Emerge: Self-Emerging Data Release Using Cloud Data Storage

In the age of Big Data, advances in distributed technologies and cloud storage services provide highly efficient and cost-effective solutions to large scale data storage and management. Supporting self-emerging data using clouds is a challenging problem. While straight-forward centralized approaches provide a basic solution to the problem, unfortunately they are limited to a single point of trust. Supporting attack-resilient timed release of encrypted data stored in clouds requires new mechanisms for self emergence of data encryption keys that enables encrypted data to become accessible at a future point in time. Prior to the release time, the encryption key remains undiscovered and unavailable in a secure distributed system, making the private data unavailable. In this paper, we propose Emerge, a self-emerging timed data release protocol for securely hiding data encryption keys of private encrypted data in a large-scale Distributed Hash Table (DHT) network that makes the data available and accessible only at the defined release time. We develop a suite of erasure-coding-based routing path construction schemes for securely storing and routing encryption keys in DHT networks that protect an adversary from inferring the encryption key prior to the release time (release-ahead attack) or from destroying the key altogether (drop attack). Through extensive experimental evaluation, we demonstrate that the proposed schemes are resilient to both release-ahead attack and drop attack as well as to attacks that arise due to traditional churn issues in DHT networks

A novel e-voting system with diverse security features

Internet-based E-voting systems can offer great benefits over traditional voting machines in areas, such as protecting voter and candidate privacy, providing accurate vote counting, preventing voter fraud, and shortening the time of vote counting. This dissertation introduces, establishes and improves Internet-based E-voting systems on various aspects of the voting procedure. In addition, our designs also enable voters to track their votes which is a very important element in any elections. Our novel Internet-based E-voting system is based on the following realistic assumptions: (1) The election authorities are not 100% trustworthy; (2) The E-voting system itself is not 100% trustworthy; (3) Every voter is not 100% trustworthy. With these three basic assumptions, we can form mutual restrictions on each party, and secure measurements of the election will not be solely determined and influenced by any one of them. The proposed scheme, referred to as Time-lock algorithm based E-voting system with Ring signature and Multi-part form (TERM), is demonstrated to achieve the goal of keeping votes confidential and voters anonymous, as well as reducing the risk of leaking the voters’ identities during the election. In addition, TERM can prevent any possible clash attack, such as manipulating voting results or tampering voters’ original votes by malicious election authorities or hackers. The security performance analysis also shows that TERM provides outstanding measurements to secure the candidates’ manifest on each type of ballots during the whole election duration. TERM provides a roadmap for future fair elections via Internet

SCTSC: A Semicentralized Traffic Signal Control Mode With Attribute-Based Blockchain in IoVs

This is the author accepted manuscript. The final version is available from IEEE via the DOI in this recordAssisting traffic control is one of the most important applications on the Internet of Vehicles (IoVs). Traffic information provided by vehicles is desired since drivers or vehicle sensors are sensitive in perceiving or detecting nuances on roads. However, the availability and privacy preservation of this information are critical while conflicted with each other in the vehicular communication. In this paper, we propose a semicentralized mode with attribute-based blockchain in IoVs to balance the tradeoff between the availability and the privacy preservation. In this mode, a method of control-by-vehicles is used to control signals of traffic lights to increase traffic efficiency. Users are grouped their attributes such as locations and directions before starting the communication. The users reach an agreement on determining a temporary signal timing by interacting with each other without leaking privacy. Final decisions are verifiable to all users, even if they have no a priori agreement and processes of consensus. The mode not only achieves the aim of privacy preservation but also supports responsibility investigation for historical agreements via ciphertext-policy attribute-based encryption (CP-ABE) and blockchain technology. Extensive experimental results demonstrated that our mode is efficient and practical.National Key R&D Program of ChinaNatural Science Foundation of ChinaFundamental Research Funds for the Central Universities of Chin

A measurement study of peer-to-peer bootstrapping and implementations of delay-based cryptography

This thesis researches two distinct areas of study in both peer-to-peer networking formodern cryptocurrencies and implementations of delay-based cryptography.The first part of the thesis researches elements of peer-to-peer network mechanisms,with a specific focus on the dependencies on centralised infrastructure required for theinitial participation in such networks.Cryptocurrencies rely on decentralised peer-to-peer networks, yet the method bywhich new peers initially join these networks, known as bootstrapping, presents a significantchallenge. Our original research consists of a measurement study of 74 cryptocurrencies.Our study reveals a prevalent reliance on centralised infrastructure which leadsto censorship-prone bootstrapping techniques leaving networks vulnerable to censorshipand manipulation.In response, we explore alternative bootstrapping methods seeking solutions lesssusceptible to censorship. However, our research demonstrates operational challengesand limitations which hinder their effectiveness, highlighting the complexity of achievingcensorship-resistance in practice.Furthermore, our global measurement study uncovers the details of cryptocurrencypeer-to-peer networks, revealing instances outages and intentional protocol manipulationimpacting bootstrapping operations. Through a volunteer network of probes deployedacross 42 countries, we analyse network topology, exposing centralisation tendencies andunintentional peer exposure.Our research also highlights the pervasive inheritance of legacy bootstrapping methods,perpetuating security vulnerabilities and censorship risks within cryptocurrencysystems. These findings illuminate broader concerns surrounding decentralisation andcensorship-resistance in distributed systems.In conclusion, our study offers valuable insights into cryptocurrency bootstrappingtechniques and their susceptibility to censorship, paving the way for future research andinterventions to enhance the resilience and autonomy of peer-to-peer networks.In the second part of the thesis, attention shifts towards delay-based cryptography,where the focus lies on the creation and practical implementations of timed-release encryptionschemes. Drawing from the historical delay-based cryptographic protocols, thisthesis presents two original research contributions.The first is the creation of a new timed-release encryption scheme with a propertytermed implicit authentication. The second contribution is the development of a practicalconstruction called TIDE (TIme Delayed Encryption) tailored for use in sealed-bidauctions.Timed-Release Encryption with Implicit Authentication (TRE-IA) is a cryptographicprimitive which presents a new property named implicit authentication (IA). This propertyensures that only authorised parties, such as whistleblowers, can generate meaningfulciphertexts. By incorporating IA techniques into the encryption process, TRE-IAaugments a new feature in standard timed-release encryption schemes by ensuring thatonly the party with the encryption key can create meaningful ciphertexts. This propertyensures the authenticity of the party behind the sensitive data disclosure. Specifically, IAenables the encryption process to authenticate the identity of the whistleblower throughthe ciphertext. This property prevents malicious parties from generating ciphertextsthat do not originate from legitimate sources. This ensures the integrity and authenticityof the encrypted data, safeguarding against potential leaks of information not vettedby the party performing the encryption.TIDE introduces a new method for timed-release encryption in the context of sealedbidauctions by creatively using classic number-theoretic techniques. By integratingRSA-OEAP public-key encryption and the Rivest Shamir Wagner time-lock assumptionwith classic number theory principles, TIDE offers a solution that is both conceptuallystraightforward and efficient to implement.Our contributions in TIDE address the complexities and performance challengesinherent in current instantiations of timed-release encryption schemes. Our researchoutput creates a practical timed-release encryption implementation on consumer-gradehardware which can facilitate real-world applications such as sealed-bid auctions withclear steps for implementation.Finally, our thesis concludes with a review of the prospects of delay-based cryptographywhere we consider potential applications such as leveraging TIDE for a publicrandomness beacon.<br/

Timed-Release Encryption With Master Time Bound Key (Full Version)

Timed-release encryption allows senders to send a message to a receiver which cannot decrypt until a server releases a time bound key at the release time. The release time usually supposed to be known to the receiver, the ciphertext therefore cannot be decrypted if the release time is lost. We solve this problem in this paper by having a master time bound key which can replace the time bound key of any release time. We first present security models of the timed-release encryption with master time bound key. We present a provably secure construction based on the Weil pairing

ETHTID: Deployable Threshold Information Disclosure on Ethereum

We address the Threshold Information Disclosure (TID) problem on Ethereum: An arbitrary number of users commit to the scheduled disclosure of their individual messages recorded on the Ethereum blockchain if and only if all such messages are disclosed. Before a disclosure, only the original sender of each message should know its contents. To accomplish this, we task a small council with executing a distributed generation and threshold sharing of an asymmetric key pair. The public key can be used to encrypt messages which only become readable once the threshold-shared decryption key is reconstructed at a predefined point in time and recorded on-chain. With blockchains like Ethereum, it is possible to coordinate such procedures and attach economic stakes to the actions of participating individuals. In this paper, we present ETHTID, an Ethereum smart contract application to coordinate Threshold Information Disclosure. We base our implementation on ETHDKG [1], a smart contract application for distributed key generation and threshold sharing, and adapt it to fit our differing use case as well as add functionality to oversee a scheduled reconstruction of the decryption key. For our main cost saving optimisation, we show that the security of the underlying cryptographic scheme is maintained. We evaluate how the execution costs depend on the size of the council and the threshold and show that the presented protocol is deployable on Ethereum with a council of more than 200 members with gas savings of 20--40\% compared to ETHDKG

ETHTID: Deployable Threshold Information Disclosure on Ethereum

We address the Threshold Information Disclosure (TID) problem on Ethereum: An arbitrary number of users commit to the scheduled disclosure of their individual messages recorded on the Ethereum blockchain if and only if all such messages are disclosed. Before a disclosure, only the original sender of each message should know its contents. To accomplish this, we task a small council with executing a distributed generation and threshold sharing of an asymmetric key pair. The public key can be used to encrypt messages which only become readable once the threshold-shared decryption key is reconstructed at a predefined point in time and recorded on-chain. With blockchains like Ethereum, it is possible to coordinate such procedures and attach economic stakes to the actions of participating individuals. In this paper, we present ETHTID, an Ethereum smart contract application to coordinate Threshold Information Disclosure. We base our implementation on ETHDKG [1], a smart contract application for distributed key generation and threshold sharing, and adapt it to fit our differing use case as well as add functionality to oversee a scheduled reconstruction of the decryption key. For our main cost saving optimisation, we show that the security of the underlying cryptographic scheme is maintained. We evaluate how the execution costs depend on the size of the council and the threshold and show that the presented protocol is deployable on Ethereum with a council of more than 200 members with gas savings of 20-40% compared to ETHDKG

General Certificateless Encryption and Timed-Release Encryption

While recent timed-release encryption (TRE) schemes are implicitly supported by a certificateless encryption (CLE) mechanism, the security models of CLE and TRE differ and there is no generic transformation from a CLE to a TRE. This paper gives a generalized model for CLE that fulfills the requirements of TRE. This model is secure against adversaries with adaptive trapdoor extraction capabilities, decryption capabilities for arbitrary public keys, and partial decryption capabilities. It also supports hierarchical identifiers. We propose a concrete scheme under our generalized model and prove it secure without random oracles, yielding the first strongly-secure security-mediated CLE and the first TRE in the standard model. In addition, our technique of partial decryption is different from the previous approach