Session-Key Generation using Human Passwords Only

cas session共享原理
CAS（Central Authentication Service）是一种单点登录协议，它允许用户一次登录就可以访问多个不同的应用程序。

CAS session
共享的原理主要涉及到认证和授权两个方面。

首先，CAS session共享的原理涉及到认证。

当用户进行登录时，CAS服务器会验证用户的身份，一旦用户身份验证成功，CAS服
务器会创建一个全局唯一的票据（ticket），并将该票据返回给用
户的浏览器。

用户在访问其他CAS客户端应用程序时，浏览器会携
带该票据向CAS服务器发起验证请求，CAS服务器会验证该票据的
有效性，如果有效则返回用户的身份信息给客户端应用程序，从而
实现了单点登录。

其次，CAS session共享的原理还涉及到授权。

一旦用户的身
份得到验证，CAS服务器会向客户端应用程序颁发一个授权令牌（service ticket），客户端应用程序可以使用该令牌来获取用户
的身份信息以及其他所需的授权信息。

这样，用户无需在每个应用
程序中重新输入用户名和密码，实现了用户身份信息的共享和授权
的统一管理。

总的来说，CAS session共享的原理主要是通过统一的认证和授权机制，实现了用户在多个应用程序之间的身份信息共享和单点登录。

这样可以提高用户体验，减少用户的重复登录操作，同时也方便了开发人员进行统一的身份认证和授权管理。

Smooth Projective Hashing and Two-MessageOblivious TransferYael Tauman KalaiMassachusetts Institute of Technologytauman@,/∼taumanAbstract.We present a general framework for constructing two-messageoblivious transfer protocols using a modification of Cramer and Shoup’snotion of smooth projective hashing(2002).Our framework is actuallyan abstraction of the two-message oblivious transfer protocols of Naorand Pinkas(2001)and Aiello et.al.(2001),whose security is based onthe Decisional Diffie Hellman Assumption.In particular,this frameworkgives rise to two new oblivious transfer protocols.The security of oneis based on the N’th-Residuosity Assumption,and the security of theother is based on both the Quadratic Residuosity Assumption and theExtended Riemann Hypothesis.When using smooth projective hashing in this context,we must dealwith maliciously chosen smooth projective hash families.This raises newtechnical difficulties that did not arise in previous applications,and inparticular it is here that the Extended Riemann Hypothesis comes intoplay.Similar to the previous two-message protocols for oblivious transfer,ourconstructions give a security guarantee which is weaker than the tradi-tional,simulation based,definition of security.Nevertheless,the securitynotion that we consider is nontrivial and seems to be meaningful forsome applications in which oblivious transfer is used in the presence ofmalicious adversaries.1IntroductionIn[CS98],Cramer and Shoup introduced thefirst CCA2secure encryption scheme,whose security is based on the Decisional Diffie Hellman(DDH)As-sumption.They later presented an abstraction of this scheme based on a new notion which they called“smooth projective hashing”[CS02].This abstrac-tion yielded new CCA2secure encryption schemes whose security is based on the Quadratic Residuosity Assumption or on the N’th Residuosity Assumption [Pa99].1This notion of smooth projective hashing was then used by Genarro Supported in part by NSF CyberTrust grant CNS-04304501The N’th Residuosity Assumption is also referred to in the literature as the Deci-sional Composite Residuosity Assumption and as Paillier’s Assumption.and Lindell[GL03]in the context of key generation from humanly memoriz-able passwords.Analogously,their work generalizes an earlier protocol for this problem[KOY01],whose security is also based on the DDH Assumption.In this paper,we use smooth projective hashing to construct efficient two-message oblivious transfer protocols.Our work follows the above pattern,in that it generalizes earlier protocols for this problem[NP01,AIR01]whose security is based on the DDH assumption.Interestingly,using smooth projective hashing in this context raises a new issue.Specifically,we must deal with maliciously chosen smooth projective hash families.This issue did not arise in the previous two applications because these were either in the public key model or in the common reference string model.1.1Oblivious TransferOblivious transfer is a protocol between a sender,holding two stringsγ0and γ1,and a receiver holding a choice bit b.At the end of the protocol the receiver should learn the string of his choice(i.e.,γb)but learn nothing about the other string.The sender,on the other hand,should learn nothing about the receiver’s choice b.Oblivious transfer,first introduced by Rabin[Rab81],is a central primitive in modern cryptography.It serves as the basis of a wide range of cryptographic tasks.Most notably,any secure multi-party computation can be based on a secure oblivious transfer protocol[Y86,GMW87,Kil88].Oblivious transfer has been studied in several variants,all of which have been shown to be equivalent. The variant considered in this paper is the one by Even,Goldreich and Lempel [EGL85](a.k.a.1-out-of-2oblivious transfer),shown to be equivalent to Rabin’s original definition by Cr´e peau[Cre87].The study of oblivious transfer has been motivated by both theoretical and practical considerations.On the theoretical side,much work has been devoted to the understanding of the hardness assumptions required to guarantee obliv-ious transfer.In this context,it is important to note that known construc-tions for oblivious transfer are based on relatively strong computational as-sumptions–either specific assumptions such as factoring or Diffie Hellman (cf.[Rab81,BM89,NP01,AIR01])or generic assumption such as the existence of enhanced trapdoor permutations(cf.[EGL85,Gol04,Hai04]).Unfortunately, oblivious transfer cannot be reduced in a black box manner to presumably weaker primitives such as one-way functions[IR89].On the practical side,research has been motivated by the fact oblivious transfer is considered to be the main bottle-neck with respect to the amount of computation required by secure multiparty protocols.This makes the construction of efficient protocols for oblivious transfer a well-motivated task.In particular,constructing round-efficient oblivious transfer protocols is an important task.Indeed,[NP01](in Protocol4.1)and[AIR01]independently constructed a two-message(1-round)oblivious transfer protocol based on the DDH Assumption(with weaker security guarantees than the simulation based security).Their work was the starting point of our work.1.2Smooth Projective HashingSmooth projective hashing is a beautiful notion introduced by Cramer and Shoup [CS02].To define this notion they rely on the existence of a set X(actually a distribution on sets),and an underlying N P-language L⊆X(with an associ-ated N P-relation R).The basic hardness assumption is that it is infeasible to distinguish between a random element in L and a random element in X\L.This is called a hard subset membership problem.A smooth projective hash family is a family of hash functions that operate on the set X.Each function in the family has two keys associated with it:a hash key k,and a projection keyα(k).Thefirst requirement(which is the standard requirement of a hash family)is that given a hash key k and an element x in the domain X,one can compute H k(x).There are two additional requirements: the“projection requirement”and the“smoothness requirement.”The“projection requirement”is that given a projection keyα(k)and an element in x∈L,the value of H k(x)is uniquely determined.Moreover,com-puting H k(x)can be done efficiently,given the projection keyα(k)and a pair (x,w)∈R.The“smoothness requirement,”on the other hand,is that given a random projection key s=α(k)and any element in x∈X\L,the value H k(x) is statistically indistinguishable from random.1.3Our resultsWe present a methodology for constructing a two-message oblivious transfer pro-tocol from any(modification of a)smooth projective hash family.In particular, we show how the previously known(DDH based)protocols of[NP01,AIR01]can be viewed as a special case of this methodology.Moreover,we show that this methodology gives rise to two new oblivious transfer protocols;one based on the N’th Residuosity Assumption,and the other based on the Quadratic Residuosity Assumption along with the Extended Riemann Hypothesis.Our protocols,similarly to the protocols of[NP01,AIR01],are not known to be secure according to the traditional simulation based definition.Yet,they have the advantage of providing a certain level of security even against malicious adversaries without having to compromise on efficiency(see Section3for further discussion on the guaranteed level of security).The basic idea.Given a smooth projective hash family for a hard subset mem-bership problem(which generates pairs X,L according to some distribution), consider the following two-message protocol for semi-honest oblivious transfer. Recall that the sender’s input is a pair of stringsγ0,γ1and the receiver’s input is a choice bit b.R→S:Choose a pair X,L(with an associated NP-relation R L)according to the specified distribution.Randomly generate a triplet(x0,x1,w b)where x b∈R L,(x b,w b)∈R L,and x1−b∈R X\L.Send(X,x0,x1).S→R:Choose independently two random keys k0,k1for H and sendα(k0)andα(k1)along with y0=γ0⊕H k0(x0)and y1=γ1⊕H k1(x1).R:Retrieveγb by computing y b⊕H kb (x b),using the witness w b and the pro-jection keyα(k b).The security of the receiver is implied by the hardness of the subset mem-bership problem on X.Specifically,guessing the value of b is equivalent to dis-tinguishing between a random element in L and a random element in X\L. The security of the sender is implied by the smoothness property of the hash family H.Specifically,given a random projection keyα(k)and any element in x∈X\L,the value H k(x)is statistically indistinguishable from random.Thus, the message y1−b gives no information aboutγ1−b(since x1−b∈X\L).Note that the functionality of the protocol is implied by the projection property. Technical difficulty.Notice that when considering malicious receivers,the security of the sender is no longer guaranteed.The reason is that there is no guarantee that the receiver will choose x1−b∈X\L.A malicious receiver might choose x0,x1∈L and learn both values.To overcome this problem,we extend the notion of a hard subset membership problem so that it is possible to verify that at least one of x0,x1belongs to X\L.This should work even if the set X is maliciously chosen by the receiver.It turns out that implementing this extended notion in the context of the DDH assumption is straightforward[NP01,AIR01].Loosely speaking,in this case X is generated by choosing a random prime p,and choosing two random elements g0,g1in Z∗p of some prime order q.The resulting set X is defined by X {(g r00,g r11):r0,r1∈Z q},the corresponding language L is defined by L {(g r0,g r1):r∈Z q},and the witness of each element(g r0,g r1)∈L is its discrete logarithm r.In order to enable the sender to verify that two elements x0,x1are not both in L,we instruct the receiver to generate x0,x1by choosing at random two distinct elements r0,r1∈Z q,setting x b=(g r00,g r01),w b=r0,and x1−b=(g r00,g r11).Notice that x b is uniformly distributed in L,x1−b is uniformly distributed in X\L,and the sender can easily check that it is not the case that both x0and x1are in L by merely checking that they agree on theirfirst coordinate and differ on their second coordinate.Implementing this verifiability property in the context of the N’th Residuos-ity Assumption and the Quadratic Residuosity Assumption is not as easy.This part contains the bulk of technical difficulties of this work.In particular,this is where the Extended Riemann Hypothesis comes into play in the context of Quadratic Residuosity.2Smooth Projective Hash FunctionsOur definition of smooth projective hashing differs from its original definition in [CS02].The main difference(from both[CS02]and[GL03])is in the definition of the smoothness requirement,which we relax to Y-smoothness,and in the definition of a subset membership problem,where we incorporate an additional requirement called Y-verifiability.Notation.The security parameter is denoted by n .For a distribution D ,x ←D denotes the action of choosing x according to D ,and x ∈support (D )means that the distribution D samples the value x with positive probability.We denote by x ∈R S the action of uniformly choosing an element from the set S .For any two random variables X,Y ,we say that X and Y are -close if Dist (X,Y )≤ ,where Dist (X,Y )denotes the statistical difference between X and Y .2We say that the ensembles {X n }n ∈N and {Y n }n ∈N are statistically indistinguishable if there exists a negligible function (·)such that for every n ∈N ,the random variables X n and Y n are (n )-close.3Recall that a function ν:N →N is said to be negligible if for every polynomial p (·)and for every large enough n ,ν(n )<1/p (n ).Hard subset membership problems.A subset membership problem M spec-ifies a collection {I n }n ∈N of distributions,where for every n ,I n is a probability distribution over instance descriptions .Each instance description Λspecifies two finite non-empty sets X,W ⊆{0,1}poly (n ),and an NP-relation R ⊂X ×W ,such that the corresponding language L {x :∃w s.t.(x,w )∈R }is non-empty.For every x ∈X and w ∈W ,if (x,w )∈R ,we say that w is a witness for x .We use the following notation throughout the paper:for any instance description Λwe let X (Λ),W (Λ),R (Λ)and L (Λ)denote the sets specified by Λ.Loosely speaking,subset membership problem M ={I n }n ∈N is said to be hard if for a random instance description Λ←I n ,it is hard to distinguish random members of L (Λ)from random non-members.Definition 1(Hard subset membership problem).Let M ={I n }n ∈N be a subset membership problem as above.We say that M is hard if the ensembles{Λn ,x 0n }n ∈N and {Λn ,x 1n }n ∈N are computationally indistinguishable,where Λn ←I n ,x 0n ∈R L (Λn ),and x 1n ∈R X (Λn )\L (Λn ).4Projective hash family.We next present the notion of a projective hash family with respect to a hard subset membership problem M ={I n }n ∈N .Let H ={H k }k ∈K be a collection of hash functions.K ,referred to as the key space,consists of a set of keys such that for each instance description Λ∈M ,5there is a subset of keys K (Λ)⊆K corresponding to Λ.For every Λand for every k ∈K (Λ),H k is a hash function from X (Λ)to G (Λ),where G (Λ)is some finite non-empty set.We denote by G = Λ∈M G (Λ).We define a projection key function α:K →S ,where S is the space of projection rmally,2Recall that Dist (X,Y ) 1 s ∈S |P r [X =s ]−P r [Y =s ]|,or equivalently,Dist (X,Y ) max S ⊂S |P r [X ∈S ]−P r [Y ∈S ]|,where S is any set that con-tains the support of both X and Y .3For simplicity,throughout this paper we say that two random variables X n and Y n are statistically indistinguishable,meaning that the corresponding distribution ensembles {X n }n ∈N and {Y n }n ∈N are statistically indistinguishable.4Note that this hardness requirement also implies that it is hard to distinguish be-tween a random element x ∈R L (Λ)and a random element x ∈R X (Λ).We will use this fact in the proof of Theorem 1.5We abuse notation and let Λ∈M denote the fact that Λ∈support (I n )for some n .a family(H,K,S,α,G)is a projective hash family for M if for every instance descriptionΛ∈M and for every x∈L(Λ),the projection key s=α(k)uniquely determines H k(x).(We stress that the projection key s=α(k)is only guaranteed to determine H k(x)for x∈L(Λ),and nothing is guaranteed for x∈X(Λ)\L(Λ).) Definition2(Projective hash family).(H,K,S,α,G)is a projective hash family for a subset membership problem M if for every instance description Λ∈M there is a well defined(not necessarily efficient)function f such that for every x∈L(Λ)and every k∈K(Λ),f(x,α(k))=H k(x).Efficient projective hash family.We say that a projective hash family is efficient if there exist polynomial time algorithms for:(1)Sampling a key k∈R K(Λ)givenΛ;(2)Computing a projectionα(k)fromΛand k∈K(Λ);(3) Computing H k(x)fromΛ,k∈K(Λ)and x∈X(Λ);and(4)Computing H k(x) fromΛ,(x,w)∈R(Λ)andα(k),where k∈K(Λ).Notice that this gives two ways to compute H k(x):either by knowing the hash key k,or by knowing the projection keyα(k)and a witness w for x.Y-smooth projective hash family.Let Y be any function from instance de-scriptionsΛ∈M to subsets Y(Λ)⊆X(Λ)\L(Λ).Loosely speaking,a projective hash family for M is Y-smooth if for every instance descriptionΛ=(X,W,R), for every x∈Y(Λ),and for a random k∈R K(Λ),the projection keyα(k) reveals(almost)nothing about H k(x).Definition3(Y-smooth projective hash family).A projective hash family (H,K,S,α,G)for a subset membership problem M is said to be Y-smooth if for every(even maliciously chosen)instance descriptionΛ=(X,W,R)and every x∈Y(Λ),the random variables(α(k),H k(x))and(α(k),g)are statistically indistinguishable,where k∈R K(Λ)and g∈R G(Λ).6A Y-smooth projective hash family thus has the property that a projection of a (random)key enables the computation of H k(x)for x∈L,but gives almost no information about the value of H k(x)for x∈Y(Λ).Remark.This definition of Y-smooth projective hash family differs from the original definition proposed in[CS02]in two ways.First,it requires the smooth-ness property to hold against maliciously chosen instance descriptionsΛ,whereas in[CS02]the smoothness is only with respect toΛ∈M.Second,it requires the smoothness property to hold with respect to every x∈Y,whereas in[CS02]the smoothness condition is required to hold for randomly chosen x∈R X\L.The main reason for our divergence from the original definition in[CS02] is that we need to cope with maliciously chosenΛ.We would like to set Y= X\L(as in[CS02]),and construct a(X\L)-smooth projective hash fam-ily.However,we do not know how to construct such a family,for which the 6We assume throughout this paper,without loss of generality,that a(maliciously chosen)Λhas the same structure as an honestly chosenΛ.smoothness condition holds for every(even maliciously chosen)Λ.7Therefore, we relax our smoothness requirement and require only Y-smoothness,for some Y⊆X\L.In both our constructions of Y-smooth projective hash families, Y(Λ)⊂X(Λ)\L(Λ)for maliciously chosenΛ∈M,and Y(Λ)=X(Λ)\L(Λ)for every honestly chosenΛ∈M.Jumping ahead,the latter will enable the(honest) receiver to choose x b∈R L(Λ),x1−b∈R X(Λ)\L(Λ)such that x1−b is also in Y(Λ).This will enable the(honest)sender to be convinced of its security by checking that either x0or x1is in Y(Λ),and it will enable the(honest)receiver to be convinced that a(dishonest)sender cannot guess the bit b,assuming the underlying subset membership problem is hard.(From now on the reader should think of Y(Λ)as equal to X(Λ)\L(Λ)for everyΛ∈M.)Thus,we need a subset membership problem M such that for every honestly chosenΛ∈M it is easy to sample uniformly from both L(Λ)and X(Λ)\L(Λ). On the other hand,for every(even maliciously chosen)(Λ,x0,x1)it is easy to verify that either x0∈Y(Λ)or x1∈Y(Λ).To this end we define the notion of a“Y-verifiably samplable”subset membership problem.Definition4(Y-verifiably samplable subset membership problem).A subset membership problem M={I n}n∈N is said to be Y-verifiably samplable if the following conditions hold.1.Problem samplability:There exists a probabilistic polynomial-time algorithmthat on input1n,samples an instanceΛ=(X,W,R)according to I n.2.Member samplability:There exists a probabilistic polynomial-time algorithmthat on input an instance descriptionΛ=(X,W,R)∈M,outputs an ele-ment x∈L together with its witness w∈W,such that the distribution of x is statistically close to uniform on L.3.Non-member samplability:There exists a probabilistic polynomial-time al-gorithm A that given an instance descriptionΛ=(X,W,R)∈M and an element x0∈X,outputs an element x1=A(Λ,x0),such that if x0∈R L then the distribution of x1is statistically close to uniform on X\L,and if x0∈R X then the distribution of x1is statistically close to uniform on X.4.Y-Verifiability:There exists a probabilistic polynomial-time algorithm B,thatgiven any triplet(Λ,x0,x1),verifies that there exists a bit b such that x b∈Y(Λ).This should hold even ifΛis maliciously chosen.Specifically:–For everyΛand every x0,x1,if both x0∈Y(Λ)and x1∈Y(Λ)then B(Λ,x0,x1)=0.–For every honestly chosenΛ∈M and every x0,x1,if there exists b such that x b∈L(Λ)and x1−b∈support(A(Λ,x b)),then B(Λ,x0,x1)=1.For simplicity,throughout the paper we do not distinguish between uniform and statistically close to uniform distributions.This is inconsequential.7We note that[CS02,GL03]did not deal with maliciously chosenΛ’s,and indeed the smoothness property of their constructions does not hold for maliciously chosenΛ’s.3Security of Oblivious TransferOur definition of oblivious transfer is similar to the ones considered in previous works on oblivious transfer in the Bounded Storage Model[DHRS04,CCM98].A similar(somewhat weaker)definition was also used in[NP01]in the context of their DDH based two message oblivious transfer protocol.In what follows we let viewˆS (ˆS(z),R(b))denote the view of a cheating senderˆS(z)after interacting with R(b).This view consists of its input z,its random coin tosses,and the messages that it received from R(b)during the interaction.Similarly,we let viewˆR (S(γ0,γ1),ˆR(z))denote the view of a cheating ReceiverˆR(z)after interacting with S(γ,γ1).Definition5(Secure implementation of Oblivious Transfer).A two party protocol(S,R)is said to securely implement oblivious transfer if it is a protocol in which both the sender and the receiver are probabilistic polynomial time machines that get as input a security parameter n in unary representation.Moreover,the sender gets as input two stringsγ0,γ1∈{0,1} (n),the receiver gets as input a choice bit b∈{0,1},and the following conditions are satisfied:–Functionality:If the sender and the receiver follow the protocol then for any security parameter n,any two input stringsγ0,γ1∈{0,1} (n),and any bit b,the receiver outputsγb whereas the sender outputs nothing.8–Receiver’s security:For any probabilistic polynomial-time adversaryˆS,exe-cuting the sender’s part,for any security parameter n,and for any auxiliary input z of size polynomial in n,the view thatˆS(z)sees when the receiver tries to obtain thefirst message is computationally indistinguishable from the view it sees when the receiver tries to obtain the second message.That is,{viewˆS (ˆS(z),R(1n,0))}n,z c≡{viewˆS(ˆS(z),R(1n,1))}n,z–Sender’s security:For any deterministic(not necessarily polynomial-time) adversaryˆR,executing the receiver’s part,for any security parameter n,for any auxiliary input z of size polynomial in n,and for anyγ0,γ1∈{0,1} (n), there exists a bit b such that for everyψ∈{0,1} (n),the view ofˆR(z)when interacting with S(1n,γb,ψ),and the view ofˆR(z)when interacting with S(1n,γ0,γ1),are statistically indistinguishable.9That is,{viewˆR (S(1n,γ0,γ1),ˆR(z))}n,γ,γ1,zs≡{viewˆR(S(1n,γb,ψ),ˆR(z))}n,γb,ψ,zNote that Definition5(similarly to the definitions in[DHRS04,NP01])de-parts from the traditional,simulation based,definition in that it handles the security of the sender and of the receiver separately.This results in a some-what weaker security guarantee,with the main drawback being that neither the 8This condition is also referred to as the completeness condition.9We abuse notation by letting S(1n,γb,ψ)denote S(1n,γ0,ψ)if b=0,and letting it denote S(1n,ψ,γ1)if b=1.sender nor the receiver are actually guaranteed to“know”their own input.(This is unavoidable in two message protocols using“standard”techniques).It is easy to show that Definition5implies simulatability for semi honest adversaries(the proof is omitted due to lack of space).More importantly,Defini-tion5also gives meaningful security guarantees in face of malicious participants. In the case of a malicious sender,the guarantee is that the damage incurred by malicious participation is limited to“replacing”the input stringsγ0,γ1with a pair of strings that are somewhat“related”to the receiver’sfirst message(with-out actually learning anything about the receiver’s choice).In the case of a mali-cious receiver,Definition5can be shown to provide exponential time simulation of the receiver’s view of the interaction(similarly to the definition of[NP01]).In particular,the interaction gives no information to an unbounded receiver beyond the value ofγb.(Again,the proof is omitted due to lack of space.)4Constructing2-Round OT ProtocolsLet M={I n}n∈N be a hard subset membership problem which is Y-verifiably samplable,and let(H,K,S,α,G)be a an efficient Y-smooth projective hash family for M.Recall that the Y-verifiably samplable condition of M implies the existence of algorithms A and B as described in Section2.We assume for simplicity that for any n and for anyΛ∈I n,G(Λ)={0,1} (n), and that the two messagesγ0,γ1,to be transferred in the OT protocol,are binary strings of length at most (n).Let n be the security parameter.Let(γ0,γ1)be the input of the sender and let b∈{0,1}be the input of the receiver.R→S:The receiver chooses a random instance descriptionΛ=(X,W,R)←I n.It then samples a random element x b∈R L together with its corre-sponding witness w b,using the member samplability algorithm,and invokes Algorithm A on input(Λ,x b)to obtain a random element x1−b∈X\L.It sends(Λ,x0,x1).S→R:The sender invokes algorithm B on input(Λ,x0,x1)to verify that there exists a bit b such that x1−b∈Y(Λ).If B outputs0then it aborts,and ifB outputs1then it chooses independently at random k0,k1∈R K(Λ),andsendsα(k0)andα(k1)along with y0=γ0⊕H k0(x0)and y1=γ1⊕H k1(x1).R:The receiver retrievesγb by computing y b⊕H kb (x b)using the projectionkeyα(k b)and the pair(x b,w b).We next prove that the above protocol is secure according to Definition5. Intuitively,the receiver’s security follows from the fact that x b is uniformly distributed in L,x1−b is uniformly distributed in X\L,and from the assumption that it is hard to distinguish random L elements from random X\L elements. The sender’s security follows from the assumption that(H,K,S,α,G)is a Y-smooth projective hash family for M,and from the assumption that one of x0 or x1is in Y(Λ)(otherwise,it will be detected by B and the sender will abort).Theorem1.The above2-round OT protocol is secure according Definition5,assuming M is a Y-verifiably samplable hard subset membership problem,and assuming(H,K,S,α,G)is a Y-smooth projective hash family for M.Proof.we start by proving the receiver’s security.Assume for the sake of con-tradiction that there exists a(malicious)probabilistic polynomial-time senderˆS such that for infinitely many n’s there exists a polynomial size auxiliary input z n such thatˆS(z n)can predict(with non-negligible advantage)the choice bit b when interacting with R(1n,b).In what follows,we useˆS(z n)to break the hard-ness of M,by distinguishing between x∈R L and x∈R X.Given an instance descriptionΛ=(X,W,R)←(I n)and an element x∈X:1.Choose at random a bit b and let x b=x2.Apply algorithm A on input(Λ,x b)to obtain an element x1−b.3.FeedˆS(z n)the message(Λ,x0,x1),and obtain its prediction bit b .4.If b =b then predict“x∈R L”and if b =b then predict“x∈R L.”Notice that if x b∈R L thenˆS(z n)will predict the bit b with non-negligible advantage(follows from our contradiction assumption).On the other hand,if x b∈R X then x1−b is also uniformly distributed in X.In this case it is impossible (information theoretically)to predict b.We now turn to prove the sender’s security.LetˆR be any(not necessarily polynomial time)malicious receiver,and for any n∈N,let z n be any polynomial size auxiliary information given toˆR.Let(Λn,x0,x1)be thefirst message sent by ˆR(zn).Our goal is to show that for every n∈N and for everyγ0,γ1∈{0,1} (n),there exists b∈{0,1}such that the random variables viewˆR(S(1n,γ0,γ1),ˆR(z n))and viewˆR (S(1n,γb,ψ),ˆR(z n))are statistically indistinguishable.We assume without loss of generality that either x0∈Y(Λn)or x1∈Y(Λn). If this is not the case,the sender aborts the execution and b can be set to either0 or1.Let b be the bit satisfying x1−b∈Y(Λn).By the Y-smoothness property of the hash family,the random variables(α(k),H k(x1−b))and(α(k),g)are statis-tically indistinguishable,for a random k∈R K(Λn)and a random g∈R G(Λn). This implies that the random variables(α(k),γ1−b⊕H k(x1−b))and(α(k),g) are statistically indistinguishable,which implies that viewˆR(S(1n,γ0,γ1),ˆR(z))and viewˆR(S(1n,γb,ψ),ˆR(z))are statistically indistinguishable.5Constructing Smooth Projective Hash FamiliesWe next present two constructions of Y-smooth projective hash families for hard subset membership problems which are Y-verifiably samplable.One based on the N’th Residuosity Assumption,and the other based on the Quadratic-Residuosity Assumption together with the Extended Reimann Hypothesis.A key vehicle in both constructions is the notion of an( ,Y)-universal projective hash family. Definition6(Universal projective hash families).Let M={I n}n∈N be any hard subset membership problem.A projective hash family(H,K,S,α,G)。

人形机器人论文中英文资料对照外文翻译| |在获取信息和感觉器官的非结构化动态环境中，后续的决策和对自身不确定性的控制在很大程度上共存。

软件计算方法也可以被人们想象出来。

在机器人领域，关键问题之一是从感觉数据中提取有用的知识，然后将信息和感觉的不确定性分成不同的层次本文提出了一种基于广义融合混合分类(人工神经网络的力量，论坛渔业局)的生成合成数据的观察模型，该模型已经制定并应用于验证，以及一种从实际硬件机器人生成合成数据的模型当选择这种融合时，主要目标是根据内部(关节传感器)和外部(视觉摄像机)的感觉信息最小化机器人操作的不确定性任务目前，一种被广泛有效使用的方法是研究具有5个自由度的实验室机器人和具有模型模拟视觉控制的机械手。

最近研究的处理不确定性的主要方法包括选择加权参数(几何融合)，并且指出在标准机械手控制器设计中训练的神经网络是不可用的。

这些方法大大降低了机械手控制的不确定性，在不同层次的混合配置中更快更准确。

这些方法通过了严格的模拟和实验。

关键词:传感器融合、频分双工、游离脂肪酸、人工神经网络、软计算、操纵器、重复性、准确性、协方差矩阵、不确定性、不确定性椭球1简介越来越多的产品出现在各种机器人的应用中(工业、军事、科学、医学、社会福利、家庭和娱乐)。

它们在广泛的范围内运行，哪一个在非结构化环境中运行在大多数情况下，了解环境是如何变化的以及如何在每一瞬间最佳地控制机器人的动作是非常重要的。

移动机器人基本上也有能力定位和操作非常大的非结构化动态环境，并处理重大的不确定性。

对于机器人运动的最佳控制来说，了解周围环境在每一瞬间的变化是至关重要的。

移动机器人本质上还必须在非常大的未成熟的动态环境中导航和操作，并处理显著的不确定性。

当机器人在自然的不确定环境中工作时，给定工作的完成条件总是存在一定程度的不确定性。

在执行给定的操作时，这些条件有时会发生变化。

导致不确定性的主要原因是机器人运动参数和各种任务定义信息中出现的差异。

选择题1、下面哪一个不是框架〔D〕。

A.SpringB.Struts C.Hibernate D.JSP2、下面是框架的是〔D〕。

A.JSPB.Struts标签库C.Criteria查询 D.Spring3、在三层结构中，Struts2承当的责任是〔D〕。

A.定义实体类B.数据的增删改查操作C.业务逻辑的描述D.页面展示和控制转发4、在三层结构中，Hibernate承当的任务是〔A〕。

A．数据的持久化操作 B.实体类的定义C.业务逻辑的描述D.页面的显示与控制转发5、下面信息不在Struts2配置文件中配置的是〔B〕。

A.FormBean配置信息B.Spring声明式事务C.Action转发路径D.Struts2引用的资源文件6、在struts实现的框架中,〔B〕类包含了excute方法的控制器类，负责调用模型的方法，控制应用程序的流程。

A．Ajax B．Action C．Form D．Method7、下面关于Hibernate的说法，错误的选项是〔C〕。

A.Hibernate是一个“对象-关系映射〞的实现B.Hibernate是一种数据持久化技术C.Hibernate是JDBC的替代技术使用Hibernate可以简化持久化层的编码8、以下说法中错误的选项是〔C〕。

A．使用通配符可以优化action的配置B．约定优于配置。

约定的如果好，可以使action配置非常的简洁C．如果Action中存在多个方法时，只能使用method属性指定调用方法D．在struts2中超级链接通常都采用绝对路径，而不使用相对路径，这样便于链接的实现9、以下说法中错误的选项是〔D〕。

A．从值栈中取值用value=参“数名〞，参数名是action中的参数B．从actioncontext中取值用#parameters.参数名，参数名是struts中的参数C．在客户端跳转时一次request只有一个valueStackD．在客户端跳转时一次request可以有多个valueStack10、和SQL相比，HQL有哪些优点〔C〕。

自书材料写提取人
摘要：
一、自动驾驶仿真场景泛化算法的重要性
二、自动驾驶仿真场景泛化算法的具体方法
三、自动驾驶仿真场景泛化算法的应用实例
四、自动驾驶仿真场景泛化算法的发展前景
正文：
一、自动驾驶仿真场景泛化算法的重要性
随着自动驾驶技术的发展，保证自动驾驶系统在各种复杂场景下的安全性和可靠性成为一项重要任务。

在实际道路上进行大规模测试不仅耗时耗力，而且很难覆盖所有可能的场景。

因此，采用自动驾驶仿真场景泛化算法对自动驾驶系统进行测试和验证显得尤为重要。

二、自动驾驶仿真场景泛化算法的具体方法
自动驾驶仿真场景泛化算法主要通过以下几个步骤实现：
1.场景定义：根据实际道路场景，定义一系列场景参数，如道路类型、天气条件、交通状况等。

2.场景生成：根据定义好的场景参数，生成一系列具有代表性的仿真场景。

3.场景泛化：对生成的仿真场景进行泛化处理，使得场景具有更高的通用性和多样性。

4.场景评估：对生成的泛化场景进行评估，以确定其对自动驾驶系统的安全性和可靠性的影响。

三、自动驾驶仿真场景泛化算法的应用实例
1.PreScan：PreScan 是一个基于物理学的自动驾驶仿真平台，工程师可以通过Matlab 和Simulink 等工具制作和测试算法。

PreScan 可以帮助工程师快速地验证自动驾驶汽车功能的安全性和可靠性。

2.理想汽车：理想汽车公开了一种自动驾驶仿真场景生成方法及装置，该
方法通过数据处理技术，使得自动驾驶仿真场景更接近于真实驾驶情况。

四、自动驾驶仿真场景泛化算法的发展前景
随着自动驾驶技术的不断进步，仿真场景泛化算法也将得到进一步发展。

sessioncreationpolicy 枚举-回复什么是sessioncreationpolicy 枚举？SessionCreationPolicy 枚举是一组预定义的可能值，用来定义在基于用户认证的会话管理中，何时和如何创建新的会话。

它是一种使用Java编程语言的一部分，通常用于开发Web应用程序或其他基于用户认证的应用程序。

SessionCreationPolicy 枚举定义了以下几个常量值：1. SessionCreationPolicy.ALWAYS：始终创建新会话，无论请求是否具有有效的会话。

2. SessionCreationPolicy.IF_REQUIRED：仅在请求不包含有效会话时创建新会话。

3. SessionCreationPolicy.NEVER：永不创建新会话，只使用现有的会话。

4. SessionCreationPolicy.STATELESS：不创建会话，请求不应依赖任何会话状态。

下面将逐步讨论这些常量以及它们在实际开发中的使用情况和注意事项。

1. SessionCreationPolicy.ALWAYS：当应用程序需要每个请求都具有一个新的会话时，可以使用该枚举常量。

这通常适用于需要在每个请求之间重新初始化会话状态的应用程序，例如购物网站或在线支付平台。

但是要注意，频繁地创建新会话可能会导致服务器资源的浪费和性能下降。

2. SessionCreationPolicy.IF_REQUIRED：当应用程序需要在请求中为非认证用户创建会话时，可以使用该枚举常量。

这在某些需要使用会话的功能（例如购物车）时非常有用，但仅当用户尚未进行认证时才会创建会话。

在用户进行认证后，使用现有的会话可以更好地保持会话状态并提高性能。

3. SessionCreationPolicy.NEVER：当应用程序不需要使用会话时，可以使用该枚举常量。

这在一些无状态的Web服务或API中很常见，因为它们不需要维护任何会话信息，并且可以更好地适用于负载均衡环境。

·药师实践·1例鹦鹉热衣原体肺炎继发CRKP血流感染患者药学监护案例报道高志英1陈虹2方洁3（1. 安康市人民医院药学部 安康 725000；上海交通大学医学院附属瑞金医院2. 呼吸与危重症医学科，3. 药剂科 上海 200025）摘要目的：探讨社区获得性鹦鹉热衣原体肺炎继发CRKP血流感染患者抗感染诊疗策略。

方法：临床药师参与1例重症社区获得性鹦鹉热衣原体肺炎继发CRKP血流感染患者的治疗。

临床药师在初始给药方案选择、后续治疗方案调整、疗效观察和不良反应监测等方面提出建议并进行药学监护。

结果：根据患者病情变化，积极调整抗感染治疗方案，患者感染得到了有效控制，且未出现不良反应。

结论：临床药师参与患者治疗可发挥专业特长，保证药物治疗的安全性和有效性。

关键词鹦鹉热衣原体重症肺炎宏基因组二代测序中图分类号：R518.1; R952 文献标志码：B 文章编号：1006-1533(2023)23-0102-05引用本文高志英, 陈虹, 方洁. 1例鹦鹉热衣原体肺炎继发CRKP血流感染患者药学监护案例报道[J]. 上海医药, 2023, 44(23): 102-106.A case report of pharmaceutical care for a patient with CRKP bloodstream infectionsecondary to Chlamydia psittaci pneumoniaGAO Zhiying1, CHEN Hong2, FANG Jie3(1. Department of Pharmacy, Ankang People’s Hospital, Ankang 725000, China; 2. Department of Pulmonary and Critical Care Medicine,3. Department of Pharmacy, Ruijin Hospital, Shanghai Jiao Tong University School of Medicine, Shanghai 200025, China)ABSTRACT Objective: To explore the anti-infection diagnosis and treatment strategy for a patient with CRKP bloodstream infection secondary to community acquired Chlamydia psittaci pneumonia. Methods: Clinical pharmacists participated in the treatment of the patient and proposed some suggestions on the selection of initial drug administration regimen, adjustment of subsequent treatment regimen, observation of efficacy and monitoring of adverse reactions. Results: According to the change of the patient’s condition, the anti-infective treatment plan was actively adjusted, and the infection of the patient was effectively con trolled without adverse reactions. Conclusion: Clinical pharmacists can give full play to their professional expertise and ensure the safety and effectiveness of drug therapy when participated in the treatment of patients.KEY WORDS Chlamydia psittaci; severe pneumonia; metagenomic next-generation sequencing我国成人社区获得性肺炎（community-acquired pneumonia，CAP）常见病原菌为肺炎支原体和肺炎链球菌[1]，鹦鹉热衣原体感染的CAP相对罕见，每年发病率约占1%[2]。

想要了解的事物英语作文Things I Yearn to Understand The world is an intricate tapestry woven with threads of knowledge, both known and unknown. While I find myself fascinated by the vast amount of information we’ve accumulated as a species, I am acutely aware of the vast, uncharted territories of understanding that lie before me. There are several key areas that spark a deep curiosity within me, areas I yearn to explore and grasp with greater clarity. Firstly, I am captivated by the complex workings of the human mind. The brain, a three-pound universe contained within our skulls, is a marvel of intricate networks and electrochemical signals that give rise to consciousness, emotion, and behavior. How do neurons fire in symphony to create our perceptions of the world? What are the mechanisms behind memory formation and retrieval? How does our unique blend of genetics and environment shape our personalities and predispositions? Unraveling the mysteries of the mind holds the key to understanding the very essence of what makes us human. The vast universe, with its swirling galaxies, enigmatic black holes, and the tantalizing possibility of life beyond Earth, also ignites my imagination. I long to understand the fundamental laws that govern the cosmos, from the delicate dance of subatomic particles to the majestic movements of celestial bodies. What is the true natureof dark matter and dark energy, the unseen forces shaping the universe's evolution? Are we alone in this vast cosmic expanse, or does life, in all its wondrous forms, exist elsewhere? The pursuit of answers to these questions is a quest to understand our place in the grand scheme of existence. Closer to home, the interconnected web of life on our planet fascinates me. The intricate ecosystems teeming with biodiversity, the delicate balance of predator and prey, theintricate cycles of energy and nutrients - these are all testament to the awe-inspiring power of evolution and adaptation. I yearn to understand the complex interactions within these ecosystems, the delicate balance that sustains them, and the impact of human activities on this delicate web. Understanding these complexities is crucial for our responsible stewardship of the planet and the preservation of its irreplaceable biodiversity. Furthermore, I am drawn to the intricacies of human history and its impact on our present reality. From the rise and fall of civilizations to the struggles for freedom and equality, historyoffers a lens through which we can examine the triumphs and failures of humankind.I crave a deeper understanding of the forces that have shaped our social,political, and economic systems, the ideologies that have fueled conflicts and cooperation, and the enduring legacies of past events. By studying history, wecan learn from our ancestors' mistakes and successes, equipping ourselves to navigate the challenges of the present and build a better future. The ever-evolving world of technology, with its rapid advancements in artificial intelligence, biotechnology, and space exploration, also holds a powerful allure.I am driven to understand the principles behind these innovations, their potential to address global challenges, and the ethical implications that accompany them. How can we harness the power of artificial intelligence for the betterment of society while mitigating potential risks? What are the ethical considerations surrounding genetic engineering and its impact on future generations? How can space exploration contribute to scientific advancements and inspire future generations? Exploring these frontiers of technology is essential for shaping a future where innovation serves humanity and the planet. Finally, I yearn to understand the very essence of creativity and its power to inspire, challenge, and transform. From the evocative brushstrokes of a painter to the soaring melodiesof a composer, creativity speaks a universal language that transcends cultural boundaries. What are the cognitive processes that underpin artistic expression? How does creativity foster innovation and problem-solving across disciplines? How can we nurture and cultivate our own creative potential to contribute to the world in meaningful ways? Understanding the nature of creativity is key to unlockingour own potential and enriching the human experience. In conclusion, the pursuit of knowledge is a lifelong journey, an insatiable thirst for understanding that fuels my curiosity and motivates my exploration. From the inner workings of the human mind to the vast expanses of the cosmos, from the intricate web of life on Earth to the enduring legacies of human history, from the frontiers of technology to the power of creative expression - these are the areas I yearn to understand with greater depth and clarity. This quest for knowledge is not merely an academic pursuit but a fundamental aspect of what makes us human - the desire to learn, grow, and contribute to the betterment of ourselves and the world around us.。

写作业在书桌上练芭蕾英语Certainly! Here's a content generation for the title "Doing Homework at the Desk and Practicing Ballet in English":Balancing Academics and Ballet: A Student's RoutineAs the sun sets, the room fills with a soft, warm glow, casting long shadows across the polished wooden desk. A stack of textbooks and notebooks are neatly arranged, awaiting the evening's study session. This is the desk where academic pursuits are met with artistic expression, a place where the mind and body find harmony.Setting Up the Study SpaceFirst, the desk is cleared of any distractions. The laptop is opened to the necessary online resources, and a planner is laid out to map out the evening's tasks. The desk lamp is adjusted to provide just the right amount of light, creating a focused atmosphere conducive to learning.The Homework RitualThe homework begins with a review of the day's lessons. Notes are revisited, and key concepts are highlighted. As the mind absorbs information, the fingers tap lightly on the desk,keeping time with an internal rhythm. This rhythm is a subtle reminder of the ballet practice that will follow.Transitioning to Ballet PracticeOnce the homework is complete, the desk is transformed. A small, portable ballet barre is set up, and a yoga mat is unrolled. The room is now a studio, and the student is readyto dance.Ballet Vocabulary in English"Plié", "Tendu", "Relevé", "Pas de Bourrée" - these arejust a few of the French terms that are fundamental to ballet. However, practicing ballet in English also means learning the equivalent terms in the language of study. This not only enhances the ballet practice but also reinforces the language skills.Combining Discipline and CreativityThe practice begins with basic exercises, each movement executed with precision. The student's focus is sharp, justas it was during the homework session. The disciplinerequired for academic success is mirrored in the dedicationto ballet.Reflection and IntegrationAs the ballet practice concludes, the student takes a momentto reflect on the evening's achievements. The physicalexertion of ballet complements the mental effort of homework, creating a balanced and productive routine.Closing the SessionFinally, the desk is returned to its original state, the ballet equipment is stored away, and the student prepares for the next day's challenges. The desk and the ballet practice area coexist, a testament to the student's ability to balance different aspects of life.This content illustrates a student's evening routine that integrates academic work with ballet practice, highlighting the importance of discipline, creativity, and the use of English in both contexts.。

专利名称：Session key exchange key发明人：Scott A Konersmann,Patrick J Helland申请号：US10824161申请日：20040414公开号：US07376972B2公开日：20080520专利内容由知识产权出版社提供专利附图：摘要：A system and method for employing a key exchange key to facilitate secure communication is provided. The key exchange key can be employed, for example, to encrypt and/or decrypt dialog session key(s) that are used to encrypt and/or decrypt message(s) that form a dialog between an initiator system and target system. In oneexample, a key exchange key is unique to a service pair, while a dialog session key is unique to a particular dialog between the service pair. The system can facilitate end-to-end encryption of message data in a dialog—the message data is encrypted at one dialog endpoint and not decrypted until it reaches the other dialog endpoint. The system can be employed to facilitate secure dialog with minimal performance overhead when compared with conventional system(s). Optionally, the system can facilitate load balancing (e.g., among deployed instances of a service). In this example, secured dialogs to a service can be location transparent so that a dialog targeted to a service can be able to talk to any instance of the same service transparently without any additional security setup. The system employs both public key/private key asymmetric encryption technique(s) and symmetric encryption technique(s) to authenticate and secure information exchanged between an initiator system and a target system.申请人：Scott A Konersmann,Patrick J Helland地址：Sammamish WA US,Bellevue WA US国籍：US,US代理机构：Amin, Turocy & Calvin, LLP更多信息请下载全文后查看。

中国井矿盐CHINA WELL AND ROCK SALT加掌大萨斯克彻温盆池钾盐fi n r 床池质特征及勘查路径李海庆(江苏长江地质勘查院，江苏南京221〇47)摘要:加拿大萨斯克彻温盆地是世界上最大的固体钟盐成矿带，该盆地钟盐矿矿体虽较为稳定、连续，但几乎所有的勘查区都或多或少仍存在“凹陷”、“隆起”等破坏性构造，这对前期勘查投入及后期开发都将产生较大的风险。

总 结该钾盐盆地矿床地质特征，并提出物探先行、钻孔验证，逐步加密、循序渐进的综合勘查路径。

关键词：萨斯克彻温盆地;钾盐矿;矿床特征；凹陷；隆起;勘查路径中图分类号:TS32 文献标识码:A 文章编号：1001-0335(2018)03-0014-04Deposit Geological Characteristics and Prospecting Paths of the Potassium SaltMine in the Saskatchewan Basin in CanadaLi Haiqing(Jiangsu Changjiang Geological Survey Institute, N anjing,Jiangsu, 22104^Abstract: The Saskatchewan Basin in Canada is the world 5s largest solid potassium mineralization belt. Although the ore bodyof potash in this basin is relatively stable and continuous, almost all the exploration areas still have some destructive structures, such as "sag" and "uprise", which will have great risk to the early exploration investment and later development. This paper summarizes the geological characteristics of the deposit in the potassium salt basin, and puts forward the comprehensive exploration path of geophysical prospecting, drilling verification, gradual encryption and gradual progress.Key words: Saskatchewan Basin, potassium salt mine, deposit characteristics, sag, uprise, prospecting path第49卷 Vol.49i 概论萨斯克彻温（Saskatchew an )盆地，是世界最大 的钾盐矿成矿带和全球最大的固体钾盐矿床集中 区，储量占世界总量的53%，每年的钾盐矿出口量 和产量都占据世界钾矿出产量的1/3以上。

一、概述密码学中的密钥生成是一个重要的技术问题，而基于身份的密码学中的可证安全密钥生成算法中，BLE会话密钥生成方法是其中的一个重要的环节。

本文将介绍BLE会话密钥生成方法及其实现原理。

二、BLE会话密钥生成方法的定义1. BLE是指蓝牙低能耗技术，它是一种短距离无线通信技术，对于BLE通信中的会话密钥生成，其目的是为了确保通信的安全性。

2. BLE会话密钥生成方法是指在BLE通信中，通过特定的算法生成用于加密和解密的会话密钥，从而保障通信的安全和隐私性。

三、BLE会话密钥生成方法的实现原理1. 连接参数交换: 在BLE通信开始时，中央设备和外围设备会进行连接参数交换，其中包含了用于加密通信的会话密钥的生成所需的一些参数。

2. 随机数生成: 中央设备和外围设备各自生成一个随机数，并将其作为输入，用于后续的密钥生成计算。

3. ECDH密钥协商算法: 中央设备和外围设备利用椭圆曲线Diffie-Hellman（ECDH）密钥协商算法，基于各自的私钥和对方的公钥生成共享的会话密钥。

4. 会话密钥确认: 中央设备和外围设备通过一系列验证步骤，确认生成的会话密钥的正确性和安全性。

5. 会话密钥更新: 在BLE通信过程中，会话密钥可能需要定期更新，以确保通信的安全性和可靠性。

四、BLE会话密钥生成方法的安全性分析1. 随机性: 会话密钥生成过程中的随机数生成是基于真随机数或伪随机数算法的，从而保证了会话密钥的随机性和不可预测性。

2. 计算复杂性: 利用ECDH密钥协商算法生成会话密钥涉及到椭圆曲线运算，计算复杂度很高，使得攻击者难以通过穷举搜索或其他计算方法来破解会话密钥。

3. 安全性验证: 会话密钥生成方法中包含了多轮的验证步骤，用于确认会话密钥的正确性和安全性，从而保证了通信的安全性和可靠性。

五、BLE会话密钥生成方法的实际应用1. 低功耗、安全的通信: BLE会话密钥生成方法被广泛应用于蓝牙低能耗设备之间的通信中，保障了通信的安全性和隐私性。

博科资讯软件系统总架构师解读Yigo“零代码”的银弹效应银弹在现实生活中是指能够解决棘手项目或者一件不可能的事情的方法或者技术手段。

Yigo语言的“零代码”似乎让世人在信息化的无休止二次开发中抬起头来，从怀疑到认可，从认可到忠诚，从忠诚到喜悦的一系列感情变化。

有人对“无码开发”持怀疑态度，有人持批判态度，有人将信将疑，又有人在了解之后成为Yigo的忠实粉丝。

博科资讯系统总架构师蒋正华对此技术进行了解读。

处死IT难题“人狼”IBM大型电脑之父佛瑞德&#8226;布鲁克斯（Fred Brooks）在1986年撰写了著名的论文《没有银弹》，文中指出，“没有任何一种单纯的技术或管理上的进展，能够独立地承诺十年内使生产率、可靠性或简洁性获得数量级上的进步”。

对软件项目而言，“常常看似简单明了的东西，却有可能变成一个落后进度、超出预算、存在大量缺陷的怪物”。

这个怪物被形容为人狼——它可以完全出乎意料地从熟悉的面孔变成可怕的怪物，而且刀枪不入，唯有银弹可以将其杀死。

但银弹在何处？软件世界遭遇的却更多是由二次开发带来的不确定性、风险以及失败的惨痛教训，可以说，软件二次开发已经成为企业和软件厂商的大敌。

据业内人士分析，为了应对客户提出的越来越多的二次开发的请求，国内软件厂商不得不进行相关人才的规模扩张，一方面甘于只做代码编写任务的基础性人才日渐减少，另一方面，人员的膨胀又带来了成本剧增与利润下降，越来越呈尾大不掉之势。

要摆脱二次开发的代码陷阱，以“零代码”为典型特征的无码开发技术被视为立竿见影的途径，但在该领域成功者寥寥。

实际上，当博科资讯宣布YiGo语言可以实现“零代码”开发的时候，也同样伴随着非常多的质疑，不少人不相信该难题会被一家中国软件企业完全解决。

从怀疑到叹服“用户在初次接触到Yigo语言的时候，头摇的像拨浪鼓，无码开发不可能实现，但是，当我们的技术人员当众通过Yigo语言的拖拽而形成一个业务流程的时候，客户便说：‘你们的确做到了’。

无密钥泄露的变色龙hash函数及其应用的开题报告一、选题背景哈希函数是密码学中重要的一类函数，它可以将任意长度的消息转换为固定长度的哈希值。

哈希函数广泛应用于数字签名、消息认证、密码学散列等领域。

在实际应用中，常常要求哈希函数具有抗碰撞、不可逆、无密钥泄露等安全性质。

目前，广泛使用的哈希函数包括MD5、SHA-1、SHA-2等。

然而，近年来，这些哈希函数的安全性受到了严重的挑战。

例如，在2017年，Google团队报道了SHA-1被破解的情况。

因此，设计新的安全的哈希函数是一个重要的研究方向。

变色龙哈希函数是一种新型的哈希函数，它的安全性有望超过目前广泛使用的哈希函数。

与传统的哈希函数不同，变色龙哈希函数采用了一种新的思路，通过采用多个哈希函数并在运行时动态切换不同的哈希函数来提高安全性。

此外，变色龙哈希函数还具有无密钥泄露的优点，在某些场景下有着较好的应用前景。

二、研究意义和目的当前广泛使用的哈希函数安全性遭到了严重的挑战，设计新的哈希函数已成为密码学领域的一个热点研究。

因此，研究变色龙哈希函数及其应用具有重要的理论和实践意义。

本研究将研究变色龙哈希函数及其在密码学领域中的应用。

具体而言，本研究将实现变色龙哈希函数，并分析其安全性。

此外，本研究还将探索无密钥泄露的变色龙哈希函数应用于一些具体场景下的效果，并比较与传统哈希函数在同等场景下的表现。

三、研究内容和方法本研究的主要内容包括以下三个方面：1. 变色龙哈希函数的设计及实现本研究将设计并实现基于变色龙思想的哈希函数。

具体来说，我们将综合多个哈希函数，并在运行时动态切换不同的哈希函数来提高安全性。

此外，为了降低攻击者猜测哈希函数序列的难度，我们还将采用“随机撒盐”技术来增强哈希函数的安全性。

2. 安全性分析及实验验证本研究将对设计的变色龙哈希函数进行安全性分析。

具体而言，我们将对其进行抗碰撞性、前向安全性、后向安全性等安全性质论证。

此外，我们将在多重环境下进行实验验证，比较变色龙哈希函数与传统哈希函数的表现，以验证其实用价值。