Digital Signature Security in Data Communication

Authenticity of access in very information are very important in the current era of Internet-based technology, there are many ways to secure information from irresponsible parties with various security attacks, some of technique can use for defend attack from irresponsible parties are using steganography, cryptography or also use digital signatures. Digital signatures could be one of solution where the authenticity of the message will be verified to prove that the received message is the original message without any change, Ong-Schnorr-Shamir is the algorithm are used in this research and the experiment are perform on the digital signature scheme and the hidden channel scheme.Comment: 6 pages, Paper presented at the International Conference on Education and Technology (ICEduTech2017), Novotel Hotel, Balikpapan, Indonesi

Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks

We present new algorithm-substitution attacks (ASAs) on symmetric encryption that improve over prior ones in two ways. First, while prior attacks only broke a sub-class of randomized schemes having a property called coin injectivity, our attacks break ALL randomized schemes. Second, while prior attacks are stateful, ours are stateless, achieving a notion of strong undetectability that we formalize. Together this shows that ASAs are an even more dangerous and powerful mass surveillance method than previously thought. Our work serves to increase awareness about what is possible with ASAs and to spur the search for deterrents and counter-measures

Subliminal channels in post-quantum digital signature schemes

We analyze the digital signatures schemes submitted to NIST\u27s Post-Quantum Cryptography Standardization Project in search for subliminal channels

Приховані канали передачі даних в ДСТУ 4145-2002

У даній ро6оті розглянуто, проаналiзовано i виконано порівняння існуючого протоколу створення загального відкритого ключа для підписання смарт-контрактів, який базується на схемі Шаміра. Також було розроблено та запропоновано протокол, який базується на Китайській теоремі про лишки та має додаткові властивості: 1) відкритий ключ учасники можуть відновити відразу; 2) якщо в ході виконання протоколу не більше ніж половина учасників починають обманювати, то в результаті роботи цього протоколу все одно будуть побудовані коректні параметри підпису; 3) Секретний ключ буде відомий лише тоді, коли не менше ніж половина учасників проголосують за відновлення. Мета роботи: побудувати протокол вироблення спільної пари відкритий/секретний ключ учасниками блокчейну, який може бути використаний для підписання смарт - контракту в умовах повної недовіри. Об’єкт дослідження: є процес зберігання та обробки інформації у бокчейні. Предмет дослідження: проткол створення параметрів цифрового підпису для підписання смарт-контрактів в умовах повної недовіри. Результати цієї роботи були частково представлені на XVII Науково-практичній конференції студентів, аспірантів та молодих вчених "Теоретичні і прикладні проблеми фізики, математики та інформатики"(26-27 квітня 2019р., м. Київ).In this work, the existing protocol for creating a general open key for signing smart contracts, which is based on the Shamir’s scheme, is analysed, analyzed and executed. A protocol based on the Chinese Leftist Theorem has also been developed and proposed, which has additional features: It is considered in this work, comparison of existent protocol of creation of the general open key is analysed and executed for signing of smart-contracts, that is based on the Shamir’s scheme. It was also worked out and offered protocol that is based on the Chinese remainder theorem and is additional characteristics : 1) public key members can resume immediately; 2) if in the course of execution of the protocol no more than half of the participants begin to deceive, then as a result of the operation of this protocol, the correct parameters of the signature will still be constructed; 3) the private key will be known only if at least half of the participants vote for the restoration . The goal of this thesis is build a protocol for the development of a creating venture public/ private key by the participants of the blockchain, which can be used to sign a smart contract in conditions of complete distrust. Object of research is the process of storing and processing information in the blockchain. The subject of the research a protocol for creating digital signature parameters for signing smart contracts in a state of complete distrust. The results of this thesis were partially presented at the XVII Scientific and Practical Conference of students, entrants and young specialists "Theoretical and Applied Problems of Physics, Mathematics and Informing"(April 26-27 2019, Kyiv).В данной работе рассмотрены, проанализированы и выполнено сравнение существующего протокола создание общего открытого ключа для подписания смарт-контрактов, основанныой на схеме Шамира. Также был разработан и предложен протокол, базирующийся на Китайской теореме о излишки и имеет дополнительные свойства: 1) открытый ключ участники могут восстановить сразу; 2) если в ходе выполнения протокола не более чем половина участников начинают обманывать, то в результате работы этого протокола все равно будут построены коректные параметры подписи; 3) Секретный ключ будет известен только тогда, когда не менее чем половина участников проголосуют за восстановление. Цель работы: построить протокол выработки общей пары открытый/секретный ключ участниками блокчейну, которая может быть использована для подписания смарт - контракта в условиях полной недоверия. Объект исследования: является процесс хранения и обработки информации в блокчейни. Предмет исследования: является создание параметров цифровой подписи для подписания смарт - контрактов в условиях полной недоверия. Результаты этой работы были частично представлены на XVII Научно-практичной конференции студентов, аспирантов и молодых ученых "Теоретические и прикладные проблемы физики, математики и информатики"(26-27 апреля 2019г., г. Киев)

Generic Semantic Security against a Kleptographic Adversary

Notable recent security incidents have generated intense interest in adversaries which attempt to subvert---perhaps covertly---crypto\-graphic algorithms. In this paper we develop (IND-CPA) Semantically Secure encryption in this challenging setting. This fundamental encryption primitive has been previously studied in the ``kleptographic setting,\u27\u27 though existing results must relax the model by introducing trusted components or otherwise constraining the subversion power of the adversary: designing a Public Key System that is kletographically semantically secure (with minimal trust) has remained elusive to date. In this work, we finally achieve such systems, even when all relevant cryptographic algorithms are subject to adversarial (kleptographic) subversion. To this end we exploit novel inter-component randomized cryptographic checking techniques (with an offline checking component), combined with common and simple software engineering modular programming techniques (applied to the system\u27s black box specification level). Moreover, our methodology yields a strong generic technique for the preservation of any semantically secure cryptosystem when incorporated into the strong kleptographic adversary setting

Cliptography: Clipping the Power of Kleptographic Attacks

Kleptography, introduced 20 years ago by Young and Yung [Crypto ’96], considers the (in)security of malicious implementations (or instantiations) of standard cryptographic prim- itives that embed a “backdoor” into the system. Remarkably, crippling subliminal attacks are possible even if the subverted cryptosystem produces output indistinguishable from a truly secure “reference implementation.” Bellare, Paterson, and Rogaway [Crypto ’14] recently initiated a formal study of such attacks on symmetric key encryption algorithms, demonstrating a kleptographic attack can be mounted in broad generality against randomized components of cryptographic systems. We enlarge the scope of current work on the problem by permitting adversarial subversion of (randomized) key generation; in particular, we initiate the study of cryptography in the complete subversion model, where all relevant cryptographic primitives are subject to kleptographic attacks. We construct secure one-way permutations and trapdoor one-way permutations in this “complete subversion” model, describing a general, rigorous immunization strategy to clip the power of kleptographic subversions. Our strategy can be viewed as a formal treatment of the folklore “nothing up my sleeve” wisdom in cryptographic practice. We also describe a related “split program” model that can directly inform practical deployment. We additionally apply our general immunization strategy to directly yield a backdoor-free PRG. This notably amplifies previous results of Dodis, Ganesh, Golovnev, Juels, and Ristenpart [Eurocrypt ’15], which require an honestly generated random key. We then examine two standard applications of (trapdoor) one-way permutations in this complete subversion model and construct “higher level” primitives via black-box reductions. We showcase a digital signature scheme that preserves existential unforgeability when all algorithms (including key generation, which was not considered to be under attack before) are subject to kleptographic attacks. Additionally, we demonstrate that the classic Blum– Micali pseudorandom generator (PRG), using an “immunized” one-way permutation, yields a backdoor-free PRG. Alongside development of these secure primitives, we set down a hierarchy of kleptographic attack models which we use to organize past results and our new contributions; this taxonomy may be valuable for future work

Key Exchange in the Post-Snowden Era: UC Secure Subversion-Resilient PAKE

Password-Authenticated Key Exchange (PAKE) allows two parties to establish a common high-entropy secret from a possibly low-entropy pre-shared secret such as a password. In this work, we provide the first PAKE protocol with subversion resilience in the framework of universal composability (UC), where the latter roughly means that UC security still holds even if one of the two parties is malicious and the honest party\u27s code has been subverted (in an undetectable manner). We achieve this result by sanitizing the PAKE protocol from oblivious transfer (OT) due to Canetti et al. (PKC\u2712) via cryptographic reverse firewalls in the UC framework (Chakraborty et al., EUROCRYPT\u2722). This requires new techniques, which help us uncover new cryptographic primitives with sanitation-friendly properties along the way (such as OT, dual-mode cryptosystems, and signature schemes). As an additional contribution, we delve deeper in the backbone of communication required in the subversion-resilient UC framework, extending it to the unauthenticated setting, in line with the work of Barak et al. (CRYPTO\u2705)

Subversion-Resilient Signatures: Definitions, Constructions and Applications

We provide a formal treatment of security of digital signatures against subversion attacks (SAs). Our model of subversion generalizes previous work in several directions, and is inspired by the proliferation of software attacks (e.g., malware and buffer overflow attacks), and by the recent revelations of Edward Snowden about intelligence agencies trying to surreptitiously sabotage cryptographic algorithms. The main security requirement we put forward demands that a signature scheme should remain unforgeable even in the presence of an attacker applying SAs (within a certain class of allowed attacks) in a fully-adaptive and continuous fashion. Previous notions---e.g., the notion of security against algorithm-substitution attacks introduced by Bellare et al. (CRYPTO \u2714) for symmetric encryption---were non-adaptive and non-continuous. In this vein, we show both positive and negative results for the goal of constructing subversion-resilient signature schemes. Negative results. As our main negative result, we show that a broad class of randomized signature schemes is unavoidably insecure against SAs, even if using just a single bit of randomness. This improves upon earlier work that was only able to attack schemes with larger randomness space. When designing our new attack we consider undetectability as an explicit adversarial goal, meaning that the end-users (even the ones knowing the signing key) should not be able to detect that the signature scheme was subverted. Positive results. We complement the above negative results by showing that signature schemes with unique signatures are subversion-resilient against all attacks that meet a basic undetectability requirement. A similar result was shown by Bellare et al. for symmetric encryption, who proved the necessity to rely on stateful schemes; in contrast unique signatures are stateless, and in fact they are among the fastest and most established digital signatures available. As our second positive result, we show how to construct subversion-resilient identification schemes from subversion-resilient signature schemes. We finally show that it is possible to devise signature schemes secure against arbitrary tampering with the computation, by making use of an un-tamperable cryptographic reverse firewall (Mironov and Stephens-Davidowitz, EUROCRYPT \u2715), i.e., an algorithm that sanitizes any signature given as input (using only public information). The firewall we design allows to successfully protect so-called re-randomizable signature schemes (which include unique signatures as special case). As an additional contribution, we extend our model to consider multiple users and show implications and separations among the various notions we introduced. While our study is mainly theoretical, due to its strong practical motivation, we believe that our results have important implications in practice and might influence the way digital signature schemes are selected or adopted in standards and protocols

Kleptografi -- Överblick samt ett nytt koncepttest

Kleptography is the study of stealing information securely and subliminally. A successful kleptographic attack is undetectable, and, therefore, kleptographic attacks are only useful against so called black-box implementations of cryptographic primitives and protocols. The dangers of black-box cryptography have been publicly known for almost two decades. However, black-box cryptography is still widespread. The recent revelations of the United States National Security Agency's efforts to sabotage cryptographic standards and products have showed that kleptographic attacks constitute a real threat, and that countermeasures are needed. In this thesis we study known kleptographic primitives, and examine how they can be used to compromise the security of well known secure communication protocols. We also take an in depth look at the Dual_EC_DRBG, which is a kleptographic pseudorandom number generator designed by the NSA. Finally, we present a new proof of concept -- a kleptographic pseudorandom number generator that can be used as a secure subliminal channel. The difference between our generator and the Dual_EC_DRBG is that the Dual_EC_DRBG leaks its own state while our generator can be used to leak any information. The strength of our generator is that it can be used to compromise the security of any protocol where random numbers are transmitted in plaintext. In addition, the use of our generator cannot be detected by the users of the protocol, except under very special circumstances. Compared to kleptographic attacks based on other kleptographic primitives, attacks based on our generator are usually inefficient. However, there are many protocols that cannot be compromised with the use of traditional kleptographic techniques. An example of a system that cannot be compromised with these techniques is the Universal Mobile Telecommunications System. With our generator it is, nevertheless, possible. We have showed that all the protocols we have examined are susceptible to kleptographic attacks. The only way to definitely stop kleptographic attacks is to ensure that all implementations of cryptographic products are open, i.e., implementations where the user can verify that the implementation conforms to the specifications. Therefore, we hope that this thesis will help to raise awareness about the dangers of black-box cryptography, and lead to an increased demand for open cryptographic solutions.Kleptografi är läran om hur man kan stjäla information på ett säkert och diskret sätt. Kännetecknet för en lyckad kleptografisk attack är att den kan utföras obemärkt. Därför kan kleptografiska attacker enbart utnyttjas till fullo emot implementationer av kryptografiska primitiv som kan anses vara svarta lådor. Riskerna med svartlådskryptografi har redan länge varit kända, men tyvärr är implementationer som kan anses utgöra svarta lådor ännu vanliga. Nyligen har det avslöjats att Amerikas förenta staters National Security Agency har lagt ner stora resurser på att sabotera kryptografiska standarder och produkter. Dessa avslöjanden visar att kleptografiska attacker utgör ett stort hot och att effektiva motåtgärder behövs. I detta diplomarbete studerar vi kända kleptografiska primitiv och undersöker hur dessa kan användas för att knäcka väl kända kryptografiska kommunikationsprotokoll. Vi undersöker även Dual_EC_DRBG som är en kleptografisk slumptalsgenerator designad av NSA. Till sist presenterar vi vår egen kleptografiska slumptalsgenerator som kan användas som en säker och gömd kommunikationskanal. Skillnaden mellan Dual_EC_DRBG och vår generator är den att Dual_EC_DRBG enbart läcker sitt interna tillstånd, medan vår generator kan användas för att läcka valfri information. Vår kleptografiska generators styrka är att den kan användas för att knäcka säkerheten av alla kommunikationsprotokoll som exponerar slumptal. Dessutom kan användningen av vår generator inte upptäckas av kommunikationsprotokollets användare, förutom under väldigt speciella omständigheter. I jämförelse med traditionella kleptografiska attacker är det ofta svårare och inte lika effektivt att uppnå samma mål med vår generator. Dock finns det flera kommunikationsprotokoll vars säkerhet inte går att knäcka med traditionella kleptografiska metoder. Ett exempel på ett sådant kommunikationsprotokoll är säkerhetsprotokollet i 3G nätverket. Med vår generator är det däremot enkelt att knäcka 3G nätverkets säkerhetsprotokoll. Vi har visat att alla kommunikationsprotokoll vi har studerat är mottagliga för kleptografiska attacker. Det enda sättet att definitivt gardera sig mot kleptografiska attacker är att använda kryptografiska produkter vars riktighet går att verifiera. På grund av detta hoppas vi att detta diplomarbete kan öka kännedomen om riskerna med svartlådskryptografi och som en ge upphov till en ökad efterfrågan av kryptografiska produkter vars riktighet går att verifiera