BZPEERReading, trust and collaboration for researchDiscover
Workspaces
Network
Opportunities
Account
Researcher profile
Yongge Wang contributes to research discovery and scholarly infrastructure.
Trust snapshot
Actions
Identity and collaboration
Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.
Log in to claimDirect collaboration
Claim this author entity first to unlock direct invitations.
Research graph
Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.
BZPEER is loading the nearby papers, people, topics and institutions for this page.
Published work
This paper describe the implementation details of constant ellipse based automated market makers (CoinSwap). A CoinSwap prototype has been implemented at http://coinswapapp.io/ and the source codes are available at https://github.com/coinswapapp/
ALGORAND is a celebrated public ledger technology. In this paper, we identify several design flaws of the ALGORAND protocol. In particular, we show that the claimed (proved) fork-free property is not true and several assumptions in ALGORAND are not realistic in practice. The ALGORAND wiki page https://golden.com/wiki/Algorand claims that "the probability of a fork in the protocol is estimated at 1/1,000,000,000 and therefore blocks can be considered final upon validation". However, our first attack in this paper shows that a malicious adversary who controls less than 1/3 of the users (or money units) could fork the ALGORAND chain very easily. Our second attack shows that a malicious adversary could use a bribery attack to fork the ALGORAND chain very easily also. Furthermore, we show that the celebrated Byzantine Agreement component in ALGORAND is not necessary. The Byzantine Agreement is the most expensive part and one of the most innovative parts in the ALGORAND protocol. It is used to avoid forks in ALGORAND. We show that a simple majority vote could be used to achieve the same property that Byzantine Agreement achieves in ALGORAND under the same network assumption.
NIST SP800-22 (2010) proposes the state of art testing suite for (pseudo) random generators to detect deviations of a binary sequence from randomness. On the one hand, as a counter example to NIST SP800-22 test suite, it is easy to construct functions that are considered as GOOD pseudorandom generators by NIST SP800-22 test suite though the output of these functions are easily distinguishable from the uniform distribution. Thus these functions are not pseudorandom generators by definition. On the other hand, NIST SP800-22 does not cover some of the important laws for randomness. Two fundamental limit theorems about random binary strings are the central limit theorem and the law of the iterated logarithm (LIL). Several frequency related tests in NIST SP800-22 cover the central limit theorem while no NIST SP800-22 test covers LIL. This paper proposes techniques to address the above challenges that NIST SP800-22 testing suite faces. Firstly, we propose statistical distance based testing techniques for (pseudo) random generators to reduce the above mentioned Type II errors in NIST SP800-22 test suite. Secondly, we propose LIL based statistical testing techniques, calculate the probabilities, and carry out experimental tests on widely used pseudorandom generators by generating around 30TB of pseudorandom sequences. The experimental results show that for a sample size of 1000 sequences (2TB), the statistical distance between the generated sequences and the uniform distribution is around 0.07 (with $0$ for statistically indistinguishable and $1$ for completely distinguishable) and the root-mean-square deviation is around 0.005.
In order to generate synthetic basket data sets for better benchmark testing, it is important to integrate characteristics from real-life databases into the synthetic basket data sets. The characteristics that could be used for this purpose include the frequent itemsets and association rules. The problem of generating synthetic basket data sets from frequent itemsets is generally referred to as inverse frequent itemset mining. In this paper, we show that the problem of approximate inverse frequent itemset mining is {\bf NP}-complete. Then we propose and analyze an approximate algorithm for approximate inverse frequent itemset mining, and discuss privacy issues related to the synthetic basket data set. In particular, we propose an approximate algorithm to determine the privacy leakage in a synthetic basket data set.
In this paper, we use the concept of colored edge graphs to model homogeneous faults in networks. We then use this model to study the minimum connectivity (and design) requirements of networks for being robust against homogeneous faults within certain thresholds. In particular, necessary and sufficient conditions for most interesting cases are obtained. For example, we will study the following cases: (1) the number of colors (or the number of non-homogeneous network device types) is one more than the homogeneous fault threshold; (2) there is only one homogeneous fault (i.e., only one color could fail); and (3) the number of non-homogeneous network device types is less than five.
Several identity based and implicitly authenticated key agreement protocols have been proposed in recent years and none of them has achieved all required security properties. In this paper, we propose an efficient identity-based and authenticated key agreement protocol IDAK using Weil/Tate pairing. The security of IDAK is proved in Bellare-Rogaway model. Several required properties for key agreement protocols are not implied by the Bellare-Rogaway model. We proved these properties for IDAK separately.
LT codes and digital fountain techniques have received significant attention from both academics and industry in the past few years. There have also been extensive interests in applying LT code techniques to distributed storage systems such as cloud data storage in recent years. However, Plank and Thomason's experimental results show that LDPC code performs well only asymptotically when the number of data fragments increases and it has the worst performance for small number of data fragments (e.g., less than 100). In their INFOCOM 2012 paper, Cao, Yu, Yang, Lou, and Hou proposed to use exhaustive search approach to find a deterministic LT code that could be used to decode the original data content correctly in distributed storage systems. However, by Plank and Thomason's experimental results, it is not clear whether the exhaustive search approach will work efficiently or even correctly. This paper carries out the theoretical analysis on the feasibility and performance issues for applying LT codes to distributed storage systems. By employing the underlying ideas of efficient Belief Propagation (BP) decoding process in LT codes, this paper introduces two classes of codes called flat BP-XOR codes and array BP-XOR codes (which can be considered as a deterministic version of LT codes). We will show the equivalence between the edge-colored graph model and degree-one-and-two encoding symbols based array BP-XOR codes. Using this equivalence result, we are able to design general array BP-XOR codes using graph based results. Similarly, based on this equivalence result, we are able to get new results for edge-colored graph models using results from array BP-XOR codes.
In this paper, we study the security requirements for remote authentication with password protected smart card. In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols are used for the protection of password based authentication between a client and a remote server. In this paper, we will focus on the password based authentication between a smart card owner and smart card via an untrusted card reader. In a typical scenario, a smart card owner inserts the smart card into an untrusted card reader and input the password via the card reader in order for the smart card to carry out the process of authentication with a remote server. In this case, we want to guarantee that the card reader will not be able to impersonate the card owner in future without the smart card itself. Furthermore, the smart card could be stolen. If this happens, we want the assurance that an adversary could not use the smart card to impersonate the card owner even though the sample space of passwords may be small enough to be enumerated by an off-line adversary. At the end of this paper, we further extend our results to credential storage on portable non-tamper resistant storage devices such as USB memory sticks.
Cryptographic standards serve two important goals: making different implementations interoperable and avoiding various known pitfalls in commonly used schemes. This chapter discusses Public-Key Cryptography Standards (PKCS) which have significant impact on the use of public key cryptography in practice. PKCS standards are a set of standards, called PKCS #1 through #15. These standards cover RSA encryption, RSA signature, password-based encryption, cryptographic message syntax, private-key information syntax, selected object classes and attribute types, certification request syntax, cryptographic token interface, personal information exchange syntax, and cryptographic token information syntax. The PKCS standards are published by RSA Laboratories. Though RSA Laboratories solicits public opinions and advice for PKCS standards, RSA Laboratories retain sole decision-making authority on all aspects of PKCS standards. PKCS has been the basis for many other standards such as S/MIME.
Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems are widely used in critical infrastructures such as electric grid, natural gas, water and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks that could have devastating consequences, little research has been done to secure the control systems. American Gas Association (AGA), IEC TC57 WG15, IEEE, NIST and National SCADA Test Bed Program have been actively designing cryptographic standard to protect SCADA systems. American Gas Association (AGA) had originally been designing cryptographic standard to protect SCADA communication links and finished the report AGA 12 part 1. The AGA 12 part 2 has been transferred to IEEE P1711. This paper presents an attack on the protocols in the first draft of AGA standard (Wright et al., 2004). This attack shows that the security mechanisms in the first version of the AGA standard protocol could be easily defeated. We then propose a suite of security protocols optimised for SCADA/DCS systems which include: point-to-point secure channels, authenticated broadcast channels, authenticated emergency channels, and revised authenticated emergency channels. These protocols are designed to address the specific challenges that SCADA systems have.
The theory of computer viruses has been studied by several authors, though there is no systematic theoretical study up to now. The long time open question in this area is as follows: Is it possible to design a signature-free (including dynamic signatures which we will define late) virus? In this paper, we give an affirmative answer to this question from a theoretical viewpoint. We will introduce a new stronger concept: dynamic signatures of viruses, and present a method to design viruses which are static signature-free and whose dynamic signatures are hard to determine unless some cryptographic assumption fails. We should remark that our results are only for theoretical interest and may be resource intensive in practice.