201 research outputs found
KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures
Email breaches are commonplace, and they expose a wealth of personal,
business, and political data that may have devastating consequences. The
current email system allows any attacker who gains access to your email to
prove the authenticity of the stolen messages to third parties -- a property
arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This
exacerbates the problem of email breaches by greatly increasing the potential
for attackers to damage the users' reputation, blackmail them, or sell the
stolen information to third parties.
In this paper, we introduce "non-attributable email", which guarantees that a
wide class of adversaries are unable to convince any third party of the
authenticity of stolen emails. We formally define non-attributability, and
present two practical system proposals -- KeyForge and TimeForge -- that
provably achieve non-attributability while maintaining the important protection
against spam and spoofing that is currently provided by DKIM. Moreover, we
implement KeyForge and demonstrate that that scheme is practical, achieving
competitive verification and signing speed while also requiring 42% less
bandwidth per email than RSA2048
A counterexample to the chain rule for conditional HILL entropy
Most entropy notions H(.) like Shannon or min-entropy satisfy a chain rule stating that for random variables X,Z, and A we have H(X|Z,A)â„H(X|Z)â|A|. That is, by conditioning on A the entropy of X can decrease by at most the bitlength |A| of A. Such chain rules are known to hold for some computational entropy notions like Yaoâs and unpredictability-entropy. For HILL entropy, the computational analogue of min-entropy, the chain rule is of special interest and has found many applications, including leakage-resilient cryptography, deterministic encryption, and memory delegation. These applications rely on restricted special cases of the chain rule. Whether the chain rule for conditional HILL entropy holds in general was an open problem for which we give a strong negative answer: we construct joint distributions (X,Z,A), where A is a distribution over a single bit, such that the HILL entropy H HILL (X|Z) is large but H HILL (X|Z,A) is basically zero.
Our counterexample just makes the minimal assumption that NPâP/poly. Under the stronger assumption that injective one-way function exist, we can make all the distributions efficiently samplable.
Finally, we show that some more sophisticated cryptographic objects like lossy functions can be used to sample a distribution constituting a counterexample to the chain rule making only a single invocation to the underlying object
Secure Access control Technology towards Data Sharing and Storage in Cloud Computing
Cloud computing is a type of appropriated computing wherein assets and application stages are disseminated over the Internet through on request and pay on use premise. Many cloud storage encryption schemes have been acquainted with shield data from the individuals who don't approach. We make utilization of many schemes which accepted that cloud storage providers are protected and secure. Be that as it may, by and by, a few specialists (i.e., coercers) may attempt to uncover data from the cloud without the authorization of the data proprietor. In this paper, we exhibit that the location of obscurity clients with the utilization of our productive deniable encryption conspire, while the phony clients tries to get data from the cloud they will be furnished with some phony files. With the goal that programmers can't hack the files from the cloud. Also, they are happy with their copy record by that way we can secure the proprietor mystery files or confidential files
The art of post-truth in quantum cryptography
LâĂ©tablissement de clĂ© quantique (abrĂ©gĂ© QKD en anglais) permet Ă deux participants distants, Alice et Bob, dâĂ©tablir une clĂ© secrĂšte commune (mais alĂ©atoire) qui est connue uniquement de ces deux personnes (câest-Ă -dire inconnue dâĂve et de tout autre tiers parti). La clĂ© secrĂšte partagĂ©e est inconditionnellement privĂ©e et peut ĂȘtre plus tard utilisĂ©e, par Alice et Bob, pour transmettre des messages en toute confidentialitĂ©, par exemple sous la forme dâun masque jetable. Le protocole dâĂ©tablissement de clĂ© quantique garantit la confidentialitĂ© inconditionnelle du message en prĂ©sence dâun adversaire (Ăve) limitĂ© uniquement par les lois de la mĂ©canique quantique, et qui ne peut agir sur lâinformation que se partagent Alice et Bob que lors de son transit Ă travers des canaux classiques et quantiques. Mais que se passe-t-il lorsque Ăve a le pouvoir supplĂ©mentaire de contraindre Alice et/ou Bob Ă rĂ©vĂ©ler toute information, jusquâalors gardĂ©e secrĂšte, gĂ©nĂ©rĂ©e lors de lâexĂ©cution (rĂ©ussie) du protocole dâĂ©tablissement de clĂ© quantique (Ă©ventuellement suite Ă la transmission entre Alice et Bob dâun ou plusieurs messages chiffrĂ©s classique Ă lâaide de cette clĂ©), de maniĂšre Ă ce quâĂve puisse reproduire lâentiĂšretĂ© du protocole et retrouver la clĂ© (et donc aussi le message quâelle a chiffrĂ©) ? Alice et Bob peuvent-ils nier la crĂ©ation de la clĂ© de maniĂšre plausible en rĂ©vĂ©lant des informations mensongĂšres pour quâĂve aboutisse sur une fausse clĂ© ? Les protocoles dâĂ©tablissement de clĂ© quantiques peuvent-ils tels quels garantir la possibilitĂ© du doute raisonnable ? Dans cette thĂšse, câest sur cette Ă©nigme que nous nous penchons.
Dans le reste de ce document, nous empruntons le point de vue de la thĂ©orie de lâinformation pour analyser la possibilitĂ© du doute raisonnable lors de lâapplication de protocoles dâĂ©tablissement de clĂ© quantiques. Nous formalisons rigoureusement diffĂ©rents types et degrĂ©s de doute raisonnable en fonction de quel participant est contraint de rĂ©vĂ©ler la clĂ©, de ce que lâadversaire peut demander, de la taille de lâensemble de fausses clĂ©s quâAlice et Bob peuvent prĂ©tendre Ă©tablir, de quand les parties doivent dĂ©cider de la ou des clĂ©s fictives, de quelle est la tolĂ©rance dâĂve aux Ă©vĂ©nements moins probables, et du recours ou non Ă des hypothĂšses de calcul.
Nous dĂ©finissons ensuite rigoureusement une classe gĂ©nĂ©rale de protocoles dâĂ©tablissement de clĂ© quantiques, basĂ©e sur un canal quantique presque parfait, et prouvons que tout protocole dâĂ©tablissement de clĂ© quantique appartenant Ă cette classe satisfait la dĂ©finition la plus gĂ©nĂ©rale de doute raisonnable : Ă savoir, le doute raisonnable universel. Nous en fournissons quelques exemples. Ensuite, nous proposons un protocole hybride selon lequel tout protocole
QKD peut ĂȘtre au plus existentiellement dĂ©niable. De plus, nous dĂ©finissons une vaste classe de protocoles dâĂ©tablissement de clĂ© quantiques, que nous appelons prĂ©paration et mesure, et prouvons lâimpossibilitĂ© dâinstiller lors de ceux-ci tout degrĂ© de doute raisonnable.
Ensuite, nous proposons une variante du protocole, que nous appelons prĂ©paration et mesure floues qui offre un certain niveau de doute raisonnable lorsque Ăve est juste. Par la suite, nous proposons un protocole hybride en vertu duquel tout protocole dâĂ©tablissement de clĂ© quantique ne peut offrir au mieux que lâoption de doute raisonnable existentiel. Finalement, nous proposons une variante du protocole, que nous appelons mono-dĂ©niable qui est seulement Alice dĂ©niable ou Bob dĂ©niable (mais pas les deux).Quantum Key Establishment (QKD) enables two distant parties Alice and Bob to establish a common random secret key known only to the two of them (i.e., unknown to Eve and anyone else). The common secret key is information-theoretically secure. Later, Alice and Bob may use this key to transmit messages securely, for example as a one-time pad. The QKD protocol guarantees the confidentiality of the key from an information-theoretic perspective against an adversary Eve who is only limited by the laws of quantum theory and can act only on the signals as they pass through the classical and quantum channels. But what if Eve has the extra power to coerce Alice and/or Bob after the successful execution of the QKD protocol forcing either both or only one of them to reveal all their private information (possibly also after one or several (classical) ciphertexts encrypted with that key have been transmitted between Alice and Bob) then Eve could go through the protocol and obtain the key (hence also the message)? Can Alice and Bob deny establishment of the key plausibly by revealing fake private information and hence also a fake key? Do QKD protocols guarantee deniability for free in this case? In this Thesis, we investigate this conundrum.
In the rest of this document, we take an information-theoretic perspective on deniability in quantum key establishment protocols. We rigorously formalize different levels and flavours of deniability depending on which party is coerced, what the adversary may ask, what is the size of the fake set that surreptitious parties can pretend to be established, when the parties should decide on the fake key(s), and what is the coercerâs tolerance to less likely events and possibly also computational assumptions.
We then rigorously define a general class of QKD protocols, based on an almost-perfect quantum channel, and prove that any QKD protocol that belongs to this class satisfies the most general flavour of deniability, i.e.,universal deniability. Moreover, we define a broad class of QKD protocols, which we call prepare-and-measure, and prove that these protocols are not deniable in any level or flavour.
Moreover, we define a class of QKD protocols, which we refer to as fuzzy prepare-andmeasure, that provides a certain level of deniability conditioned on Eve being fair. Furthermore, we propose a hybrid protocol under which any QKD protocol can be at most existentially deniable. Finally, we define a class of QKD protocols, which we refer to as mono-deniable, which is either Alice or Bob (but not both) deniable
Wink: Deniable Secure Messaging
End-to-end encrypted (E2EE) messaging is an essential first step towards
combating increasingly privacy-intrusive laws. Unfortunately, it is vulnerable
to compelled key disclosure -- law-mandated, coerced, or simply by device
compromise. This work introduces Wink, the first plausibly-deniable messaging
system protecting message confidentiality even when users are coerced to hand
over keys/passwords. Wink can surreptitiously inject hidden messages in the
standard random coins (e.g., salt, IVs) used by existing E2EE protocols. It
does so as part of legitimate secure cryptographic functionality deployed
inside widely-available trusted execution environments (TEEs) such as
TrustZone. This provides a powerful mechanism for hidden untraceable
communication using virtually unchanged unsuspecting existing E2EE messaging
apps, as well as strong plausible deniability. Wink has been demonstrated with
multiple existing E2EE applications (including Telegram and Signal) with
minimal (external) instrumentation, negligible overheads, and crucially without
changing on-wire message formats
Deniable encryption protocols based on probabilistic public-key encryption
The paper proposes a new method for designing deniable encryption protocols characterized in using RSA-like probabilistic public-key encryption algorithms. Sender-, receiver-, and bi-deniable protocols are described. To provide bi-deniability in the case of attacks perfored by an active coercer stage of entity authentication is used in one of described protocols
- âŠ