496 research outputs found
Society-oriented cryptographic techniques for information protection
Groups play an important role in our modern world. They are more reliable and more trustworthy than individuals. This is the reason why, in an organisation, crucial decisions are left to a group of people rather than to an individual. Cryptography supports group activity by offering a wide range of cryptographic operations which can only be successfully executed if a well-defined group of people agrees to co-operate. This thesis looks at two fundamental cryptographic tools that are useful for the management of secret information. The first part looks in detail at secret sharing schemes. The second part focuses on society-oriented cryptographic systems, which are the application of secret sharing schemes in cryptography. The outline of thesis is as follows
Tor Bridge Distribution Powered by Threshold RSA
Since its inception, Tor has offered anonymity for internet users around the world. Tor now offers bridges to help users evade internet censorship, but the primary distribution schemes that provide bridges to users in need have come under attack. This thesis explores how threshold RSA can help strengthen Tor\u27s infrastructure while also enabling more powerful bridge distribution schemes. We implement a basic threshold RSA signature system for the bridge authority and a reputation-based social network design for bridge distribution. Experimental results are obtained showing the possibility of quick responses to requests from honest users while maintaining both the secrecy and the anonymity of registered clients and bridges
Distributed Provers and Verifiable Secret Sharing Based on the Discrete Logarithm Problem
Secret sharing allows a secret key to be distributed among n persons, such that k(1 <= k <= n) of these must be present in order to recover it at a later time. This report first shows how this can be done such that every person can verify (by himself) that his part of the secret is correct even though fewer than k persons get no Shannon information about the secret. However, this high level of security is not needed in public key schemes, where the secret key is uniquely determined by a corresponding public key. It is therefore shown how such a secret key (which can be used to sign messages or decipher cipher texts) can be distributed. This scheme has the property, that even though everybody can verify his own part, sets of fewer than k persons cannot sign/decipher unless they could have done so given just the public key. This scheme has the additional property that more than k persons can use the key without compromising their parts of it. Hence, the key can be reused. This technique is further developed to be applied to undeniable signatures. These signatures differ from traditional signatures as they can only be verified with the signer's assistance. The report shows how the signer can authorize agents who can help verifying signatures, but they cannot sign (unless the signer permits it)
Scalable Multi-domain Trust Infrastructures for Segmented Networks
Within a trust infrastructure, a private key is often used to digitally sign
a transaction, which can be verified with an associated public key. Using PKI
(Public Key Infrastructure), a trusted entity can produce a digital signature,
verifying the authenticity of the public key. However, what happens when
external entities are not trusted to verify the public key or in cases where
there is no Internet connection within an isolated or autonomously acting
collection of devices? For this, a trusted entity can be elected to generate a
key pair and then split the private key amongst trusted devices. Each node can
then sign part of the transaction using their split of the shared secret. The
aggregated signature can then define agreement on a consensus within the
infrastructure. Unfortunately, this process has two significant problems. The
first is when no trusted node can act as a dealer of the shares. The second is
the difficulty of scaling the digital signature scheme. This paper outlines a
method of creating a leaderless approach to defining trust domains to overcome
weaknesses in the scaling of the elliptic curve digital signature algorithm.
Instead, it proposes the usage of the Edwards curve digital signature algorithm
for the definition of multiple trust zones. The paper shows that the
computational overhead of the distributed key generation phase increases with
the number of nodes in the trust domain but that the distributed signing has a
relatively constant computational overhead
Decentralizing Trust with Resilient Group Signatures in Blockchains
Blockchains have the goal of promoting the decentralization of transactions in a P2Pbased
internetworking model that does not depend on centralized trust parties. Along
with research on better scalability, performance, consistency control, and security guarantees
in their service planes, other challenges aimed at better trust decentralization and
fairness models on the research community’s agenda today.
Asymmetric cryptography and digital signatures are key components of blockchain
systems. As a common flaw in different blockchains, public keys and verification of
single-signed transactions are handled under the principle of trust centralization. In this
dissertation, we propose a better fairness and trust decentralization model by proposing
a service plane for blockchains that provides support for collective digital signatures
and allowing transactions to be collaboratively authenticated and verified with groupbased
witnessed guarantees. The proposed solution is achieved by using resilient group
signatures from randomly and dynamically assigned groups. In our approach we use
Threshold-Byzantine Fault Tolerant Digital Signatures to improve the resilience and robustness
of blockchain systems while preserving their decentralization nature.
We have designed and implemented a modular and portable cryptographic provider
that supports operations expressed by smart contracts. Our system is designed to be a
service plane agnostic and adaptable to the base service planes of different blockchains.
Therefore, we envision our solution as a portable, adaptable and reusable plugin service
plane for blockchains, as a way to provide authenticated group-signed transactions with
decentralized auditing, fairness, and long-term security guarantees and to leverage a
better decentralized trust model. We conducted our experimental evaluations in a cloudbased
testbench with at least sixteen blockchain nodes distributed across four different
data centers, using two different blockchains and observing the proposed benefits.As blockchains tem principal objetivo de promover a descentralização das transações
numa rede P2P, baseada num modelo não dependente de uma autoridade centralizada.
Em conjunto com maior escalabilidade, performance, controlos de consistência e garantias
de segurança nos planos de serviço, outros desafios como a melhoria do modelo de
descentralização e na equidade estão na agenda da comunidade científica.
Criptografia assimétrica e as assinaturas digitais são a componente chave dos sistemas
de blockchains. Porém, as blockchains, chaves públicas e verificações de transações
assinadas estão sobre o princípio de confiança centralizada. Nesta dissertação, vamos
propor uma solução que inclui melhores condições de equidade e descentralização de
confiança, modelado por um plano de serviços para a blockchain que fornece suporte para
assinaturas coletivas e permite que as transações sejam autenticadas colaborativamente
e verificadas com garantias das testemunhadas. Isto será conseguido usando assinaturas
resilientes para grupos formados de forma aleatória e dinamicamente. A nossa solução
para melhorar a resiliência das blockchains e preservar a sua natureza descentralizada,
irá ser baseada em assinaturas threshold à prova de falhas Bizantinas.
Com esta finalidade, iremos desenhar e implementar um provedor criptográfico modelar
e portável para suportar operações criptográficas que podem ser expressas por
smart-contracts. O nosso sistema será desenhado de uma forma agnóstica e adaptável
a diferentes planos de serviços. Assim, imaginamos a nossa solução como um plugin
portável e adaptável para as blockchains, que oferece suporte para auditoria descentralizada,
justiça, e garantias de longo termo para criar modelo melhor da descentralização
da base de confiança. Iremos efetuar as avaliações experimentais na cloud, correndo o
nosso plano de serviço com duas implementações de blockchain e pelo menos dezasseis
nós distribuídos em quatro data centres, observando os benefícios da solução proposta
SHARVOT: secret SHARe-based VOTing on the blockchain
Recently, there has been a growing interest in using online technologies to
design protocols for secure electronic voting. The main challenges include vote
privacy and anonymity, ballot irrevocability and transparency throughout the
vote counting process. The introduction of the blockchain as a basis for
cryptocurrency protocols, provides for the exploitation of the immutability and
transparency properties of these distributed ledgers.
In this paper, we discuss possible uses of the blockchain technology to
implement a secure and fair voting system. In particular, we introduce a secret
share-based voting system on the blockchain, the so-called SHARVOT protocol.
Our solution uses Shamir's Secret Sharing to enable on-chain, i.e. within the
transactions script, votes submission and winning candidate determination. The
protocol is also using a shuffling technique, Circle Shuffle, to de-link voters
from their submissions.Comment: WETSEB'18:IEEE/ACM 1st International Workshop on Emerging Trends in
Software Engineering for Blockchain. 5 pages, 2 figure
A NOVEL APPROACH FOR VERIFIABLE SECRET SHARING IN PROACTIVE NETWORK USING RSA
We consider perfect verifiable secret sharing (VSS) in a synchronous network of n processors (players) where a designated player called the dealer wishes to distribute a secret s among the players in a way that none of them obtain any information, but any t + 1 players obtain full information about the secret. The round complexity of a VSS protocol is defined as the number of rounds performed in the sharing phase. Gennaro, Ishai, Kushilevitz and Rabin showed that three rounds are necessary and sufficient when n > 3t. Sufficiency, however, was only demonstrated by means of an inefficient (i.e., exponential-time) protocol and the construction of inefficient three-round protocol were left as an open problem. In this paper, we present an efficient three-round protocol for VSS. The solution is based on a three-round solution of so-called weak verifiable secret sharing (WSS), for which we also prove that three rounds are a lower bound. Furthermore, we also demonstrate that one round is sufficient for WSS when n > 4t, and that VSS can be achieved in 1 + " amortized rounds (for any " > 0) when n > 3t
- …