Educational Innovation Research 2018, Vol. 28, No. 4, pp DOI: * A Research Trend

Æ÷Àå½Ã¼³94š

<35BFCFBCBA2E687770>

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Sep.; 26(10),

ÀÌÁÖÈñ.hwp

Journal of Educational Innovation Research 2018, Vol. 28, No. 4, pp DOI: 3 * The Effect of H

00표지

3. 클라우드 컴퓨팅 상호 운용성 기반의 서비스 평가 방법론 개발.hwp

Journal of Educational Innovation Research 2016, Vol. 26, No. 3, pp.1-16 DOI: * A Study on Good School

Analyses the Contents of Points per a Game and the Difference among Weight Categories after the Revision of Greco-Roman Style Wrestling Rules Han-bong

1. KT 올레스퀘어 미디어파사드 콘텐츠 개발.hwp

에너지경제연구 제13권 제1호

03 장태헌.hwp

<372E20B9DAC0B1C8F12DB0E62E687770>

DBPIA-NURIMEDIA


09구자용(489~500)

Journal of Educational Innovation Research 2018, Vol. 28, No. 3, pp DOI: NCS : * A Study on

1 : (Sunmin Lee et al.: Design and Implementation of Indoor Location Recognition System based on Fingerprint and Random Forest)., [1][2]. GPS(Global P

878 Yu Kim, Dongjae Kim 지막 용량수준까지도 멈춤 규칙이 만족되지 않아 시행이 종료되지 않는 경우에는 MTD의 추정이 불가 능하다는 단점이 있다. 최근 이 SM방법의 단점을 보완하기 위해 O Quigley 등 (1990)이 제안한 CRM(Continu

06_±è¼öö_0323

법제코너 저자권의 이해 저작권의 의의 세계 각국은 보호의 정도에는 조금씩 차이가 있으나 일반적으 로 두 가지의 근거로서 저작권을 보호하고 있다. 하나는 저작권 을 창작자 개인의 인격적 경제적 권리로 인정하는 것이고 다른 하나는 지적 창작의 결과를 보호함으로써 사회적 경

Slide 1

THE JOURNAL OF KOREAN INSTITUTE OF ELECTROMAGNETIC ENGINEERING AND SCIENCE Jul.; 27(7),

4-김명선KICS _Modified.hwp

서론 34 2

04김호걸(39~50)ok

DBPIA-NURIMEDIA

09È«¼®¿µ 5~152s

DBPIA-NURIMEDIA

04 최진규.hwp

Transcription:

(JBE Vol. 20, No. 1, January 2015) (Regular Paper) 20 1, 2015 1 (JBE Vol. 20, No. 1, January 2015) http://dx.doi.org/10.5909/jbe.2015.20.1.92 ISSN 2287-9137 (Online) ISSN 1226-7953 (Print) Subset Difference a), a) Broadcast Encryption System Using Secret Sharing and Subset Difference Methods Jae Hwan Lee a) and Jong Hwan Park a). 2001 Naor, Naor, Lotspiech Subset Difference(SD). (secret sharing) SD.,, log,. SD log,. (security loss), SD log. Complete Subtree SD. Abstract Broadcast encryption is a cryptographic primitive that allows a sender to securely broadcast a message to a set of receivers. The most influential broadcast encryption system was proposed in 2001 by Naor, Naor, Lotspiech, based on a pseudo-random generator and the Subset Difference (SD) method. In this paper, we suggest a new broadcast encryption system that is based on secret sharing and SD methods. On an efficiency aspect, our system achieves transmission cost, log storage cost, and computational cost for the number of users and the number of revoked users. Compared to log computational cost in the previous SD method, our system has the advantage that it needs only constant-sized computational cost for decryption, regardless of the number or. On a security aspect, our system can achieve tighter security reduction than the previous SD method and the gap of security loss is about log. Moreover, our result shows that it is possible to give the effect of the SD method while using an information-theoretically secure key distribution technique as in the Complete Subtree method. Keyword : broadcast encryption, subset difference, secret sharing

1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods). [1].,.. TV, pay-per-view TV, DRM(Digital Right Management), (revocation). (collusion attack)..,.. (stateless). a) ICT (Department of Computer Science, College of ICT Convergence, Sangmyung University) Corresponding Author : (Jong Hwan Park) E-mail: jhpark@smu.ac.kr Tel: +82-2-781-7589 ORCID: http://orcid.org/0000-0003-2742-6119. [B0101-14-0059, ]. 2014 () (NRF-2014R1A1A2059802). Manuscript received July 28, 2014 Revised October 16, 2014 Accepted December 1, 2014.,,. trade-off,. [2] [3][4]. 2001 Naor, Naor, Lotspiech [2] SD (Subset Difference). SD. leaf,., SD, log, log. SD (PRG: Pseudorandom generator). PRG SD ( ) [5][6][7]. [7] PRG SD,. (worst case), (average case). (worst case). PRG SD. SD

(JBE Vol. 20, No. 1, January 2015). Shamir -(Secret Sharing). -SS 1 share, 2 share.,.,. share. SD. 1). SS SD ( ), log,. 2),. log PRG, Lagrange.. ( ) 1.7..,,..,.,. [ 1]. 1. Fig. 1. User sets defined in two compared security models 1).1. 2),.

1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods), CCA1 (Chosen-ciphertext and launch-time attack) ( weak CCA1 ).. TV, (= ).. ( n ). leaf.,.,,. SD.. (security loss). Subset Cover,.. log, log 30bits. 128bits, 30bits 158bits.,,. Table 1. (computationally secure) PRG, (information-theoretically secure). security loss. Naor, Naor, Lotspiech [2] CS(Complete Subtree). CS,, log, log,.. CS, SD. 1. Table 1. Comparison between the previous scheme and our new scheme [2] log log CCA1 log weak CCA1 Subset Cover..

(JBE Vol. 20, No. 1, January 2015) traitor tracing [8][9][10]. traitor tracing,, ID., traitor tracing ID. traitor tracing. traitor tracing.. 1.,. 1....,., =. - (setup), (Encryption), (decryption) -. (1) Setup( ):,. (2) Encryption( ):,.. (3) Decryption( ):.,. 2. Subset Cover Subset Cover, disjoint. =. CoverFinding,.,. (),., Subset Cover. (1) (2) subset Subset Cover. 2.1 (Setup)..,

1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods) (PRG: Pseudo-random generator). 2.2 (Encryption) (1). (2),. (3). 2.3 (Decryption),. (1).. (2). (3). (4). 3., (collusion attack).,.,., ( ),.. (CCA1: Chosen ciphertext and launch-time attack) [2]. weak CCA1. weak CCA1 ( ). - Setup. Setup(,n) ( ). - Adversarial Action... (1).. (2),.. (3),.. - Challenge.. bit. b=1 Encrypt(, ). b=0 Encrypt(, ). - Guess.. bit b

(JBE Vol. 20, No. 1, January 2015). ad- vantage Pr. 1. weak CCA1 (negligible), weak CCA1. 4. =( ). CCA1 CCA1. CCA1 ( ). - Setup.. - Adversarial Action.. (1). (2). - Challenge.. bit. b=1. b=0. - Guess.. bit b. advantage Pr. 2. CCA1 (negligible), CCA1. 5.. CCA1 one-time (CAP: chosen-plaintext attack). 3) one- time CPA ( ). - Setup.. - Challenge.. bit. b=1. b=0. - Guess.. bit b. advantage Pr. 3) IV.

1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods) 3. one-time CPA (negligible), one-time CPA. 6. (SS: Secret Sharing) Shamir -SS. (prime), 1.,. share, share 2. Lagrange. 1 share (information-theoretically).,. bit. b=1, b=0.. bit b., Pr.. Pr Pr.. 1. Secret Sharing SD Naor, Naor, Lotspiech [2] leaf, disjoint. CoverFinding.,. root subtree. [2]. Subset Difference, [2] (PRG: Pseudo-random generator). 2. SS SD Fig. 2. Example of key assignment in PRG (SS: Se- cret Sharing) SD. SS Shamir SS 1 -SS. 2

(JBE Vol. 20, No. 1, January 2015). [ 2]., ( ). subtree root depth 1.. leaf ( ). leaf (root )., depth, leaf. root subtree 1,. leaf., [ 2] root subtree. SD... -SS,. -SS. [ 2], SD -SS.,, Lagrange.. log PRG. 2.. 1). 2) =( ). 3) (AES ) 128 (prime). 4). 5) leaf (full binary tree), 4). 1.1 (Setup) 3. leaf u Fig. 3 Key assignment corresponding to the leaf node u 4) log bit 0 1 leaf.

1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods) (1) root subtree depth 1.. (2) (1) root depth log. (3) root leaf.. (4) root. (5) subtree root (4). (6).. 128. log, 0 log log,., log. (). log log log log log log log log, log log log. V. 1.2 (Encryption),. (1). (2). (3) subtree depth,. (4) (3). (5). (6). (7) index.. (8)..,.. 1.3 (Decryption).

(JBE Vol. 20, No. 1, January 2015) (1) index. (2). (3) ( ) Lagrange. 1,. mod (4). (5)., (3). log PRG, modular. (3). 2. Secret Sharing LSD PRG. LSD (SS: Secret Sharing). log layer log ( log ) depth special LSD. -SS., subtree root special level root layer, root special level SS SD subtree root. SS LSD LSD log log. LSD, SS LSD.. Halevy, Shamir [5] LSD(Layered Subset Difference) log log.,, leaf root, disjoint.,. 4. =( ) CCA1, one- time CPA. weak CCA1. weak CCA1, CCA1, one-time CPA

1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods) Subset Cover,. ) weak CCA1. =( ) CCA1 one-time CPA..,.. Pr. weak CCA1.. advantage (negligible). Claim 1. Pr Pr ) weak CCA1. setup.. (.) root subtree leaf. 1), ( ).,. 2), ()., ( )., ( ).,.,

(JBE Vol. 20, No. 1, January 2015). ( ) (statistically identical). 5) (),. weak CCA1.,... 1.,.. advantage 0. (II. 6 ) Claim 2. Pr Pr ) weak CCA1. setup. CCA1. 1), ( ).,.., (abort). 2), (). (), ( ). ( ).,...., 5) (independently).

1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods). (abort), CCA1. abort. Pr Pr. Claim 3. Pr Pr ) Claim 1....,.. one-time CPA Claim 1, Claim 2, Claim 3 Claim 4, Claim 5, Claim 6. Claim 4. Pr Pr (for ) Claim 5. Pr Pr (for ) Claim 6. Pr Pr (for ) Claim 7. Pr Pr ) weak CCA1. setup. one-time CPA. ( ) ().,.,..... Pr Pr Pr Pr Pr Pr Pr Pr, 4. Pr Pr Pr Pr Pr Pr 4 SS LSD. special layer local layer..

(JBE Vol. 20, No. 1, January 2015). SD(LSD) -SS SD, LSD. SS SD, SS LSD. 1. SD(LSD) PRG, -SS. (security loss) SD,. Subset Cover,. SD. log log., SD 25bits. 128bits, SD 128+25= 153bits., SD(LSD) CCA1, ( ) weak CCA1. CCA1, weak CCA1. 2. 1), 2), 3)., ( ). Table 4 CS, PRG SD [2], LSD [5] SS SD, LSD. 2.1. [ ] (header).,. SD (LSD) 4. Table 4. Performance comparison to the previous PRG-based SD and LSD methods CS [2] log log log SD [2] log log log LSD [5] log log log log log log log

1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods), ( ). index SD (LSD). index 1), 2).,., index.. SD(LSD) index. leaf, log bits., index log bits. SD index log bits. ( ). AES 128bits. SD 128bits log bits. 128bits 128bits log bits. LSD CS log Table 4.,. CS 12451840bits, SD 1572672bits, LSD 3145344bits, 2621120bits, 5242240bits. CS, SD (LSD) ( ). 2.2 SD 128bits, 128bits.. LSD log. ( )... setup. root index,. bits,.,. 4... 2.3 SD, LSD

(JBE Vol. 20, No. 1, January 2015) log PRG, Lagrange -SS.. CS. Table 4 CS. SD ( subtree ), ( subtree ). SD ( ).. (PRG) SD, (Secret Sharing) SD., SD. ( ) CS. ( ). SD 1.7. Layered SD.., -ary. (References) [1] A. Fiat and M. Naor, "Broadcast encryption," Proceedings of the CRYPTO'93, volume 773 of LNCS, pp. 480-491, Aug. 1993. [2] D. Naor, M. Naor and J. Lotspiech, "Revocation and tracing schemes for stateless receivers," Proceedings of the CRYPTO 2001, vol. 2139 of LNCS, pp. 41-62, Feb. 2001. [3] Y. Dodis and N. Fazio, "Public key broadcast encryption for stateless receivers," Proceedings of the Digital Rights Management Workshop, vol. 2696 of Lecture Notes in Computer Science, pp. 61-80, 2002. [4] D. Boneh, C. Gentry and B. Waters, "Collusion resistant broadcast encryption with short ciphertexts and private keys," Proceedings of the CRYPTO 2005, vol. 3621 of LNCS, pp. 258-275, Aug.2005. [5] D. Halevy and A. Shamir, "The LSD broadcast encryption scheme," Proceedings of the CRYPTO 2002, vol. 2442 of LNCS, pp. 47-60, Aug. 2002. [6] M.T. Goodrich, J.Z. Sun and R. Tamassia, "Efficient tree-based revocation in groups of low-state devices," Proceedings of the CRYPTO 2004, vol. 3152 of LNCS, pp. 511-527, Aug. 2004. [7] S. Bhattacherjee and P. Sarkar, Tree based symmetric key broadcast encryption, IACR Cryptology eprint Archive, Report 2013/786, 2013. [8] B. Chor, A. Fiat, and M. Naor, "Tracing traitors," Proceedings of the CRYPTO'94, vol. 839 of LNCS, pp. 257-270, Aug. 1994. [9] ChongHee Kim, YongHo Hwang and PilJoong Lee, "An efficient public key trace and revoke scheme secure against adaptive chosen ciphertext attack," Proceedings of the ASIACRYPT 2003, vol. 2894 of LNCS, pp. 359-373, Nov/Dec. 2003. [10] D. Boneh and B. Waters, "A fully collusion resistant broadcast, trace, and revoke system," Proceedings of the ACM CCS 06, pp. 211-220, Oct/Nov. 2006.

이재환 외 인 비밀분산 기법과 기법을 이용한 브로드캐스트 암호시스템 1 : Subset Difference (Jae Hwan Lee et al. : Broadcast Encryption System Using Secret Sharing and Subset Difference Methods) 저자소개 이재환 년 월 현재 상명대학교 컴퓨터과학과 학사과정 주관심분야 브로드캐스트 암호 전자서명 등 - 2009 3 ~ : - ORCID : http://orcid.org/0000-0001-5580-416x :, 박종환 - 년 2월 : 고려대학교 이과대학 수학과 (학사) 년 2월 : 고려대학교 정보보호대학원 정보보호학과 (석사) 년 8월 : 고려대학교 정보경영공학전문대학원 정보보호학과 (박사) 년 6월 ~ 2011년 5월 : 경희대학교(국제) 응용과학대학 학술연구교수 년 6월 ~ 2013년 8월 : 고려대학교 BK21정보보호사업단 연구교수 년 9월 ~ 현재 : 상명대학교 컴퓨터과학과 조교수 : http://orcid.org/0000-0003-2742-6119 주관심분야 : 인증암호, ID-based 암호, 브로드캐스트 암호, 암호프로토콜 등 1999 2004 2008 2009 2011 2013 ORCID 109

2024 © docsplayer.org 개인정보보호 | 약관 | 지원