SodsBC: A Post-quantum by Design Asynchronous Blockchain Framework

We present a novel framework for asynchronous permissioned blockchain with high performance and post-quantum security for the first time. Specifically, our framework contains two asynchronous Byzantine fault tolerance (aBFT) protocols SodsBC and SodsBC++. We leverage concurrently preprocessing to accelerate the preparation of three cryptographic objects for the repeated consensus procedure, including common random coins as the needed randomness, secret shares of symmetric encryption keys for censorship resilience, and nested hash values for external validation predicates. All preprocessed objects utilize proved or commonly believed to be post-quantum cryptographic tools to resist an adversary equipped with quantum computation capabilities. The evaluation in AWS shows that SodsBC and SodsBC++ reduce the latency of two state-of-the-art but quantum-sensitive competitors Honeybadger and Dumbo by $53\%$ and $6\%$, respectively in the setting that the number of participants is $100$ and each block part has $20,000$ transactions

Analysis and Implementation of the Messaging Layer Security Protocol

The use of messaging services on smartphones has increased considerably in recent years, due to the growth in the availability of mobile devices and the evolution of communication technologies via Internet, factors that have effectively replaced the use of text messages. This increase also concerned the use in the business environment, a context where the exchange of confidential information is more frequent and therefore the need to protect communication between two or more people. This is important not only on a security point of view, but also for personal privacy. The major global players have responded by implementing security measures within their services, such as end-to-end encryption and increasingly strict rules regarding the processing of personal data. In this thesis we will illustrate Messaging Layer Security, shortened as MLS, a new protocol under development that guarantees security and efficiency in group conversations. When in a conversation between two clients, security can be ensured through end-to-end encryption and key exchange. The problem arises when multiple actors participate in the conversation asynchronously: in this case the computational effort is considerable, even more so considering the use of mobile devices with reduced battery capacity that does not guarantee the continuous presence of the online device. The thesis will deal with both the architectural part, that is more general and traces the outline of the subject, and the protocol part, more technical and detailed. Finally, an implementation of MLS written in Rust and called Melissa will be illustrated, which provides all the basic functionalities indicated in the draft 05 version of the protocol

Formally based semi-automatic implementation of an open security protocol

International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation

Enhancing Privacy in Cryptographic Protocols

For the past three decades, a wide variety of cryptographic protocols have been proposed to solve secure communication problems even in the presence of adversaries. The range of this work varies from developing basic security primitives providing confidentiality and authenticity to solving more complex, application-specific problems. However, when these protocols are deployed in practice, a significant challenge is to ensure not just security but also privacy throughout these protocols' lifetime. As computer-based devices are more widely used and the Internet is more globally accessible, new types of applications and new types of privacy threats are being introduced. In addition, user privacy (or equivalently, key privacy) is more likely to be jeopardized in large-scale distributed applications because the absence of a central authority complicates control over these applications. In this dissertation, we consider three relevant cryptographic protocols facing user privacy threats when deployed in practice. First, we consider matchmaking protocols among strangers to enhance their privacy by introducing the "durability" and "perfect forward privacy" properties. Second, we illustrate the fragility of formal definitions with respect to password privacy in the context of password-based authenticated key exchange (PAKE). In particular, we show that PAKE protocols provably meeting the existing formal definitions do not achieve the expected level of password privacy when deployed in the real world. We propose a new definition for PAKE that is tightly connected to what is actually desired in practice and suggest guidelines for realizing this definition. Finally, we answer to a specific privacy question, namely whether privacy properties of symmetric-key encryption schemes obtained by non-tight reduction proofs are retained in the real world. In particular, we use the privacy notion of "multi-key hiding" property and show its non-tight relation with the IND$-CPA property of symmetric-key schemes. We use the experimental result by Gligor et al. to show how a real attack breaks the "multi-key hiding" property of IND$-CPA symmetric-key encryption schemes with high probability in practice. Finally, we identify schemes that satisfy the "multi-key hiding" and enhance key privacy in the real world

Proving Cryptographic C Programs Secure with General-Purpose Verification Tools

Security protocols, such as TLS or Kerberos, and security devices such as the Trusted Platform Module (TPM), Hardware Security Modules (HSMs) or PKCS#11 tokens, are central to many computer interactions. Yet, such security critical components are still often found vulnerable to attack after their deployment, either because the specification is insecure, or because of implementation errors. Techniques exist to construct machine-checked proofs of security properties for abstract specifications. However, this may leave the final executable code, often written in lower level languages such as C, vulnerable both to logical errors, and low-level flaws. Recent work on verifying security properties of C code is often based on soundly extracting, from C programs, protocol models on which security properties can be proved. However, in such methods, any change in the C code, however trivial, may require one to perform a new and complex security proof. Our goal is therefore to develop or identify a framework in which security properties of cryptographic systems can be formally proved, and that can also be used to soundly verify, using existing general-purpose tools, that a C program shares the same security properties. We argue that the current state of general-purpose verification tools for the C language, as well as for functional languages, is sufficient to achieve this goal, and illustrate our argument by developing two verification frameworks around the VCC verifier. In the symbolic model, we illustrate our method by proving authentication and weak secrecy for implementations of several network security protocols. In the computational model, we illustrate our method by proving authentication and strong secrecy properties for an exemplary key management API, inspired by the TPM

Aggregatable Distributed Key Generation

In this paper, we introduce a distributed key generation (DKG) protocol with aggregatable and publicly-verifiable transcripts. Compared with prior publicly-verifiable approaches, our DKG reduces the size of the final transcript and the time to verify it from O(n2) to O(nlogn) , where n denotes the number of parties. As compared with prior non-publicly-verifiable approaches, our DKG leverages gossip rather than all-to-all communication to reduce verification and communication complexity. We also revisit existing DKG security definitions, which are quite strong, and propose new and natural relaxations. As a result, we can prove the security of our aggregatable DKG as well as that of several existing DKGs, including the popular Pedersen variant. We show that, under these new definitions, these existing DKGs can be used to yield secure threshold variants of popular cryptosystems such as El-Gamal encryption and BLS signatures. We also prove that our DKG can be securely combined with a new efficient verifiable unpredictable function (VUF), whose security we prove in the random oracle model. Finally, we experimentally evaluate our DKG and show that the per-party overheads scale linearly and are practical. For 64 parties, it takes 71 ms to share and 359 ms to verify the overall transcript, while for 8192 parties, it takes 8 s and 42.2 s respectively

The Timed Concurrent Constraint language in practice

We propose the tccp language for the specification and verification of security protocols. We study the relation between tccp and utcc by presenting a transformation from utcc into tccp that formally states the relation between the two languages. Finally, we present an interpreter for tccp implemented in Maude.Lescaylle Daudinot, A. (2009). The Timed Concurrent Constraint language in practice. http://hdl.handle.net/10251/14517Archivo delegad

Digital certificates and threshold cryptography

This dissertation discusses the use of secret sharing cryptographic protocols for distributing and sharing of secret documents, in our case PDF documents. We discuss the advantages and uses of such a system in the context of collaborative environments. Description of the cryptographic protocol involved and the necessary Public Key Infrastructure (PKI) shall be presented. We also provide an implementation of this framework as a “proof of concept” and fundament the use of a certificate extension as the basis for threshold cryptography. Details of the shared secret distribution protocol and shared secret recovery protocol shall be given as well as the associated technical implementation details. The actual secret sharing algorithm implemented at this stage is based on an existing well known secret sharing scheme that uses polynomial interpolation over a finite field. Finally we conclude with a practical assessment of our prototype