Initialization Phase. The (SA) generates a master secret key kHN and stores it in HN .
Initialization Phase. Same as [7].
Initialization Phase. (1) Xxxxxxx and Xxxxx share their keys through QKD, k A = {k A1 , k A2 ,..., k Ai ,..., k A2n } , k Ai = {00,01,10,11} and Xxxxxxx and Bob share their keys through QKD, k B = {k B1 , k B2 ,..., k Bi ,..., k B2n } , k Bi = {00,01,10,11} .
(2) Xxxxxxx prepares quantum sequences randomly as SA = {A1 , A 2 ,..., Ai ,..., A n } and SB = {B1 , B2 ,..., Bi ,..., Bn } , A i , Bi ∈ { 0 , 1 , + , - } .
(3) Xxxxxxx performs corresponding unitary operations on S A according to k A (Tab. 1 for specific operation rules). The four unitary operations are expressed as Eqs. (1)-(4): U00 = Ι = 0 0 + 1 1 (1) U01 = Ζ = 0 0 − 1 1 (2) U10 = Χ = 1 0 + 0 1 (3) U11 = Υ = 1 0 − 0 1 (4) A The sequence after the pass-through operation is recorded as S' . In order to detect the S S A A eavesdropping, Xxxxxxx inserts a decoy photon sequence into the sequence ' and declines the state of particles in a photon sequence randomly from { 0 , 1 , + , - } , sending ' A to Xxxxx. When Xxxxx receives the sequence S' , she informs Xxxxxxx that she has received the
Initialization Phase. Assume the group G has n real group members M1, M2,... , Mn initially. We describe how to distribute the function of the trusted authority to appropriate subgroups (trust set ) so that any k member nodes in an appropriate subgroup can offer the corresponding valid certificate. Here “valid” means the certificate has been signed with the system secret key SK. Distributing the system secret key shares SKi. Our design uses Shamir’s (k, n)-threshold scheme [16]. First, the TA randomly selects a (k − 1)- degree polynomial f (x) = SK + a1 x + + ak−1 xk−1, such that the shared secret is f (0) = SK. Each group member obtains a secret share SSMi = (f (Mi) mod m). For any k group members {M1, M2,... , Mk}, La- where
i=1 grange interpolation yields SK ≡ Σk (SSM · lM (0)) ≡ Σk SKi (mod m), lMi (0) are the Lagrange coefficients . Obtaining valid certificates: The certificate X for any node is served by the node’s trust set, with each member in that trust set providing a partial certificate XSKi . With any k partial certificates, the requesting member can compute the valid certificate as XSK1 · XSK2 ··· XSKk = X(Σk SKi) = XSK [11]. Thus, these k members can work like a trusted authority, and jointly offer the certificate. (We use the t-bounded coalition offsetting algorithm proposed in [11] to ensure that the above equation is valid.) This approach has the nice feature that the system secret key SK is never revealed to any member node nor to any subset of member nodes. They can jointly reconstruct XSK, but never SK itself. While this method can be unsafe if group members can be compromised [13], this difficulty does not arise in our case, as explained in Section 3. Further, AFTD improves fault-tolerance, since Shamir’s threshold scheme ensures that any set of k 1 or less secret shares cannot jointly obtain SK. Thus if any set of k 1 or less secret shares have been discovered, the system secret key SK is still safe from adversaries. Defining Trust Sets. At the beginning, each group member is assigned a unique member ID and associated with a leaf node of the key tree in ascending order. To define trust sets, the group is first split into k-member clusters. The members in the last cluster may have more than k group members when n is not a multiple of k. The upper part of Figure 3 shows a 7-member group. When k = 2, the group is divided into 3 clusters, and the last one has three members.
Initialization Phase. First, the SA picks {G1, G2, Q, e, p}, where G1 is a cyclic additive group of order p, G2 is a cyclic multiplicative group of order p, Q is a generator of G1, and e : G1 × G1 → G2 is a bilinear map. Second, the SA generates a random private key s and computes the corresponding public key Ppub = sQ. Finally, the SA publishes parameters {p, G1, G2, Q, e, Ppub, h(.), Ek, Dk} and stores s in the memory of each KDC in a secure environment, where h(.) is the hash function used by this protocol, Ek is the symmetric encryption algorithm, and Dk is the symmetric decryption algorithm.
Initialization Phase. In the initialization phase, the system parameters (algorithm suite, security parameters, etc.) are shared with the device of the user and the IoT device. In addition, both also request a private-public key pair and corresponding certificate with the aid of a trusted certificate authority (CA). Typically, for constrained devices, implicit certificates like the Elliptic Curve Qu Xxxxxxxx (ECQV) certificates [39] are used. The advantage of ECQV is that the CA is not able to construct the private key itself. We denote the pairs by (du, Qu = duG), (dd, Qd = ddG) for the device of the user and the IoT device respectively, with G the generator of the defined elliptic curve.
Initialization Phase. In this phase CS defines the following required system parameters that are necessary for the execution of M2MAKA-FS as follows:
Step 1 : First, a group Zp is selected and a code set C ∈ {0, 1}n.
Step 2 : CS picks a long term private key KCS ∈ Zp and keeps it secret.
Step 3 : CS selects a collision-resistant one-way cryptographic hash function ℎ(. ). Step 4 : CS defines two fuzzy commitment functions f(.) and F(.).
Initialization Phase. In this phase, the server S chooses (x, Tk(x)), k as its pub- lic key and secret key, and chooses a secure one-way hash function h(·); the ith user Ui chooses his/her identity IDi, password PWi and biometrics image sample Bi, respec- tively. Additionally, Ui and S choose a symmetric parametric function d( ) and a predetermined threshold τ for biomet- rics certification. In each feature extraction, each different azimuth or origin of force will make the new extracted bio- metrics and the stored biometrics to have different degree of difference. d( ) is used to compute deviation degree between the results of feature extraction and the stored samples. The meaning of τ is the biggest deviation degree can be accepted.
Initialization Phase. Initially, the manager of storage server should select three proper parameters, namely g , p and h(⋅) , to ensure the DLP secure enough. This could be done by executing the “dhparam” command provided by openssl. Then, a long secret key should be selected and kept secretly for the storage server. Once all the parameters are selected, they are fixed and couldn’t be changed any more. And for safety reasons, it is recommended to split the secret key to multi-parts that are kept by different individuals respectively. When all the parameters are ready, the server manager starts the storage server to provide service for the end users.
Initialization Phase. R S S R In this phase, and agree on the exchange conditions and generate the description descx. First, parties agree on the payment price of P, sample amount s, timelock condition Tlock and objection time Tobj. Xxxxx and Tobj, as explained later, are crucial for the timeliness property of the protocol. Second, shares the encryption of goods y with . Finally, parties jointly generate the description descx using the encryption keys. | | | |
