新环境下的密码应用专栏序言(中英文)

张玉清，刘 哲，付安民

1.中国科学院大学，北京101408

2.之江实验室，杭州311121

3.南京理工大学，南京210094

密码学是网络空间安全的基础理论，能够为各种信息系统提供数据机密性、数据完整性、身份鉴别、不可否认性等安全服务.在新环境下密码学的应用潜力得到不断挖掘和释放，例如不暴露原始数据而完成模型训练的联邦学习技术、保护各自数据隐私安全并完成计算的多方计算技术、去中心化的分布式记账的区块链技术以及隐私保护技术等密码学应用新技术.然而，在实际的密码学应用中却面临密钥泄露、密码协议实现漏洞等诸多安全威胁.这使得新环境下的密码应用成为学术界、标准化组织及各国政府机构高度关注的重要领域.在国际，标准化组织(ISO)、国际电信联盟(ITU)、万维网联盟(W3C)、IEEE 标准委员会(SASB) 等标准化机构纷纷启动区块链、联邦学习等标准制定工作，意图推广新环境下的密码应用.在国内，科技企业积极参与上述国际标准制定工作.相关职能部门发布区块链、隐私保护等密码学新应用技术的国家标准制定工作计划，促进新环境下的密码应用发展.

在这一背景下，为促进新环境下的密码应用研究和探索，《密码学报》组织了“新环境下的密码应用”专栏，展示了我国学者在新环境下，在数据隐私保护、云存储安全、区块链安全防护等方面的部分研究成果.本专栏共收录8 篇论文，其中包括1 篇综述，分别简介如下:

综述论文《开源密码软件供应链安全综述》针对开源密码软件供应链安全问题展开研究，提出以开源软件供应链为基础，密码软件供应链差异为半径，明确开源密码软件供应链的研究范围.同时，以开源密码软件供应链的典型安全事件为切入点，构建安全风险模型.并在该模型基础上，总结相关安全防范措施和应对手段，为后续开展关于开源密码软件供应链的安全研究奠定基础.

论文《基于内积加密的双向隐私保护医疗诊断云服务方案》，提出了一种的医疗诊断隐私保护方案，该方案的设计目标是保护数据持有者(data owner，DO) 的医疗数据隐私和模型持有者(model owner，MO)的模型信息隐私，并通过部署在云服务器上的机器学习服务提供有效的医疗诊断服务.通信开销方面该方案无需多轮交互，只需一次计算即可得到安全计算的结果.在未加密的医疗图像数据集CRC-VAL-HE-7K上训练Efficient Net 模型得到95% 以上准确率，在加密的医疗图像数据上得到98% 的准确率精确诊断结直肠癌.

论文《抗泄漏CCA 安全的内积功能加密》，设计了第一个达到适应性抗泄漏CCA 安全性的基于非对称配对群构造的内积功能加密方案.在标准模型以及标准的MDDH (matrix decisional Diffie-Hellman)假设下证明了该方案满足上述较强的抗泄漏CCA 安全性.

论文《一种基于同态签名的可验证联邦学习方案》，设计了一种可验证的联邦学习方案，该方案基于公开可验证秘密共享设计了双掩码安全聚合协议，在保护用户模型参数的同时还能支持用户的动态退出和共享验证功能，确保服务器解密的正确性.实验结果证明，在确保全局模型高精度的前提下，该方案实现更安全的数据聚合和高效的聚合结果验证，适用于移动设备数量庞大、资源受限的联邦学习系统.

论文《面向天地一体化网络的认证与密钥协商协议》，针对现有认证与密钥协商协议需要多因子参与认证、应用范围片面、计算与通信开销大等问题，分析天地一体化网络安全需求与性能需求，提出一种面向天地一体化网络的认证与密钥协商协议.该协议在安全性上优于同类协议，并且降低了通信与计算开销，满足天地一体化网络的轻量级需求.

论文《一种基于不可区分混淆的侧信道防护方案设计》，提出了一类基于不可区分混淆的新型侧信道防护方案，通过对一种用于仿射行列式程序的不可区分混淆方案进行改进，将不可区分混淆与侧信道防护结合在一起，并将其应用于区块链场景中.与传统方法相比，减少了随机数的使用，提高效率和稳定性.

论文《适用于云存储的可更新签密算法》，为解决云存储的密钥泄漏问题，实现保护的完整性和认证性，提出了可更新签密的概念，基于BLS 短签名和ElGamal 加密构造出一个双用户模型下的密文独立的可更新签密算法，并基于计算Diffie-Hellman 问题困难假设和判定Diffie-Hellman 问题困难假设，证明了该算法具有良好的密文不可区分性、更新不可链接性以及数据完整性.

论文《支持多用户场景的区块链可搜索加密新方案》，针对区块链可搜索加密方案在实际应用受到极大限制以及存在标签被伪造等问题.提出了一个支持多用户场景的区块链可搜索加密新方案.在该方案中，利用同态异或加密函数实现了多用户的权限控制管理，从而完成对多用户场景的支持，使其更加面向实际应用.通过引入对搜索陷门签名的方法，保障了搜索陷门的不可伪造性，提高了方案的整体安全性.

希望本专栏能够引起更多国内学者关注新环境下密码应用的交叉研究，并促进相关领域学者的合作交流.

Cryptography is the fundamental theory of cyberspace security，which can provide security services such as data confidentiality，data integrity，identity identification and non-repudiation for various information systems.The application potential of cryptography has been continuously explored and released in new environments，such as federated learning technology that does not expose the original data to complete the model training，multi-party computing technology that protects the privacy of their own data and complete the calculation，blockchain technology that is decentralized and distributed accounting and privacy protection technology and other new cryptography application technologies.However，in practice，cryptographic applications are faced with many security threats such as key leakage and cryptographic protocol implementation vulnerabilities.This makes the cryptographic application in the new environments become an important field of high concern to academia，standardization organizations and government agencies.Internationally，standardization bodies such as ISO (International Organization for Standardization)，ITU (International Telecommunication Union)，W3C (World Wide Web Consortium)，and SASB (IEEE Standards Committee) have initiated the development of standards such as blockchain and federated learning，intending to promote the application of cryptography in new environments.Domestically，technology enterprises are actively participating in the development of the above international standards.Relevant functional departments have issued work plans for the formulation of national standards for new application technologies of cryptography such as blockchain and privacy protection to promote the development of cryptography applications in new environments.

In this context，in order to promote the research and exploration of cryptography applications in new environments，Journal of Cryptologic Research organized the column“Cryptography Applications in New Environments”，which showed some research results of Chinese scholars in the aspects of data privacy protection，cloud storage security，and blockchain security protection.This column contains a total of 8 papers (including 1 review)，which are introduced as follows:

The review titled “A Survey of Open Source Cryptographic Software Supply Chain Security”focuses on the security issues of open source cryptographic software supply chain.It is proposed that based on open source software supply chain，cryptographic software supply chain difference is the radius，and the research scope of open source cryptographic software supply chain is clarified.At the same time，the typical security events of the open source cryptographic software supply chain are taken as the breakthrough point to construct a security risk model.On the basis of this model，the relevant security precautions and countermeasures are summarized.It lays a foundation for the subsequent researches on the security of open source cryptographic software supply chain.

The paper titled“Bilaterally Privacy-Preserving Medical Diagnosis Scheme with Functional Inner-Product Encryption” proposes a medical diagnosis privacy protection scheme.The design goal of the scheme is to protect the medical data privacy of the data owner (DO) and the model information privacy of the model owner(MO)，and provide effective medical diagnosis services through the machine learning service deployed on the cloud server.In terms of communication overhead，the scheme does not need multiple rounds of interaction，and only needs one computation to obtain the result of secure computation.In terms of accuracy，the efficient net model is trained on the unencrypted medical image dataset CRC-VAL-HE-7K，and the accuracy rate is more than 95%，and the accuracy rate is 98% on the encrypted medical image data to accurately diagnose colorectal cancer.

The paper titled “Leakage-Resilient CCA-Secure Inner-Product Functional Encryption” designs the first adaptively leakage-resilient CCA-secure inner product functional encryption scheme based on asymmetric pairing group construction.Under the standard model and the standard MDDH (matrix decisional Diffie-Hellman) assumption，it is proved that the proposed scheme satisfies the above strong leakage-resilient CCA security.

The paper titled “A Verifiable Federated Learning Scheme Based on Homomorphic Signatures”designs a double-mask secure aggregation protocol based on publicly verifiable secret sharing，which notonly protects the user model parameters，but also supports the dynamic withdrawal of users and the sharing verification function to ensure the correctness of server decryption.Experimental results show that the proposed scheme achieves safer data aggregation and efficient aggregation result verification under the premise of ensuring the high accuracy of the global model，which is suitable for the federated learning system with a large number of mobile devices and limited resources.

The paper titled “Authentication and Key Agreement Protocol for Space-Ground Integrated Network” analyzes the security requirements and performance requirements of the existing authentication and key agreement protocols for space-ground integrated network，and proposes an authentication and key agreement protocol for space-ground integrated network.At the same time，compared with the same type of protocol，the proposed protocol is superior to similar protocols in terms of security，and reduces the communication and computation overhead to meet the lightweight requirements of the space-ground integrated network.

The paper titled “A Design of Side-Channel Countermeasure Based on Indistinguishability Obfuscation” proposes a new type of side-channel protection scheme based on indistinguishable confusion by improving an indistinguishable obfuscation scheme for affine determinant programs and combining indistinguishable obfuscation with side-channel protection，and applies it to blockchain scenarios.Compared with traditional methods，the use of random numbers is reduced and efficiency and stability are improved.

The paper titled “Updatable Signcryption Algorithm for Cloud Storage”，in order to solve the key leakage problem of cloud storage and achieve the integrity and authentication of protection，proposes the concept of updatable signcryption，based on BLS short signature and ElGamal encryption structure，a ciphertext-independent updatable signcryption algorithm under the dual-user model is proposed，and based on the assumption of the CDH problem and the assumption of the DDH problem，it is proved that the algorithm has good ciphertext indistinguishability and Update unlinkability and data integrity.

The paper titled“A New Searchable Encryption Scheme on Blockchain for Multi-User”aims at the problems that the practical application of blockchain searchable encryption scheme is greatly limited and the label is forged.This paper proposes a new blockchain searchable encryption scheme supporting multi-user scenarios.In the scheme，the homomorphic XOR encryption function is used to realize the control and management of multi-user rights，so as to complete the support for multi-user scenarios and make it more practical application oriented.The unforgeability of the search trapdoor is guaranteed by introducing the signature method of the search trapdoor，and the overall security of the scheme is improved.

Hope that this column can attract more domestic scholars to pay attention to the cross research of cryptographic applications in new environments，and promote the cooperation and exchange of scholars in related fields.