Post-quantum cryptography

Cryptography is essential for the security of online communication, cars and implanted medical devices. However, many commonly used cryptosystems will be completely broken once large quantum computers exist. Post-quantum cryptography is cryptography under the assumption that the attacker has a large quantum computer; post-quantum cryptosystems strive to remain secure even in this scenario. This relatively young research area has seen some successes in identifying mathematical operations for which quantum algorithms offer little advantage in speed, and then building cryptographic systems around those. The central challenge in post-quantum cryptography is to meet demands for cryptographic usability and flexibility without sacrificing confidence.</p

Fiat-Shamir for highly sound protocols is instantiable

The Fiat–Shamir (FS) transformation (Fiat and Shamir, Crypto '86) is a popular paradigm for constructing very efficient non-interactive zero-knowledge (NIZK) arguments and signature schemes from a hash function and any three-move interactive protocol satisfying certain properties. Despite its wide-spread applicability both in theory and in practice, the known positive results for proving security of the FS paradigm are in the random oracle model only, i.e., they assume that the hash function is modeled as an external random function accessible to all parties. On the other hand, a sequence of negative results shows that for certain classes of interactive protocols, the FS transform cannot be instantiated in the standard model. We initiate the study of complementary positive results, namely, studying classes of interactive protocols where the FS transform does have standard-model instantiations. In particular, we show that for a class of “highly sound” protocols that we define, instantiating the FS transform via a q-wise independent hash function yields NIZK arguments and secure signature schemes. In the case of NIZK, we obtain a weaker “q-bounded” zero-knowledge flavor where the simulator works for all adversaries asking an a-priori bounded number of queries q; in the case of signatures, we obtain the weaker notion of random-message unforgeability against q-bounded random message attacks. Our main idea is that when the protocol is highly sound, then instead of using random-oracle programming, one can use complexity leveraging. The question is whether such highly sound protocols exist and if so, which protocols lie in this class. We answer this question in the affirmative in the common reference string (CRS) model and under strong assumptions. Namely, assuming indistinguishability obfuscation and puncturable pseudorandom functions we construct a compiler that transforms any 3-move interactive protocol with instance-independent commitments and simulators (a property satisfied by the Lapidot–Shamir protocol, Crypto '90) into a compiled protocol in the CRS model that is highly sound. We also present a second compiler, in order to be able to start from a larger class of protocols, which only requires instance-independent commitments (a property for example satisfied by the classical protocol for quadratic residuosity due to Blum, Crypto '81). For the second compiler we require dual-mode commitments. We hope that our work inspires more research on classes of (efficient) 3-move protocols where Fiat–Shamir is (efficiently) instantiable

A New PVSS Scheme with a Simple Encryption Function

A Publicly Verifiable Secret Sharing (PVSS) scheme allows anyone to verify the validity of the shares computed and distributed by a dealer. The idea of PVSS was introduced by Stadler in [18] where he presented a PVSS scheme based on Discrete Logarithm. Later, several PVSS schemes were proposed. In [2], Behnad and Eghlidos present an interesting PVSS scheme with explicit membership and disputation processes. In this paper, we present a new PVSS having the advantage of being simpler while offering the same features.Comment: In Proceedings SCSS 2012, arXiv:1307.8029. This PVSS scheme was proposed to be used to provide a distributed Timestamping schem

SoK: Privacy-Preserving Signatures

Modern security systems depend fundamentally on the ability of users to authenticate their communications to other parties in a network. Unfortunately, cryptographic authentication can substantially undermine the privacy of users. One possible solution to this problem is to use privacy-preserving cryptographic authentication. These protocols allow users to authenticate their communications without revealing their identity to the verifier. In the non-interactive setting, the most common protocols include blind, ring, and group signatures, each of which has been the subject of enormous research in the security and cryptography literature. These primitives are now being deployed at scale in major applications, including Intel\u27s SGX software attestation framework. The depth of the research literature and the prospect of large-scale deployment motivate us to systematize our understanding of the research in this area. This work provides an overview of these techniques, focusing on applications and efficiency

BADGER - Blockchain Auditable Distributed (RSA) key GEneRation

Migration of security applications to the cloud poses unique challenges in key management and protection: asymmetric keys which would previously have resided in tamper-resistant, on-premise Hardware Security Modules (HSM) now must either continue to reside in non-cloud HSMs (with attendant communication and integration issues) or must be removed from HSMs and exposed to cloud-based threats beyond an organization\u27s control, e.g. accidental loss, warranted seizure, theft etc. Threshold schemes offer a halfway house between traditional HSM-based key protection and native cloud-based usage. Threshold signature schemes allow a set of actors to share a common public key, generate fragments of the private key and to collaboratively sign messages, such that as long as a sufficient quorum of actors sign a message, the partial signatures can be combined into a valid signature. However, threshold schemes, while being a mature idea, suffer from large protocol transcripts and complex communication-based requirements. This consequently makes it a more difficult task for a user to verify that a public key is, in fact, a genuine product of the protocol and that the protocol has been executed validly. In this work, we propose a solution to these auditability and verication problems, reporting on a prototype cloud-based implementation of a threshold RSA key generation and signing system tightly integrated with modern distributed ledger and consensus techniques

Efficient Statistical Zero-Knowledge Authentication Protocols for Smart Cards Secure Against Active & Concurrent Attacks

We construct statistical zero-knowledge authentication protocols for smart cards based on general assumptions. The main protocol is only secure against active attacks, but we present a modification based on trapdoor commitments that can resist concurrent attacks as well. Both protocols are instantiated using lattice-based primitives, which are conjectured to be secure against quantum attacks. We illustrate the practicality of our main protocol on smart cards in terms of storage, computation, communication, and round complexities. Furthermore, we compare it to other lattice-based authentication protocols, which are either zero-knowledge or have a similar structure. The comparison shows that our protocol improves the best previous protocol

Distributed Cryptographic Protocols

[ES] La confianza es la base de las sociedades modernas. Sin embargo, las relaciones basadas en confianza son difíciles de establecer y pueden ser explotadas fácilmente con resultados devastadores. En esta tesis exploramos el uso de protocolos criptográficos distribuidos para construir sistemas confiables donde la confianza se vea reemplazada por garantías matemáticas y criptográficas. En estos nuevos sistemas dinámicos, incluso si una de las partes se comporta de manera deshonesta, la integridad y resiliencia del sistema están garantizadas, ya que existen mecanismos para superar este tipo de situaciones. Por lo tanto, hay una transición de sistemas basados en la confianza, a esquemas donde esta misma confianza es descentralizada entre un conjunto de individuos o entidades. Cada miembro de este conjunto puede ser auditado, y la verificación universal asegura que todos los usuarios puedan calcular el estado final en cada uno de estos métodos, sin comprometer la privacidad individual de los usuarios. La mayoría de los problemas de colaboración a los que nos enfrentamos como sociedad, pueden reducirse a dos grandes dilemas: el votar una propuesta, o un representante político, ó identificarnos a nosotros mismos como miembros de un colectivo con derecho de acceso a un recurso o servicio. Por ello, esta tesis doctoral se centra en los protocolos criptográficos distribuidos aplicados al voto electrónico y la identificación anónima. Hemos desarrollado tres protocolos para el voto electrónico que complementan y mejoran a los métodos más tradicionales, y además protegen la privacidad de los votantes al mismo tiempo que aseguran la integridad del proceso de voto. En estos sistemas, hemos empleado diferentes mecanismos criptográficos que proveen, bajo diferentes asunciones, de las propiedades de seguridad que todo sistema de voto debe tener. Algunos de estos sistemas son seguros incluso en escenarios pos-cuánticos. También hemos calculado minuciosamente la complejidad temporal de los métodos para demostrar que son eficientes y factibles de ser implementados. Además, hemos implementado algunos de estos sistemas, o partes de ellos, y llevado a cabo una detallada experimentación para demostrar el potencial de nuestras contribuciones. Finalmente, estudiamos en detalle el problema de la identificación y proponemos tres métodos no interactivos y distribuidos que permiten el registro y acceso anónimo. Estos protocolos son especialmente ligeros y agnósticos en su implementación, lo que permite que puedan ser integrados con múltiples propósitos. Hemos formalizado y demostrado la seguridad de nuestros protocolos de identificación, y hemos realizado una implementación completa de ellos para, una vez más, demostrar la factibilidad y eficiencia de las soluciones propuestas. Bajo este marco teórico de identificación, somos capaces de asegurar el recurso custodiado, sin que ello suponga una violación para el anonimato de los usuarios.[CA] La confiança és la base de les societats modernes. No obstant això, les relacions basades en confiança són difícils d’establir i poden ser explotades fàcilment amb resultats devastadors. En aquesta tesi explorem l’ús de protocols criptogràfics distribuïts per a construir sistemes de confiança on la confiança es veja reemplaçada per garanties matemàtiques i criptogràfiques. En aquests nous sistemes dinàmics, fins i tot si una de les parts es comporta de manera deshonesta, la integritat i resiliència del sistema estan garantides, ja que existeixen mecanismes per a superar aquest tipus de situacions. Per tant, hi ha una transició de sistemes basats en la confiança, a esquemes on aquesta acarona confiança és descentralitzada entre un conjunt d’individus o entitats. Cada membre d’aquest conjunt pot ser auditat, i la verificació universal assegura que tots els usuaris puguen calcular l’estat final en cadascun d’aquests mètodes, sense comprometre la privacitat individual dels usuaris. La majoria dels problemes de colůlaboració als quals ens enfrontem com a societat, poden reduir-se a dos grans dilemes: el votar una proposta, o un representant polític, o identificar-nos a nosaltres mateixos com a membres d’un colůlectiu amb dret d’accés a un recurs o servei. Per això, aquesta tesi doctoral se centra en els protocols criptogràfics distribuïts aplicats al vot electrònic i la identificació anònima. Hem desenvolupat tres protocols per al vot electrònic que complementen i milloren als mètodes més tradicionals, i a més protegeixen la privacitat dels votants al mateix temps que asseguren la integritat del procés de vot. En aquests sistemes, hem emprat diferents mecanismes criptogràfics que proveeixen, baix diferents assumpcions, de les propietats de seguretat que tot sistema de vot ha de tindre. Alguns d’aquests sistemes són segurs fins i tot en escenaris post-quàntics. També hem calculat minuciosament la complexitat temporal dels mètodes per a demostrar que són eficients i factibles de ser implementats. A més, hem implementats alguns d’aquests sistemes, o parts d’ells, i dut a terme una detallada experimentació per a demostrar la potencial de les nostres contribucions. Finalment, estudiem detalladament el problema de la identificació i proposem tres mètodes no interactius i distribuïts que permeten el registre i accés anònim. Aquests protocols són especialment lleugers i agnòstics en la seua implementació, la qual cosa permet que puguen ser integrats amb múltiples propòsits. Hem formalitzat i demostrat la seguretat dels nostres protocols d’identificació, i hem realitzat una implementació completa d’ells per a, una vegada més, demostrar la factibilitat i eficiència de les solucions proposades. Sota aquest marc teòric d’identificació, som capaces d’assegurar el recurs custodiat, sense que això supose una violació per a l’anonimat dels usuaris.[EN] Trust is the base of modern societies. However, trust is difficult to achieve and can be exploited easily with devastating results. In this thesis, we explore the use of distributed cryptographic protocols to build reliable systems where trust can be replaced by cryptographic and mathematical guarantees. In these adaptive systems, even if one involved party acts dishonestly, the integrity and robustness of the system can be ensured as there exist mechanisms to overcome these scenarios. Therefore, there is a transition from systems based in trust, to schemes where trust is distributed between decentralized parties. Individual parties can be audited, and universal verifiability ensures that any user can compute the final state of these methods, without compromising individual users’ privacy. Most collaboration problems we face as societies can be reduced to two main dilemmas: voting on a proposal or electing political representatives, or identifying ourselves as valid members of a collective to access a service or resource. Hence, this doctoral thesis focuses on distributed cryptographic protocols for electronic voting and anonymous identification. We have developed three electronic voting schemes that enhance traditional methods, and protect the privacy of electors while ensuring the integrity of the whole election. In these systems, we have employed different cryptographic mechanisms, that fulfill all the desired security properties of an electronic voting scheme, under different assumptions. Some of them are secure even in post-quantum scenarios. We have provided a detailed time-complexity analysis to prove that our proposed methods are efficient and feasible to implement. We also implemented some voting protocols, or parts of them, and carried out meticulous experimentation to show the potential of our contributions. Finally, we study in detail the identification problem and propose three distributed and non-interactive methods for anonymous registration and access. These three protocols are especially lightweight and application agnostic, making them feasible to be integrated with many purposes. We formally analyze and demonstrate the security of our identification protocols, and provide a complete implementation of them to once again show the feasibility and effectiveness of the developed solutions. Using this identification framework, we can ensure the security of the guarded resource, while also preserving the anonymity of the users.Larriba Flor, AM. (2023). Distributed Cryptographic Protocols [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19810

A Discrete Particle Swarm Optimizer for the Design of Cryptographic Boolean Functions

A Particle Swarm Optimizer for the search of balanced Boolean functions with good cryptographic properties is proposed in this paper. The algorithm is a modified version of the permutation PSO by Hu, Eberhart and Shi which preserves the Hamming weight of the particles positions, coupled with the Hill Climbing method devised by Millan, Clark and Dawson to improve the nonlinearity and deviation from correlation immunity of Boolean functions. The parameters for the PSO velocity equation are tuned by means of two meta-optimization techniques, namely Local Unimodal Sampling (LUS) and Continuous Genetic Algorithms (CGA), finding that CGA produces better results. Using the CGA-evolved parameters, the PSO algorithm is then run on the spaces of Boolean functions from $n=7$ to $n=12$ variables. The results of the experiments are reported, observing that this new PSO algorithm generates Boolean functions featuring similar or better combinations of nonlinearity, correlation immunity and propagation criterion with respect to the ones obtained by other optimization methods

Input-shrinking functions: theory and application

In this thesis, we contribute to the emerging field of the Leakage-Resilient Cryptography by studying the problem of secure data storage on hardware that may leak information, introducing a new primitive, a leakage-resilient storage, and showing two different constructions of such storage scheme provably secure against a class of leakage functions that can depend only on some restricted part of the memory and against a class of computationally weak leakage functions, e.g. functions computable by small circuits, respectively. Our results come with instantiations and analysis of concrete parameters. Furthermore, as second contribution, we present our implementation in C programming language, using the cryptographic library of the OpenSSL project, of a two-party Authenticated Key Exchange (AKE) protocol, which allows a client and a server, who share a huge secret file, to securely compute a shared key, providing client-to-server authentication, also in the presence of active attackers. Following the work of Cash et al. (TCC 2007), we based our construction on a Weak Key Exchange (WKE) protocol, developed in the BRM, and a Password-based Authenticated Key Exchange (PAKE) protocol secure in the Universally Composable (UC) framework. The WKE protocol showed by Cash et al. uses an explicit construction of averaging sampler, which uses less random bits than the random choice but does not seem to be efficiently implementable in practice. In this thesis, we propose a WKE protocol similar but simpler than that one of Cash et al.: our protocol uses more randomness than the Cash et al.'s one, as it simply uses random choice instead of averaging sampler, but we are able to show an efficient implementation of it. Moreover, we formally adapt the security analysis of the WKE protocol of Cash et al. to our WKE protocol. To complete our AKE protocol, we implement the PAKE protocol showed secure in the UC framework by Abdalla et al. (CT-RSA 2008), which is more efficient than the Canetti et al.'s UC-PAKE protocol (EuroCrypt 2005) used in Cash et al.'s work. In our implementation of the WKE protocol, to achieve small constant communication complexity and amount of randomness, we rely on the Random Oracle (RO) model. However, we would like to note that in our implementation of the AKE protocol we need also a UC-PAKE protocol which already relies on RO, as it is impossible to achieve UC-PAKE in the standard model. In our work we focus not only on the theoretical aspects of the area, providing formal models and proofs, but also on the practical ones, analyzing instantiations, concrete parameters and implementation of the proposed solutions, to contribute to bridge the gap between theory and practice in this field