364 research outputs found
Fast Threshold ECDSA with Honest Majority
ECDSA is a widely adopted digital signature standard. A number of threshold protocols for ECDSA have been developed that let a set of parties jointly generate the secret signing key and compute signatures, without ever revealing the signing key. Threshold protocols for ECDSA have seen recent interest, in particular due to the need for additional security in cryptocurrency wallets where leakage of the signing key is equivalent to an immediate loss of money.
We propose a threshold ECDSA protocol secure against an active adversary in the honest majority model with abort. Our protocol is efficient in terms of both computation and bandwidth usage, and it allows the parties to pre-process parts of the signature, such that once the message to sign becomes known, they can compute a secret sharing of the signature very efficiently, using only local operations. We also show how to obtain fairness in the online phase at the cost of some additional work in the pre-processing, i.e., such that the protocol either aborts during the pre-processing phase, in which case nothing is revealed, or the signature is guaranteed to be delivered to all honest parties
Low-resource eclipse attacks on Ethereum’s peer-to-peer network
We present eclipse attacks on Ethereum nodes that exploit the peer-to-peer network used for neighbor discovery. Our attacks can be launched using only two hosts, each with a single IP address. Our eclipse attacker monopolizes all of the victim’s incoming and outgoing connections, thus isolating the victim from the rest of its peers in the network. The attacker can then filter the victim’s view of the blockchain, or co-opt the victim’s computing power as part of more sophisticated attacks. We argue that these eclipse-attack vulnerabilities result from Ethereum’s adoption of the Kademlia peer-to-peer protocol, and present countermeasures that both harden the network against eclipse attacks and cause it to behave differently from the traditional Kademlia protocol. Several of our countermeasures have been incorporated in the Ethereum geth 1.8 client released on February 14, 2018.First author draf
Accountable authentication with privacy protection: The Larch system for universal login
Credential compromise is hard to detect and hard to mitigate. To address this
problem, we present larch, an accountable authentication framework with strong
security and privacy properties. Larch protects user privacy while ensuring
that the larch log server correctly records every authentication. Specifically,
an attacker who compromises a user's device cannot authenticate without
creating evidence in the log, and the log cannot learn which web service
(relying party) the user is authenticating to. To enable fast adoption, larch
is backwards-compatible with relying parties that support FIDO2, TOTP, and
password-based login. Furthermore, larch does not degrade the security and
privacy a user already expects: the log server cannot authenticate on behalf of
a user, and larch does not allow relying parties to link a user across
accounts. We implement larch for FIDO2, TOTP, and password-based login. Given a
client with four cores and a log server with eight cores, an authentication
with larch takes 150ms for FIDO2, 91ms for TOTP, and 74ms for passwords
(excluding preprocessing, which takes 1.23s for TOTP).Comment: This is an extended version of a paper appearing at OSDI 202
CryptoMaze: Atomic Off-Chain Payments in Payment Channel Network
Payment protocols developed to realize off-chain transactions in Payment
channel network (PCN) assumes the underlying routing algorithm transfers the
payment via a single path. However, a path may not have sufficient capacity to
route a transaction. It is inevitable to split the payment across multiple
paths. If we run independent instances of the protocol on each path, the
execution may fail in some of the paths, leading to partial transfer of funds.
A payer has to reattempt the entire process for the residual amount. We propose
a secure and privacy-preserving payment protocol, CryptoMaze. Instead of
independent paths, the funds are transferred from sender to receiver across
several payment channels responsible for routing, in a breadth-first fashion.
Payments are resolved faster at reduced setup cost, compared to existing
state-of-the-art. Correlation among the partial payments is captured,
guaranteeing atomicity. Further, two party ECDSA signature is used for
establishing scriptless locks among parties involved in the payment. It reduces
space overhead by leveraging on core Bitcoin scripts. We provide a formal model
in the Universal Composability framework and state the privacy goals achieved
by CryptoMaze. We compare the performance of our protocol with the existing
single path based payment protocol, Multi-hop HTLC, applied iteratively on one
path at a time on several instances. It is observed that CryptoMaze requires
less communication overhead and low execution time, demonstrating efficiency
and scalability.Comment: 30 pages, 9 figures, 1 tabl
- …