385 research outputs found
Automated Cryptographic Analysis of the Pedersen Commitment Scheme
Aiming for strong security assurance, recently there has been an increasing
interest in formal verification of cryptographic constructions. This paper
presents a mechanised formal verification of the popular Pedersen commitment
protocol, proving its security properties of correctness, perfect hiding, and
computational binding. To formally verify the protocol, we extended the theory
of EasyCrypt, a framework which allows for reasoning in the computational
model, to support the discrete logarithm and an abstraction of commitment
protocols. Commitments are building blocks of many cryptographic constructions,
for example, verifiable secret sharing, zero-knowledge proofs, and e-voting.
Our work paves the way for the verification of those more complex
constructions.Comment: 12 pages, conference MMM-ACNS 201
A formal analysis of the mimblewimble cryptocurrency protocol with a security approach
A cryptocurrency is a digital currency that can be exchanged online for goods and services. Cryptocurrencies are deployed over public blockchains which have the transactions duplicated and distributed across the nodes of a computer network. This decentralized mechanism is devised in order to achieve reliability in a network consisting of unreliable nodes. Privacy, anonymity and security have become crucial in this context. For that reason, formal and mathematical approaches are gaining popularity in order to guarantee the correctness of the cryptocurrency implementations. Mimblewimble is a privacy-oriented cryptocurrency technology which provides security and scalability properties that distinguish it from other protocols of its kind. It was proposed by an anonymous developer, who posted a link to a text file on the IRC channel by the name Tom Elvis Jedusor (french name for Voldemort) in mid-2016. Mimblewimbleâs cryptographic approach is based on Elliptic Curve Cryptography which allows to verify a transaction without revealing any information about the transactional amount or the parties involved. Mimblewimble combines Confidential transactions, CoinJoin and cut-through to achieve a higher level of privacy and security, as well as, scalability. In this thesis, we present and discuss these security properties and outline the basis of a model-driven verification approach to address the certification of the correctness of the protocol implementations. In particular, we propose an idealized model that is key in the described verification process.
The main components of our idealized model are transactions, blocks and chain. Then, we identify and precisely state the conditions for our model to ensure the verification of relevant security properties of Mimblewimble. In addition, we analyze the Grin and Beam implementations of Mimblewimble in their current state of development. We present detailed connections between our model and their implementations regarding the Mimblewimble structure and its security properties
Cryptographic Protocols for Privacy Enhancing Technologies: From Privacy Preserving Human Attestation to Internet Voting
Desire of privacy is oftentimes associated with the intention to hide certain
aspects of our thoughts or actions due to some illicit activity. This is a
narrow understanding of privacy, and a marginal fragment of the motivations
for undertaking an action with a desired level of privacy. The right for not
being subject to arbitrary interference of our privacy is part of the universal
declaration of human rights (Article 12) and, above that, a requisite for
our freedom. Developing as a person freely, which results in the development
of society, requires actions to be done without a watchful eye. While
the awareness of privacy in the context of modern technologies is not widely
spread, it is clearly understood, as can be seen in the context of elections,
that in order to make a free choice one needs to maintain its privacy. So
why demand privacy when electing our government, but not when selecting
our daily interests, books we read, sites we browse, or persons we encounter?
It is popular belief that the data that we expose of ourselves would not be
exploited if one is a law-abiding citizen. No further from the truth, as this
data is used daily for commercial purposes: usersâ data has value. To make
matters worse, data has also been used for political purposes without the
userâs consent or knowledge. However, the benefits that data can bring to
individuals seem endless and a solution of not using this data at all seems
extremist. Legislative efforts have tried, in the past years, to provide mechanisms
for users to decide what is done with their data and define a framework
where companies can use user data, but always under the consent of the latter.
However, these attempts take time to take track, and have unfortunately
not been very successful since their introduction.
In this thesis we explore the possibility of constructing cryptographic protocols
to provide a technical, rather than legislative, solution to the privacy
problem. In particular we focus on two aspects of society: browsing and
internet voting. These two events shape our lives in one way or another, and
require high levels of privacy to provide a safe environment for humans to
act upon them freely. However, these two problems have opposite solutions.
On the one hand, elections are a well established event in society that has
been around for millennia, and privacy and accountability are well rooted
requirements for such events. This might be the reason why its digitalisation
is something which is falling behind with respect to other acts of our society
(banking, shopping, reading, etc). On the other hand, browsing is a recently
introduced action, but that has quickly taken track given the amount of possibilities
that it opens with such ease. We now have access to whatever we
can imagine (except for voting) at the distance of a click. However, the data
that we generate while browsing is extremely sensitive, and most of it is disclosed to third parties under the claims of making the user experience better
(targeted recommendations, ads or bot-detection).
Chapter 1 motivates why resolving such a problem is necessary for the
progress of digital society. It then introduces the problem that this thesis
aims to resolve, together with the methodology. In Chapter 2 we introduce
some technical concepts used throughout the thesis. Similarly, we expose the
state-of-the-art and its limitations.
In Chapter 3 we focus on a mechanism to provide private browsing. In
particular, we focus on how we can provide a safer, and more private way, for
human attestation. Determining whether a user is a human or a bot is important
for the survival of an online world. However, the existing mechanisms
are either invasive or pose a burden to the user. We present a solution that
is based on a machine learning model to distinguish between humans and
bots that uses natural events of normal browsing (such as touch the screen
of a phone) to make its prediction. To ensure that no private data leaves
the userâs device, we evaluate such a model in the device rather than sending
the data over the wire. To provide insurance that the expected model has
been evaluated, the userâs device generates a cryptographic proof. However
this opens an important question. Can we achieve a high level of accuracy
without resulting in a noneffective battery consumption? We provide a positive
answer to this question in this work, and show that a privacy-preserving
solution can be achieved while maintaining the accuracy high and the userâs
performance overhead low.
In Chapter 4 we focus on the problem of internet voting. Internet voting
means voting remotely, and therefore in an uncontrolled environment.
This means that anyone can be voting under the supervision of a coercer,
which makes the main goal of the protocols presented to be that of coercionresistance.
We need to build a protocol that allows a voter to escape the
act of coercion. We present two proposals with the main goal of providing
a usable, and scalable coercion resistant protocol. They both have different
trade-offs. On the one hand we provide a coercion resistance mechanism
that results in linear filtering, but that provides a slightly weaker notion of
coercion-resistance. Secondly, we present a mechanism with a slightly higher
complexity (poly-logarithmic) but that instead provides a stronger notion of
coercion resistance. Both solutions are based on a same idea: allowing the
voter to cast several votes (such that only the last one is counted) in a way
that cannot be determined by a coercer.
Finally, in Chapter 5, we conclude the thesis, and expose how our results
push one step further the state-of-the-art. We concisely expose our contributions,
and describe clearly what are the next steps to follow. The results
presented in this work argue against the two main claims against privacy preserving solutions: either that privacy is not practical or that higher levels
of privacy result in lower levels of security.Programa de Doctorado en Ciencia y TecnologĂa InformĂĄtica por la Universidad Carlos III de MadridPresidente: AgustĂn MartĂn Muñoz.- Secretario: JosĂ© MarĂa de Fuentes GarcĂa-Romero de Tejada.- Vocal: Alberto Peinado DomĂngue
Efektiivsed mitteinteraktiivsed nullteadmusprotokollid referentssÔne mudelis
VĂ€itekirja elektrooniline versioon ei sisalda publikatsioone.Koos digitaalse ajastu vĂ”idukĂ€iguga on interneti vahendusel vĂ”imalik sooritada ĂŒha ulmelisemana nĂ€ivaid tegevusi.
TĂ€ielikule krĂŒpteeringule ehitatud mobiilsed rakendused, nagu nĂ€iteks WhatsApp, suudavad tagada, et kĂ”ne vĂ”i sĂ”num jĂ”uaksid ĂŒksnes Ă”ige adressaadini.
Enamik pangasĂŒsteeme garanteerivad TLS protokolli kasutades, et arvete maksmisel ja ĂŒlekannete tegemisel poleks nende andmeid kellelgi vĂ”imalik lugeda ega muuta.
MĂ”ned riigid pakuvad vĂ”imalust elektroonilisel teel hÀÀletada (nĂ€iteks Eesti) vĂ”i referendumeid lĂ€bi viia (nĂ€iteks Ć veits), tagades sealjuures traditsioonilise paberhÀÀletuse tasemel turvalisuse kriteeriumid.
KĂ”ik eelnevalt kirjeldatud tegevused vajavad kasutajate turvalisuse tagamiseks krĂŒptograafilist protokolli.
Tegelikkuses ei saa me kunagi eeldada, et kÔik protokolli osapooled jÀrgivad protokolli spetsifikatsiooni.
Reaalses elus peab protokolli turvalisuseks iga osapool tÔestama, et ta seda jÀrgis ilma privaatsuse ohverdamiseta.
Ăks viis seda teha on nullteadmusprotokolli abil. Nullteadmusprotokoll on tĂ”estus, mis ei lekita mingit informatsiooni peale selle, et vĂ€ide on tĂ”ene.
Tihti tahame, et nullteadmusprotokoll oleks mitteinteraktiivne. Sellisel juhul piisab, kui tĂ”estus on arvutatud ainult ĂŒhe korra ning verifitseerijatel on igal ajal vĂ”imalik seda kontrollida.
On kaks peamist mudelit, mis vÔimaldavad mitteinteraktiivsete nullteadmusprotokollide loomist: juhusliku oraakli (JO) mudel ja referentssÔne mudel.
JO mudeli protokollid on vÀga efektiivsed, kuid mÔningate piirangute tÔttu eelistame referentssÔne mudelit.
Selles töös esitleme kolme stsenaariumit, milles mitteinteraktiivne nullteadmus on asjakohane: verifitseeritav arvutamine, autoriseerimine ja elektrooniline hÀÀletamine.
Igas stsenaariumis pakume vÀlja nullteadmusprotokolli referentssÔne mudelis, mis on seni efektiivseim ning vÔrreldava efektiivsusega protokollidega JO mudelis.In the current digital era, we can do increasingly astonishing activities remotely using only our electronic devices.
Using mobile applications such as WhatsApp, we can contact someone with the guarantee, using an end-to-end encryption protocol, that only the recipient can know the conversation's contents.
Most banking systems enable us to pay our bills and perform other financial transactions, and use the TLS protocol to guarantee that no one can read or modify the transaction data.
Some countries provide an option to vote electronically in an election (e.g. Estonia) or referendum (e.g. Switzerland) with similar privacy guarantees to traditional paper voting.
In all these activities, a cryptographic protocol is required to ensure users' privacy.
In reality, some parties participating in a protocol might not act according to what was agreed in the protocol specification.
Hence, for a real world protocol to be secure, we also need each party to prove that it behaves honestly, but without sacrificing privacy of its inputs.
This can be done using a zero-knowledge argument: a proof by a polynomial-time prover that gives nothing else away besides its correctness.
In many cases, we want a zero-knowledge argument to be non-interactive and transferable, so that it is computed only once, but can be verified by many verifiers at any future time.
There are two main models that enable transferable non-interactive zero-knowledge (NIZK) arguments: the random oracle (RO) model and the common reference string (CRS) model.
Protocols in the RO model are very efficient, but due to some of its limitations, we prefer working in the CRS model.
In this work we provide three scenarios where NIZK arguments are relevant: verifiable computation, authorization, and electronic voting.
In each scenario, we propose NIZK arguments in the CRS model that are more efficient than existing ones, and are comparable in efficiency to the best known NIZK arguments in the RO model
- âŠ