SUPA: Strewn user-preserved authentication**

Objective – This paper presents the high level conceptual architecture of SUPA, an authentication system that would allow a system to authenticate users without having its own repository of users’ secret identification related data. Methodology/Technique – Central storage and management of user credentials or passwords leave a single tempting repository for the attackers. If the credentials are not stored by a system at all, there will be no stored ‘vault’ to allure the attackers. At the same time, there will be no single resource that holds the credentials of all users of a system. SUPA enables a system to authenticate itself users without having their secret credentials stored in it. Findings – The proposed authentication system uses the features of asymmetric encryption as part of its authentication process. Novelty – SUPA eliminates the requirement of secret user credentials at the system end, the user credentials are retained within the end-user’s devices

SUPA: Strewn User-Preserved Authentication

Central storage and management of user credentials or passwords leaves a single tempting repository for the attackers. If the credentials are not stored by a system at all, there will be no stored ‘vault’ to allure the attackers. At the same time, there will be no single resource that holds the credentials of all users of a system. This paper presents the high level conceptual architecture of SUPA, an authentication system that would allow a system to authenticate users without having its own repository of users’ credentials. SUPA enables a system to authenticate its users without having their credentials stored in it. The proposed authentication system uses the features of asymmetric encryption as part of its authentication process

Delegated Time-Lock Puzzle

Time-Lock Puzzles (TLPs) are cryptographic protocols that enable a client to lock a message in such a way that a server can only unlock it after a specific time period. However, existing TLPs have certain limitations: (i) they assume that both the client and server always possess sufficient computational resources and (ii) they solely focus on the lower time bound for finding a solution, disregarding the upper bound that guarantees a regular server can find a solution within a certain time frame. Additionally, existing TLPs designed to handle multiple puzzles either (a) entail high verification costs or (b) lack generality, requiring identical time intervals between consecutive solutions. To address these limitations, this paper introduces, for the first time, the concept of a "Delegated Time-Lock Puzzle" and presents a protocol called "Efficient Delegated Time-Lock Puzzle" (ED-TLP) that realises this concept. ED-TLP allows the client and server to delegate their resource-demanding tasks to third-party helpers. It facilitates real-time verification of solution correctness and efficiently handles multiple puzzles with varying time intervals. ED-TLP ensures the delivery of solutions within predefined time limits by incorporating both an upper bound and a fair payment algorithm. We have implemented ED-TLP and conducted a comprehensive analysis of its overheads, demonstrating the efficiency of the construction

Cryptographic Key Management in Delay Tolerant Networks (DTNs): A survey

Since their appearance at the dawn of the second millennium, Delay or Disruption Tolerant Networks (DTNs) have gradually evolved, spurring the development of a variety of methods and protocols for making them more secure and resilient. In this context, perhaps, the most challenging problem to deal with is that of cryptographic key management. To the best of our knowledge, the work at hand is the first to survey the relevant literature and classify the various so far proposed key management approaches in such a restricted and harsh environment. Towards this goal, we have grouped the surveyed key management methods into three major categories depending on whether the particular method copes with a) security initialization, b) key establishment, and c) key revocation. We have attempted to provide a concise but fairly complete evaluation of the proposed up-to-date methods in a generalized way with the aim of offering a central reference point for future research

Cryptography for Bitcoin and friends

Numerous cryptographic extensions to Bitcoin have been proposed since Satoshi Nakamoto introduced the revolutionary design in 2008. However, only few proposals have been adopted in Bitcoin and other prevalent cryptocurrencies, whose resistance to fundamental changes has proven to grow with their success. In this dissertation, we introduce four cryptographic techniques that advance the functionality and privacy provided by Bitcoin and similar cryptocurrencies without requiring fundamental changes in their design: First, we realize smart contracts that disincentivize parties in distributed systems from making contradicting statements by penalizing such behavior by the loss of funds in a cryptocurrency. Second, we propose CoinShuffle++, a coin mixing protocol which improves the anonymity of cryptocurrency users by combining their transactions and thereby making it harder for observers to trace those transactions. The core of CoinShuffle++ is DiceMix, a novel and efficient protocol for broadcasting messages anonymously without the help of any trusted third-party anonymity proxies and in the presence of malicious participants. Third, we combine coin mixing with the existing idea to hide payment values in homomorphic commitments to obtain the ValueShuffle protocol, which enables us to overcome major obstacles to the practical deployment of coin mixing protocols. Fourth, we show how to prepare the aforementioned homomorphic commitments for a safe transition to post-quantum cryptography.Seit seiner revolutionären Erfindung durch Satoshi Nakamoto im Jahr 2008 wurden zahlreiche kryptographische Erweiterungen für Bitcoin vorgeschlagen. Gleichwohl wurden nur wenige Vorschläge in Bitcoin und andere weit verbreitete Kryptowährungen integriert, deren Resistenz gegen tiefgreifende Veränderungen augenscheinlich mit ihrer Verbreitung wächst. In dieser Dissertation schlagen wir vier kryptographische Verfahren vor, die die Funktionalität und die Datenschutzeigenschaften von Bitcoin und ähnlichen Kryptowährungen verbessern ohne deren Funktionsweise tiefgreifend verändern zu müssen. Erstens realisieren wir Smart Contracts, die es erlauben widersprüchliche Aussagen einer Vertragspartei mit dem Verlust von Kryptogeld zu bestrafen. Zweitens schlagen wir CoinShuffle++ vor, ein Mix-Protokoll, das die Anonymität von Benutzern verbessert, indem es ihre Transaktionen kombiniert und so deren Rückverfolgung erschwert. Sein Herzstück ist DiceMix, ein neues und effizientes Protokoll zur anonymen Veröffentlichung von Nachrichten ohne vertrauenswürdige Dritte und in der Präsenz von bösartigen Teilnehmern. Drittens kombinieren wir dieses Protokoll mit der existierenden Idee, Geldbeträge in Commitments zu verbergen, und erhalten so das ValueShuffle-Protokoll, das uns ermöglicht, große Hindernisse für den praktischen Einsatz von Mix-Protokollen zu überwinden. Viertens zeigen wir, wie die dabei benutzten Commitments für einen sicheren Übergang zu Post-Quanten-Kryptographie vorbereitet werden können