薛 锐,彭长根,田有亮

1.中国科学院 信息工程研究所 信息安全国家重点实验室,北京 100093

2.贵州大学 公共大数据国家重点实验室,贵阳 550025

3.贵州大学 计算机科学与技术学院,贵阳 550025

理性密码协议是密码学与博弈论交叉研究的新兴方向,它扩展了密码协议和博弈理论的研究领域,已成为当前密码领域的研究热点.在基于密码学的安全通信中,无论参与者是诚实的还是恶意的,当他们达到某种通信目的时都将付出一定代价.而往往参与者会从最大化自身利益的角度出发选择自己的行动策略,密码协议的这种理性参与者正好与博弈论中的理性局中人相符.密码协议是使用密码学完成某项特定的任务并满足安全需求的协议,它偏重于协议的设计与实现,注重协议的安全性和效率等方面;博弈理论侧重于博弈策略及规则设计,博弈中的各参与者更关心他们的最终收益问题.因此,理性密码协议从参与者的自利的角度出发,为密码协议的设计提供了新思路,尤其在当前云计算、大数据背景下更是如此.

然而,在密码协议研究方面,传统信息安全中多数都是假设参与者是诚实的或者恶意的,但实际中参与者往往是理性且自私的,在此众多学者主要集中对理性秘密共享、理性安全多方计算、理性交换协议、理性认证协议、理性门限签名和理性委托计算等的研究.在信息安全攻防博弈研究方面,信息安全攻防策略的分析也是博弈论的重要应用,主要也包括对入侵检测系统、信息战、容忍入侵系统等的研究.此外,研究者利用博弈论与密码协议研究区块链中激励层的机制设计问题,以提高区块链的效率和实用性,并利用博弈论的思想,为云计算中的委托方设计了抵抗合谋的智能合约.在博弈论框架下应用效用函数保证外包计算中计算结果的完整性,减少外包计算对计算结果的验证过程,提高外包计算的效率.通过对密码协议中参与者的策略进行分析与设计,构建电路计算概率模型,以保证通信网络的安全.虽然对理性密码协议的研究已取得若干研究成果,但理性密码协议的发展仍然处于起步阶段,存在一些重要问题有待进一步研究.

本次专刊共收集四篇质量较高的论文,反映了我国学者近期对理性密码协议的主要研究方向,希望对国内理性密码协议的研究者有所启示.

第一篇题为《博弈论与密码协议研究进展》,针对博弈论在密码协议研究中的应用进行了阐释,分别介绍了完全信息静态博弈、完全信息动态博弈、不完全信息静态博弈、不完全信息动态博弈、随机博弈、演化博弈在信息安全研究中的应用.对密码协议等信息安全问题中的攻防对抗、防御策略选取、定量安全投资、防御者相互依赖、社会最优达成等问题的博弈论建模方法做了简要介绍,展示了行动次序、不完全信息、系统状态、有限理性等因素在博弈分析中的影响.

第二篇题为《博弈论在区块链中的应用研究》,针对博弈论、安全多方计算和比特币(区块链1.0)三者之间交叉的研究领域进行了分析,其中包括理性安全多方计算,基于比特币的安全多方计算以及基于博弈论的比特币协议.将智能合约(区块链2.0)应用在可验证云计算中,使用博弈论为云计算中的委托人设计智能合约,该智能合约可以有效地防止云服务器合谋.在犯罪智能合约中引入随机参数,构造了Random-PublicLeaks,通过验证智能合约有效性,发现随机性的引入降低了犯罪智能合约的成功概率.

第三篇题为《理性外包计算的博弈论机制》,在博弈论框架下,基于纳什均衡设计外包计算结果完整性策略规则.首先分析了外包计算中用户和服务器的偏好,提出了外包计算扩展式博弈模型,在该模型下定义了一个新的支付矩阵和效用函数.其次,根据博弈论的纳什均衡给出了理性外包计算模型的形式化定义.最后,通过实验仿真分析理性外包计算模型中的线性函数的选取条件,确保参与者达到纳什均衡时用户不要验证外包计算结果,也可以确保服务器诚实计算是它的最优策略.最为重要的是,该模型能最大限度地减少用户的外包支付费用.

第四篇题为《基于电路计算的理性安全多方求和协议》,结合博弈论和密码算法,提出了一种基于电路计算的理性安全多方求和协议.首先对参与者在求和过程中的策略进行了分析和设计,构建了电路计算的概率效用模型.然后利用偏向0的投币协议对计算结果进行了隐藏.最后参与者通过逐步释放的方法揭示最后的结果.所设计的协议可以消除成员合谋的动机,保证了每个成员在标准点对点通信网络下能够公平地获得求和结果.

Rational cryptographic protocol is a new research direction of cryptology and game theory.It expands the research field of cryptographic protocol and game theory,and has become a research hotspot in the field of cryptography.In secure communication based on cryptography,whether the participants are honest or malicious,they will take a cost when they achieve the purpose of communication.The rational participants in cryptographic protocols are just like the rational players in game theory.Cryptographic protocol is a protocol that uses cryptography to accomplish a specific task and satisfies the security requirements.It focuses on the design and implementation of the protocol,security,and efficiency of the protocol.Game theory focuses on game strategy and rules design,and the players in the game are more concerned about their final payoffs.Therefore,rational cryptographic protocols provide a new idea for the design of cryptographic protocols from the perspective of benefits of participants,especially in the context of cloud computing and big data.

In 2006,Anderson and Moore published“The economics of information security”inScience,which discussed the problems of information security from the perspective of economics.In the field of cryptography,many scholars research this issue.Especially since 2010,many important conferences in the field of computer,such as STOC,FOCS,CRYPTO,EUROCRYPT,ASIACRYPT,TCC,etc.,have paid attention to the international research progress of rational cryptographic protocols for many years.Two aspects are focused on mainly.One is the use of cryptographic protocols to solve some problems in game theory,such as the use of secure multi-party computing protocol to achieve the natural personin game theory.The other one is the game mechanism applied to cryptography,such as introducing rational participants into cryptographic protocols,using game equilibrium theory to construct cryptographic protocols satisfying different equilibrium results.There are many game methods that are applied to network attack and defense,security routing protocol,etc.In recent years,researchers in China have also paid greatly attention to this area,including the Chinese Academy of Sciences,the State Key Laboratory of Information Security,Xidian University,Shanghai Jiao Tong University,Shandong University,Beijing Jiaotong University,Central University of Finance and Economics,Beijing University of Technology,Fujian Normal University,Yunnan University,Henan Normal University,Guizhou University,etc.The authors of the above affiliations completed a lot of meaningful work in this respect.

However,in the research of cryptographic protocols,most of the traditional information security assume that the participants are honest or malicious,but in reality the participants are usually rational and selfish.Many scholars focus on the research of rational secret sharing,rational secure multiparty computation,rational exchange protocol,rational authentication protocol,rational threshold signature,rational delegating computation,etc.In the research of information security attack and defense game,the analysis of information security attack and defense strategy is the application of game theory,including intrusion detection system,information warfare,intrusion tolerance system,etc.In addition,the researchers use game theory and cryptographic protocol to study the mechanism design ofincentive layer in block chain,to improve the efficiency and practicability of block chain,and uses the thought of game theory to design smart contracts to resist collusion for the client in cloud computing.Under the frame of game theory,the utility function is applied to ensure the completeness of calculation results in outsourcing calculation,reduce the verification process of outsourcing calculation,and improve the efficiency of outsourcing calculation.Through the analysis and design of participants’strategies in cryptographic protocols,the circuit calculation probability model is constructed to ensure the security of communication networks.Although some research results have been obtained on rational cryptographic protocols,the development of rational cryptographic protocols is still in its infancy,and some important problems need to be further studied.

This special column has collected four high-quality papers,which reflect the main research directions of rational cryptographic protocols recently.Hoping to enlighten the researchers who research rational cryptographic protocols in China.

The first paper is“Progress in Research on Game Theory and Cryptographic Protocols”,which explains the application of game theory in the research of cryptographic protocols,and respectively introduces the application of complete information static game,complete information dynamic game,incomplete information static game,incomplete information dynamic game,random game,and evolutionary game in the research of information security.It briefly introduces the game theory modeling methods of attack and defense confrontation,defensive strategy selection,quantitative security investment,the defensors’mutual dependence,and social optimal achievement in information security issues such as cryptographic protocols,and demonstrates the influences of action order,incomplete information,system state,and bounded rationality on game analysis.

The second paper is“Applications of Game Theory in Blockchain”,which analyzes the crossresearch fields of game theory,secure multi-party computing,and Bitcoin(blockchain 1.0),including rational secure multiparty computing,secure multi-party computing based on Bitcoin and the Bitcoin protocol based on game theory.Applying smart contracts(blockchain 2.0)to verifiable cloud computing,using game theory to design smart contract for client in cloud computing,this smart contract can effectively prevent cloud server from collusion.Random parameters are introduced into in the criminal smart contract and Random-PublicLeaks are constructed.By verifying the validity of the smartcontract,it is found that the introduction of randomness reduces the success probability of criminal smart contracts.

The third paper is“Game-theoretic Mechanism for Rational Outsourcing Computation”.Under the frame of game theory,we design the strategy rule of integrity of outsourcing computing results based on Nash equilibrium.Firstly analyzed is the preference of the users and the servers in outsourcing computing,and an extended game model of outsourcing computing is proposed.Under this model it defines a new payoffmatrix and the utility function.Secondly,according to the Nash equilibrium of game theory,the formal definition of rational outsourcing computing model is given.Finally,the conditions of selecting the linear function in the rational outsourcing computing model are analyzed by experimental simulation to ensure that the users do not verify the outsourcing computing results when the participants reach the Nash equilibrium.It also ensures that the server’s honest calculation is its optimal strategy.Most importantly,this model can minimize the user’s outsourcing fee.

The fourth paper is entitled“Rational Secure Multiparty Sum Protocol Based on Circuit Computing”.Combining game theory and cryptographic algorithm,a rational secure multiparty sum protocol is proposed based on circuit computing.Firstly,the strategies of the participants in the summation process are analyzed and designed,and the probability utility model of circuit calculation is constructed.Then the result is hidden by using the coin-operated protocol which is biased towards 0.Finally,the participants reveal the final result by the method of gradual release.The designed protocol can eliminate the motivation of members’collusion and ensure that each member can obtain the sum result fairly in the standard point-to-point communication network.