Emoji captcha; una novedosa opción para proteger sitios web

En el presente trabajo se presenta un desarrollo de una variante de captcha con el uso de una imagen gif, compuesta por 6 fotogramas; cada fotograma está formado por 9 imágenes ordenadas en una matriz de 3 por 3; cada imagen utilizada expresa una emoción de un conjunto de 5 emociones básicas. Cada uno de los 9 sectores en los que se divide el gif, tiene asignado una marca dígito, con el propósito de que el usuario reconozca una emoción dentro del gif y utilizando sus habilidades cognitivas relacione esta emoción con un número y, de esta forma identifique la respuesta correcta. Se propone una alternativa simple y segura para la protección de sitios web, ideal para un amplio rango de usuarios, sin importar su edad o conocimientos informáticos, esto se debe al uso de emociones que son reconocidas por todo ser humano. Los desarrollos actuales realizan análisis de trafico de red y tiempo de respuesta para identificar si el usuario es humano o un programa malicioso, permitiendo a los atacantes acceder a otro tipo de información de usuario de una manera más simple, la ventaja de esta propuesta proviene del hecho de la regeneración del captcha y la redistribución de los números identificadores cada 2 minutos, reforzados por una serie de distorsiones aplicadas, de esta forma los atacantes no pueden acceder a información extra del usuario y debido al tiempo de regeneración lo hace inviable para é

Human Public-Key Encryption

This paper proposes a public-key cryptosystem and a short password encryption mode, where traditional hardness assumptions are replaced by specific refinements of the CAPTCHA concept called Decisional and Existential CAPTCHAs. The public-key encryption method, achieving 128-bit security, typically requires from the sender to solve one CAPTCHA. The receiver does not need to resort to any human aid. A second symmetric encryption method allows to encrypt messages using very short passwords shared between the sender and the receiver. Here, a simple 5-character alphanumeric password provides sufficient security for all practical purposes. We conjecture that the automatic construction of Decisional and Existential CAPTCHAs is possible and provide candidate ideas for their implementation

Practice-Oriented Privacy in Cryptography

While formal cryptographic schemes can provide strong privacy guarantees, heuristic schemes that prioritize efficiency over formal rigor are often deployed in practice, which can result in privacy loss. Academic schemes that do receive rigorous attention often lack concrete efficiency or are difficult to implement. This creates tension between practice and research, leading to deployed privacy-preserving systems that are not backed by strong cryptographic guarantees. To address this tension between practice and research, we propose a practice-oriented privacy approach, which focuses on designing systems with formal privacy models that can effectively map to real-world use cases. This approach includes analyzing existing privacy-preserving systems to measure their privacy guarantees and how they are used. Furthermore, it explores solutions in the literature and analyzes gaps in their models to design augmented systems that apply more clearly to practice. We focus on two settings of privacy-preserving payments and communications. First, we introduce BlockSci, a software platform that can be used to perform analyses on the privacy and usage of blockchains. Specifically, we assess the privacy of the Dash cryptocurrency and analyze the velocity of cryptocurrencies, finding that Dash’s PrivateSend may still be vulnerable to clustering attacks and that a significant fraction of transactions on Bitcoin are “self-churn” transactions. Next, we build a technique for reducing bandwidth in mixing cryptocurrencies, which suffer from a practical limitation: the size of the transaction growing linearly with the size of the anonymity set. Our proposed technique efficiently samples cover traffic from a finite and public set of known values, while deriving a compact description of the resulting transaction set. We show how this technique can be integrated with various currencies and different cover sampling distributions. Finally, we look at the problem of establishing secure communication channels without access to a trusted public key infrastructure. We construct a scheme that uses network latency and reverse turing tests to detect the presence of eavesdroppers, prove our construction secure, and implement it on top of an existing communication protocol. This line of work bridges the gap between theoretical cryptographic research and real-world deployments to bring better privacy-preserving schemes to end users

Cryptography Using Captcha Puzzles

Abstract. A Captcha is a puzzle that is easy for humans but hard to solve for computers. A formal framework, modelling Captcha puzzles (as hard AI problems), was introduced by Ahn, Blum, Hopper, and Langford ([ABHL03], Eurocrypt 2003). Despite their attractive features and wide adoption in practice, the use of Captcha puzzles for general cryptographic applications has been limited. In this work, we explore various ways to formally model Captcha puzzles and their human component and explore new applications for Captcha. We show that by defining Captcha with additional (strong but realistic) properties, it is possible to broaden Captcha applicability, including using it to learning a machine’s “secret internal state. ” To facilitate this, we introduce the notion of an human-extractable Captcha, which we believe may be of independent interest. We show that this type of Captcha yields a constant round protocol for fully concurrent non-malleable zeroknowledge. To enable this we also define and construct a Captchabase