TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub

This paper presents TumbleBit, a new unidirectional unlinkable payment hub that is fully compatible with today s Bitcoin protocol. TumbleBit allows parties to make fast, anonymous, off-blockchain payments through an untrusted intermediary called the Tumbler. TumbleBits anonymity properties are similar to classic Chaumian eCash: no one, not even the Tumbler, can link a payment from its payer to its payee. Every payment made via TumbleBit is backed by bitcoins, and comes with a guarantee that Tumbler can neither violate anonymity, nor steal bitcoins, nor print money by issuing payments to itself. We prove the security of TumbleBit using the real/ideal world paradigm and the random oracle model. Security follows from the standard RSA assumption and ECDSA unforgeability. We implement TumbleBit, mix payments from 800 users and show that TumbleBits offblockchain payments can complete in seconds.https://eprint.iacr.org/2016/575.pdfPublished versio

Authentication Protocols and Privacy Protection

Tato dizertační práce se zabývá kryptografickými prostředky pro autentizaci. Hlavním tématem však nejsou klasické autentizační protokoly, které nabízejí pouze ověření identity, ale tzv. atributové autentizační systémy, pomocí kterých mohou uživatelé prokazovat svoje osobní atributy. Tyto atributy pak mohou představovat jakékoliv osobní informace, např. věk, národnost či místo narození. Atributy mohou být prokazovány anonymně a s podporou mnoha funkcí na ochranu digitální identity. Mezi takové funkce patří např. nespojitelnost autentizačních relací, nesledovatelnost, možnost výběru prokazovaných atributů či efektivní revokace. Atributové autentizační systémy jsou již nyní považovány za nástupce současných systémů v oficiálních strategických plánech USA (NSTIC) či EU (ENISA). Část požadovaných funkcí je již podporována existujícími kryptografickými koncepty jako jsou U-Prove či idemix. V současné době však není známý systém, který by poskytoval všechny potřebné funkce na ochranu digitální identity a zároveň byl prakticky implementovatelný na zařízeních, jako jsou čipové karty. Mezi klíčové slabiny současných systémů patří především chybějící nespojitelnost relací a absence revokace. Není tak možné efektivně zneplatnit zaniklé uživatele, ztracené či ukradené autentizační karty či karty škodlivých uživatelů. Z těchto důvodů je v této práci navrženo kryptografické schéma, které řeší slabiny nalezené při analýze existujících řešení. Výsledné schéma, jehož návrh je založen na ověřených primitivech, jako jsou $\Sigma$-protokoly pro důkazy znalostí, kryptografické závazky či ověřitelné šifrování, pak podporuje všechny požadované vlastnosti pro ochranu soukromí a digitální identity. Zároveň je však návrh snadno implementovatelný v prostředí smart-karet. Tato práce obsahuje plný kryptografický návrh systému, formální ověření klíčových vlastností, matematický model schématu v programu Mathematica pro ověření funkčnosti a výsledky experimentální implementace v prostředí .NET smart-karet. I přesto, že navrhovaný systém obsahuje podporu všech funkcí na ochranu soukromí, včetně těch, které chybí u existujících systémů, jeho výpočetní složitost zůstává stejná či nižší, doba ověření uživatele je tedy kratší než u existujících systémů. Výsledkem je schéma, které může velmi znatelně zvýšit ochranu soukromí uživatelů při jejich ověřování, především při využití v elektronických dokladech, přístupových systémech či Internetových službách.This dissertation thesis deals with the cryptographic constructions for user authentication. Rather than classical authentication protocols which allow only the identity verification, the attribute authentication systems are the main topic of this thesis. The attribute authentication systems allow users to give proofs about the possession of personal attributes. These attributes can represent any personal information, for example age, nationality or birthplace. The attribute ownership can be proven anonymously and with the support of many features for digital identity protection. These features include, e.g., the unlinkability of verification sessions, untraceability, selective disclosure of attributes or efficient revocation. Currently, the attribute authentication systems are considered to be the successors of existing authentication systems by the official strategies of USA (NSTIC) and EU (ENISA). The necessary features are partially provided by existing cryptographic concepts like U-Prove and idemix. But at this moment, there is no system providing all privacy-enhancing features which is implementable on computationally restricted devices like smart-cards. Among all weaknesses of existing systems, the missing unlinkability of verification sessions and the absence of practical revocation are the most critical ones. Without these features, it is currently impossible to invalidate expired users, lost or stolen authentication cards and cards of malicious users. Therefore, a new cryptographic scheme is proposed in this thesis to fix the weaknesses of existing schemes. The resulting scheme, which is based on established primitives like $\Sigma$-protocols for proofs of knowledge, cryptographic commitments and verifiable encryption, supports all privacy-enhancing features. At the same time, the scheme is easily implementable on smart-cards. This thesis includes the full cryptographic specification, the formal verification of key properties, the mathematical model for functional verification in Mathematica software and the experimental implementation on .NET smart-cards. Although the scheme supports all privacy-enhancing features which are missing in related work, the computational complexity is the same or lower, thus the time of verification is shorter than in existing systems. With all these features and properties, the resulting scheme can significantly improve the privacy of users during their verification, especially when used in electronic ID systems, access systems or Internet services.

Sphinx: A Compact and Provably Secure Mix Format

Sphinx is a cryptographic message format used to relay anonymized messages within a mix network. It is more compact than any comparable scheme, and supports a full set of security features: indistinguishable replies, hiding the path length and relay position, as well as providing unlinkability for each leg of the message's journey over the network. We prove the full cryptographic security of Sphinx in the random oracle model, and we describe how it can be used as an efficient drop-in replacement in deployed remailer systems. © 2009 IEEE

MV3: A new word based stream cipher using rapid mixing and revolving buffers

MV3 is a new word based stream cipher for encrypting long streams of data. A direct adaptation of a byte based cipher such as RC4 into a 32- or 64-bit word version will obviously need vast amounts of memory. This scaling issue necessitates a look for new components and principles, as well as mathematical analysis to justify their use. Our approach, like RC4's, is based on rapidly mixing random walks on directed graphs (that is, walks which reach a random state quickly, from any starting point). We begin with some well understood walks, and then introduce nonlinearity in their steps in order to improve security and show long term statistical correlations are negligible. To minimize the short term correlations, as well as to deter attacks using equations involving successive outputs, we provide a method for sequencing the outputs derived from the walk using three revolving buffers. The cipher is fast -- it runs at a speed of less than 5 cycles per byte on a Pentium IV processor. A word based cipher needs to output more bits per step, which exposes more correlations for attacks. Moreover we seek simplicity of construction and transparent analysis. To meet these requirements, we use a larger state and claim security corresponding to only a fraction of it. Our design is for an adequately secure word-based cipher; our very preliminary estimate puts the security close to exhaustive search for keys of size < 256 bits.Comment: 27 pages, shortened version will appear in "Topics in Cryptology - CT-RSA 2007

An Innovative Approach Towards Applying Chaum Mixing to SMS

Currently there are few user-friendly applications for anonymous communication across multiple platforms, leaving data that is often both personal and private vulnerable to malicious activity. Mobile devices such as smartphones are prime candidates for such an application as they are pervasive and have standardized communication protocols. Through the application of mixing techniques, these devices can provide anonymity for groups of individuals numbering 30 to 40 members. In this work, a Chaum mix inspired, smartphone based network that uses the Short Message Service (SMS) is described first in theory and then in implementation. This system leverages both techniques used by current anonymity networks as well as knowledge gained from current and past research to make messages private and untraceable. The work addresses previously published attacks to anonymous systems through current and innovative mitigation technique

On the security of multivariate encryption schemes

A criptografia moderna está em perigo por causa dos computadores quânticos, mesmo que, limitados por hardware, já existem algoritmos que podem quebrar os esquemas de chave pública mais utilizados para tráfego de informação. Criptografia multivariável é um bom candidato para criação de esquemas criptográficos seguros até para computadores quânticos, pois são baseadas em um problema NP-Difícil. Nesse trabalho, nós explicamos ataques comuns a criptossistemas multivariáveis além de estudarmos a teoria e implementação deles

Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks

Disertační práce se zabývá kryptografickými protokoly poskytující ochranu soukromí, které jsou určeny pro zabezpečení komunikačních a informačních systémů tvořících heterogenní sítě. Práce se zaměřuje především na možnosti využití nekonvenčních kryptografických prostředků, které poskytují rozšířené bezpečnostní požadavky, jako je například ochrana soukromí uživatelů komunikačního systému. V práci je stanovena výpočetní náročnost kryptografických a matematických primitiv na různých zařízeních, které se podílí na zabezpečení heterogenní sítě. Hlavní cíle práce se zaměřují na návrh pokročilých kryptografických protokolů poskytujících ochranu soukromí. V práci jsou navrženy celkově tři protokoly, které využívají skupinových podpisů založených na bilineárním párování pro zajištění ochrany soukromí uživatelů. Tyto navržené protokoly zajišťují ochranu soukromí a nepopiratelnost po celou dobu datové komunikace spolu s autentizací a integritou přenášených zpráv. Pro navýšení výkonnosti navržených protokolů je využito optimalizačních technik, např. dávkového ověřování, tak aby protokoly byly praktické i pro heterogenní sítě.The dissertation thesis deals with privacy-preserving cryptographic protocols for secure communication and information systems forming heterogeneous networks. The thesis focuses on the possibilities of using non-conventional cryptographic primitives that provide enhanced security features, such as the protection of user privacy in communication systems. In the dissertation, the performance of cryptographic and mathematic primitives on various devices that participate in the security of heterogeneous networks is evaluated. The main objectives of the thesis focus on the design of advanced privacy-preserving cryptographic protocols. There are three designed protocols which use pairing-based group signatures to ensure user privacy. These proposals ensure the protection of user privacy together with the authentication, integrity and non-repudiation of transmitted messages during communication. The protocols employ the optimization techniques such as batch verification to increase their performance and become more practical in heterogeneous networks.

Youth employment incentives : activation policy in Denmark, France and the United Kingdom (2008-2016)

Les jeunes (15 à 29 ans) sont particulièrement vulnérables aux chocs économiques et la capacité à intégrer le marché du travail est une étape importante influençant leur bien-être à long terme. La crise financière de 2007-08 a donc eu des effets importants sur eux. En réponse, les États capitalistes avancés ont adopté une série de politiques pour aider les jeunes. Pourtant, malgré ces nouvelles politiques, les dépenses publiques pour le marché du travail n’ont pas augmenté de manière stable lors de la période. Les analyses récentes semblent confirmer qu’au lieu d’investir dans les programmes plus dispendieux, les États adoptent des politiques axées sur une rhétorique de droits et de responsabilités. En effet, selon certains chercheurs, les États ont adopté des politiques qui créent des incitatifs pour joindre le marché du travail au lieu d’investir dans le capital humain. La recherche actuelle appuie l'argumentaire que les États-providence convergent autour de politiques de faible coût. Nonobstant les pressions pour le changement, les États ont différents besoins. Ainsi, il reste improbable qu’ils adoptent les mêmes solutions. Aucune analyse récente n’a étudié les politiques d’emploi des jeunes adoptées depuis la crise financière. Cette thèse pose alors la question, comment est-ce que les États-providence ont modifié leurs politiques de transition depuis la crise financière? La thèse répond à cette question à partir de trois cadres analytiques du changement politique. Ces cadres sont appliqués à trois études de cas : le Danemark, la France et le Royaume-Uni. Afin de pleinement considérer ces politiques dans toute leur complexité, cette thèse se sert d'une typologie des incitatifs d'activation pour comparer des mélanges d'instruments entre gouvernements. Une fois les mélanges d'incitatifs déterminés, une analyse de process-tracing détermine comment les États ont modifié leurs politiques de transition depuis la crise financière. Ces recherches nous permettent de constater que ces trois pays ont adopté de nouvelles politiques pour l’emploi des jeunes depuis la crise financière. Dans chaque étude de cas, les États ont adopté des politiques qui perpétuent la logique d’action dominante. Or, chaque étude de cas a aussi adopté des politiques qui dévient de la logique d’action dominante. Ces changements sont expliqués à l'aide de trois cadres théoriques, l'apprentissage, les ressources et l'institutionnalisme historique. Cette recherche contribue à la littérature de l'État-providence en outrepassant la littérature existante et donnant un rapport détaillé des politiques d'activation pour les jeunes et de leur adoption depuis la crise financière.Youth (15 to 29-year-olds) are vulnerable to economic shocks, and the ability to enter the labour market has significant effects on their long-term wellbeing. Consequently, the 2007-08 financial crisis had the potential to affect youth gravely, which is why welfare states adopted a series of policy initiatives to help youth in the post-crisis. Although countries adopted policies, traditional data such as labour market policy expenditures do not reveal increased spending consistent with higher unemployment levels. Research also shows welfare states have favoured policies that reinforce incentives to join the labour market and help individuals market their skills over more expensive policies that invest in human capital since the financial crisis. These analyses support the argument welfare states are converging around low-cost policies. These pressures notwithstanding, the adoption of similar policies is unusual because the needs between countries remain diverse. For that reason, and despite the factors inhibiting change, countries should not be adopting the same policies to respond to high youth unemployment. This dissertation investigates this complex policy environment by using a typology of activation incentives to compare policy instrument mixes between governments. Process-tracing is then used to determine how welfare states modified their youth employment policies since the financial crisis. First, qualitative data is used to identify the different policy mixes adopted in each case. Second, the policymaking process is analyzed using process-tracing methods. Research findings indicate all three cases, Denmark, France, and the United Kingdom, adopted new youth policies after the financial crisis. In addition to funding policies that continue typical logics found in each country, evidence shows each case adopted policies that deviate from established logics. These results are explained using three theoretical frameworks to identify mechanisms for change: policy learning, power resources and historical institutionalism. For each case, the dissertation outlines how these factors interacted to affect the policymaking process. This research contributes to welfare state literature by going beyond existing quantitative analysis to provide an in-depth account of youth activation policies and the policymaking process in the post-crisis

Low-latency mix networks for anonymous communication

Every modern online application relies on the network layer to transfer information, which exposes the metadata associated with digital communication. These distinctive characteristics encapsulate equally meaningful information as the content of the communication itself and allow eavesdroppers to uniquely identify users and their activities. Hence, by exposing the IP addresses and by analyzing patterns of the network traffic, a malicious entity can deanonymize most online communications. While content confidentiality has made significant progress over the years, existing solutions for anonymous communication which protect the network metadata still have severe limitations, including centralization, limited security, poor scalability, and high-latency. As the importance of online privacy increases, the need to build low-latency communication systems with strong security guarantees becomes necessary. Therefore, in this thesis, we address the problem of building multi-purpose anonymous networks that protect communication privacy. To this end, we design a novel mix network Loopix, which guarantees communication unlinkability and supports applications with various latency and bandwidth constraints. Loopix offers better security properties than any existing solution for anonymous communications while at the same time being scalable and low-latency. Furthermore, we also explore the problem of active attacks and malicious infrastructure nodes, and propose a Miranda mechanism which allows to efficiently mitigate them. In the second part of this thesis, we show that mix networks may be used as a building block in the design of a private notification system, which enables fast and low-cost online notifications. Moreover, its privacy properties benefit from an increasing number of users, meaning that the system can scale to millions of clients at a lower cost than any alternative solution