張玉清，劉 哲，付安民

1.中國科學(xué)院大學(xué)，北京101408

2.之江實(shí)驗(yàn)室，杭州311121

3.南京理工大學(xué)，南京210094

密碼學(xué)是網(wǎng)絡(luò)空間安全的基礎(chǔ)理論，能夠?yàn)楦鞣N信息系統(tǒng)提供數(shù)據(jù)機(jī)密性、數(shù)據(jù)完整性、身份鑒別、不可否認(rèn)性等安全服務(wù).在新環(huán)境下密碼學(xué)的應(yīng)用潛力得到不斷挖掘和釋放，例如不暴露原始數(shù)據(jù)而完成模型訓(xùn)練的聯(lián)邦學(xué)習(xí)技術(shù)、保護(hù)各自數(shù)據(jù)隱私安全并完成計(jì)算的多方計(jì)算技術(shù)、去中心化的分布式記賬的區(qū)塊鏈技術(shù)以及隱私保護(hù)技術(shù)等密碼學(xué)應(yīng)用新技術(shù).然而，在實(shí)際的密碼學(xué)應(yīng)用中卻面臨密鑰泄露、密碼協(xié)議實(shí)現(xiàn)漏洞等諸多安全威脅.這使得新環(huán)境下的密碼應(yīng)用成為學(xué)術(shù)界、標(biāo)準(zhǔn)化組織及各國政府機(jī)構(gòu)高度關(guān)注的重要領(lǐng)域.在國際，標(biāo)準(zhǔn)化組織(ISO)、國際電信聯(lián)盟(ITU)、萬維網(wǎng)聯(lián)盟(W3C)、IEEE 標(biāo)準(zhǔn)委員會(huì)(SASB) 等標(biāo)準(zhǔn)化機(jī)構(gòu)紛紛啟動(dòng)區(qū)塊鏈、聯(lián)邦學(xué)習(xí)等標(biāo)準(zhǔn)制定工作，意圖推廣新環(huán)境下的密碼應(yīng)用.在國內(nèi)，科技企業(yè)積極參與上述國際標(biāo)準(zhǔn)制定工作.相關(guān)職能部門發(fā)布區(qū)塊鏈、隱私保護(hù)等密碼學(xué)新應(yīng)用技術(shù)的國家標(biāo)準(zhǔn)制定工作計(jì)劃，促進(jìn)新環(huán)境下的密碼應(yīng)用發(fā)展.

在這一背景下，為促進(jìn)新環(huán)境下的密碼應(yīng)用研究和探索，《密碼學(xué)報(bào)》組織了“新環(huán)境下的密碼應(yīng)用”專欄，展示了我國學(xué)者在新環(huán)境下，在數(shù)據(jù)隱私保護(hù)、云存儲(chǔ)安全、區(qū)塊鏈安全防護(hù)等方面的部分研究成果.本專欄共收錄8 篇論文，其中包括1 篇綜述，分別簡介如下:

綜述論文《開源密碼軟件供應(yīng)鏈安全綜述》針對(duì)開源密碼軟件供應(yīng)鏈安全問題展開研究，提出以開源軟件供應(yīng)鏈為基礎(chǔ)，密碼軟件供應(yīng)鏈差異為半徑，明確開源密碼軟件供應(yīng)鏈的研究范圍.同時(shí)，以開源密碼軟件供應(yīng)鏈的典型安全事件為切入點(diǎn)，構(gòu)建安全風(fēng)險(xiǎn)模型.并在該模型基礎(chǔ)上，總結(jié)相關(guān)安全防范措施和應(yīng)對(duì)手段，為后續(xù)開展關(guān)于開源密碼軟件供應(yīng)鏈的安全研究奠定基礎(chǔ).

論文《基于內(nèi)積加密的雙向隱私保護(hù)醫(yī)療診斷云服務(wù)方案》，提出了一種的醫(yī)療診斷隱私保護(hù)方案，該方案的設(shè)計(jì)目標(biāo)是保護(hù)數(shù)據(jù)持有者(data owner，DO) 的醫(yī)療數(shù)據(jù)隱私和模型持有者(model owner，MO)的模型信息隱私，并通過部署在云服務(wù)器上的機(jī)器學(xué)習(xí)服務(wù)提供有效的醫(yī)療診斷服務(wù).通信開銷方面該方案無需多輪交互，只需一次計(jì)算即可得到安全計(jì)算的結(jié)果.在未加密的醫(yī)療圖像數(shù)據(jù)集CRC-VAL-HE-7K上訓(xùn)練Efficient Net 模型得到95% 以上準(zhǔn)確率，在加密的醫(yī)療圖像數(shù)據(jù)上得到98% 的準(zhǔn)確率精確診斷結(jié)直腸癌.

論文《抗泄漏CCA 安全的內(nèi)積功能加密》，設(shè)計(jì)了第一個(gè)達(dá)到適應(yīng)性抗泄漏CCA 安全性的基于非對(duì)稱配對(duì)群構(gòu)造的內(nèi)積功能加密方案.在標(biāo)準(zhǔn)模型以及標(biāo)準(zhǔn)的MDDH (matrix decisional Diffie-Hellman)假設(shè)下證明了該方案滿足上述較強(qiáng)的抗泄漏CCA 安全性.

論文《一種基于同態(tài)簽名的可驗(yàn)證聯(lián)邦學(xué)習(xí)方案》，設(shè)計(jì)了一種可驗(yàn)證的聯(lián)邦學(xué)習(xí)方案，該方案基于公開可驗(yàn)證秘密共享設(shè)計(jì)了雙掩碼安全聚合協(xié)議，在保護(hù)用戶模型參數(shù)的同時(shí)還能支持用戶的動(dòng)態(tài)退出和共享驗(yàn)證功能，確保服務(wù)器解密的正確性.實(shí)驗(yàn)結(jié)果證明，在確保全局模型高精度的前提下，該方案實(shí)現(xiàn)更安全的數(shù)據(jù)聚合和高效的聚合結(jié)果驗(yàn)證，適用于移動(dòng)設(shè)備數(shù)量龐大、資源受限的聯(lián)邦學(xué)習(xí)系統(tǒng).

論文《面向天地一體化網(wǎng)絡(luò)的認(rèn)證與密鑰協(xié)商協(xié)議》，針對(duì)現(xiàn)有認(rèn)證與密鑰協(xié)商協(xié)議需要多因子參與認(rèn)證、應(yīng)用范圍片面、計(jì)算與通信開銷大等問題，分析天地一體化網(wǎng)絡(luò)安全需求與性能需求，提出一種面向天地一體化網(wǎng)絡(luò)的認(rèn)證與密鑰協(xié)商協(xié)議.該協(xié)議在安全性上優(yōu)于同類協(xié)議，并且降低了通信與計(jì)算開銷，滿足天地一體化網(wǎng)絡(luò)的輕量級(jí)需求.

論文《一種基于不可區(qū)分混淆的側(cè)信道防護(hù)方案設(shè)計(jì)》，提出了一類基于不可區(qū)分混淆的新型側(cè)信道防護(hù)方案，通過對(duì)一種用于仿射行列式程序的不可區(qū)分混淆方案進(jìn)行改進(jìn)，將不可區(qū)分混淆與側(cè)信道防護(hù)結(jié)合在一起，并將其應(yīng)用于區(qū)塊鏈場(chǎng)景中.與傳統(tǒng)方法相比，減少了隨機(jī)數(shù)的使用，提高效率和穩(wěn)定性.

論文《適用于云存儲(chǔ)的可更新簽密算法》，為解決云存儲(chǔ)的密鑰泄漏問題，實(shí)現(xiàn)保護(hù)的完整性和認(rèn)證性，提出了可更新簽密的概念，基于BLS 短簽名和ElGamal 加密構(gòu)造出一個(gè)雙用戶模型下的密文獨(dú)立的可更新簽密算法，并基于計(jì)算Diffie-Hellman 問題困難假設(shè)和判定Diffie-Hellman 問題困難假設(shè)，證明了該算法具有良好的密文不可區(qū)分性、更新不可鏈接性以及數(shù)據(jù)完整性.

論文《支持多用戶場(chǎng)景的區(qū)塊鏈可搜索加密新方案》，針對(duì)區(qū)塊鏈可搜索加密方案在實(shí)際應(yīng)用受到極大限制以及存在標(biāo)簽被偽造等問題.提出了一個(gè)支持多用戶場(chǎng)景的區(qū)塊鏈可搜索加密新方案.在該方案中，利用同態(tài)異或加密函數(shù)實(shí)現(xiàn)了多用戶的權(quán)限控制管理，從而完成對(duì)多用戶場(chǎng)景的支持，使其更加面向?qū)嶋H應(yīng)用.通過引入對(duì)搜索陷門簽名的方法，保障了搜索陷門的不可偽造性，提高了方案的整體安全性.

希望本專欄能夠引起更多國內(nèi)學(xué)者關(guān)注新環(huán)境下密碼應(yīng)用的交叉研究，并促進(jìn)相關(guān)領(lǐng)域?qū)W者的合作交流.

Cryptography is the fundamental theory of cyberspace security，which can provide security services such as data confidentiality，data integrity，identity identification and non-repudiation for various information systems.The application potential of cryptography has been continuously explored and released in new environments，such as federated learning technology that does not expose the original data to complete the model training，multi-party computing technology that protects the privacy of their own data and complete the calculation，blockchain technology that is decentralized and distributed accounting and privacy protection technology and other new cryptography application technologies.However，in practice，cryptographic applications are faced with many security threats such as key leakage and cryptographic protocol implementation vulnerabilities.This makes the cryptographic application in the new environments become an important field of high concern to academia，standardization organizations and government agencies.Internationally，standardization bodies such as ISO (International Organization for Standardization)，ITU (International Telecommunication Union)，W3C (World Wide Web Consortium)，and SASB (IEEE Standards Committee) have initiated the development of standards such as blockchain and federated learning，intending to promote the application of cryptography in new environments.Domestically，technology enterprises are actively participating in the development of the above international standards.Relevant functional departments have issued work plans for the formulation of national standards for new application technologies of cryptography such as blockchain and privacy protection to promote the development of cryptography applications in new environments.

In this context，in order to promote the research and exploration of cryptography applications in new environments，Journal of Cryptologic Research organized the column“Cryptography Applications in New Environments”，which showed some research results of Chinese scholars in the aspects of data privacy protection，cloud storage security，and blockchain security protection.This column contains a total of 8 papers (including 1 review)，which are introduced as follows:

The review titled “A Survey of Open Source Cryptographic Software Supply Chain Security”focuses on the security issues of open source cryptographic software supply chain.It is proposed that based on open source software supply chain，cryptographic software supply chain difference is the radius，and the research scope of open source cryptographic software supply chain is clarified.At the same time，the typical security events of the open source cryptographic software supply chain are taken as the breakthrough point to construct a security risk model.On the basis of this model，the relevant security precautions and countermeasures are summarized.It lays a foundation for the subsequent researches on the security of open source cryptographic software supply chain.

The paper titled“Bilaterally Privacy-Preserving Medical Diagnosis Scheme with Functional Inner-Product Encryption” proposes a medical diagnosis privacy protection scheme.The design goal of the scheme is to protect the medical data privacy of the data owner (DO) and the model information privacy of the model owner(MO)，and provide effective medical diagnosis services through the machine learning service deployed on the cloud server.In terms of communication overhead，the scheme does not need multiple rounds of interaction，and only needs one computation to obtain the result of secure computation.In terms of accuracy，the efficient net model is trained on the unencrypted medical image dataset CRC-VAL-HE-7K，and the accuracy rate is more than 95%，and the accuracy rate is 98% on the encrypted medical image data to accurately diagnose colorectal cancer.

The paper titled “Leakage-Resilient CCA-Secure Inner-Product Functional Encryption” designs the first adaptively leakage-resilient CCA-secure inner product functional encryption scheme based on asymmetric pairing group construction.Under the standard model and the standard MDDH (matrix decisional Diffie-Hellman) assumption，it is proved that the proposed scheme satisfies the above strong leakage-resilient CCA security.

The paper titled “A Verifiable Federated Learning Scheme Based on Homomorphic Signatures”designs a double-mask secure aggregation protocol based on publicly verifiable secret sharing，which notonly protects the user model parameters，but also supports the dynamic withdrawal of users and the sharing verification function to ensure the correctness of server decryption.Experimental results show that the proposed scheme achieves safer data aggregation and efficient aggregation result verification under the premise of ensuring the high accuracy of the global model，which is suitable for the federated learning system with a large number of mobile devices and limited resources.

The paper titled “Authentication and Key Agreement Protocol for Space-Ground Integrated Network” analyzes the security requirements and performance requirements of the existing authentication and key agreement protocols for space-ground integrated network，and proposes an authentication and key agreement protocol for space-ground integrated network.At the same time，compared with the same type of protocol，the proposed protocol is superior to similar protocols in terms of security，and reduces the communication and computation overhead to meet the lightweight requirements of the space-ground integrated network.

The paper titled “A Design of Side-Channel Countermeasure Based on Indistinguishability Obfuscation” proposes a new type of side-channel protection scheme based on indistinguishable confusion by improving an indistinguishable obfuscation scheme for affine determinant programs and combining indistinguishable obfuscation with side-channel protection，and applies it to blockchain scenarios.Compared with traditional methods，the use of random numbers is reduced and efficiency and stability are improved.

The paper titled “Updatable Signcryption Algorithm for Cloud Storage”，in order to solve the key leakage problem of cloud storage and achieve the integrity and authentication of protection，proposes the concept of updatable signcryption，based on BLS short signature and ElGamal encryption structure，a ciphertext-independent updatable signcryption algorithm under the dual-user model is proposed，and based on the assumption of the CDH problem and the assumption of the DDH problem，it is proved that the algorithm has good ciphertext indistinguishability and Update unlinkability and data integrity.

The paper titled“A New Searchable Encryption Scheme on Blockchain for Multi-User”aims at the problems that the practical application of blockchain searchable encryption scheme is greatly limited and the label is forged.This paper proposes a new blockchain searchable encryption scheme supporting multi-user scenarios.In the scheme，the homomorphic XOR encryption function is used to realize the control and management of multi-user rights，so as to complete the support for multi-user scenarios and make it more practical application oriented.The unforgeability of the search trapdoor is guaranteed by introducing the signature method of the search trapdoor，and the overall security of the scheme is improved.

Hope that this column can attract more domestic scholars to pay attention to the cross research of cryptographic applications in new environments，and promote the cooperation and exchange of scholars in related fields.