100 research outputs found
Preserving transparency and accountability in optimistic fair exchange of digital signatures
Optimistic fair exchange (OFE) protocols are useful tools for two participants to fairly exchange items with the aid of a third party who is only involved if needed. A widely accepted requirement is that the third party\u27s involvement in the exchange must be transparent, to protect privacy and avoid bad publicity. At the same time, a dishonest third party would compromise the fairness of the exchange and the third party thus must be responsible for its behaviors. This is achieved in OFE protocols with another property called accountability. It is unfortunate that the accountability has never been formally studied in OFE since its introduction ten years ago. In this paper, we fill these gaps by giving the first complete definition of accountability in OFE where one of the exchanged items is a digital signature and a generic (also the first) design of OFE where transparency and accountability coexist
Privacy enhancing technologies : protocol verification, implementation and specification
In this thesis, we present novel methods for verifying, implementing and specifying protocols. In particular, we focus properties modeling data protection and the protection of privacy. In the first part of the thesis, the author introduces protocol verification and presents a model for verification that encompasses so-called Zero-Knowledge (ZK) proofs. These ZK proofs are a cryptographic primitive that is particularly suited for hiding information and hence serves the protection of privacy. The here presented model gives a list of criteria which allows the transfer of verification results from the model to the implementation if the criteria are met by the implementation. In particular, the criteria are less demanding than the ones of previous work regarding ZK proofs. The second part of the thesis contributes to the area of protocol implementations. Hereby, ZK proofs are used in order to improve multi-party computations. The third and last part of the thesis explains a novel approach for specifying data protection policies. Instead of relying on policies, this approach relies on actual legislation. The advantage of relying on legislation is that often a fair balancing is introduced which is typically not contained in regulations or policies.In dieser Arbeit werden neue Methoden zur Verifikation, Implementierung und Spezifikation im von Protokollen vorgestellt. Ein besonderer Fokus liegt dabei auf Datenschutz-Eigenschaften und dem Schutz der Privatsph¨are. Im ersten Teil dieser Arbeit geht der Author auf die Protokoll- Verifikation ein und stellt ein Modell zur Verifikation vor, dass sogenannte Zero-Knowledge (ZK) Beweise enth¨alt. Diese ZK Beweise sind ein kryptographisches primitiv, dass insbesondere zum Verstecken von Informationen geeignet ist und somit zum Schutz der Privatsph¨are dient. Das hier vorgestellte Modell gibt eine Liste von Kriterien, welche eine Implementierung der genutzten kryptographischen Primitive erf¨ullen muss, damit die verifikationen im Modell sich auf Implementierungen ¨ubertragen lassen. In Bezug auf ZK Beweise sind diese Kriterien sch¨acher als die vorangegangener Arbeiten. Der zweite Teil der Arbeit wendet sich der Implementierung von Protokollen zu. Hierbei werden dann ZK Beweise verwendet um sichere Mehrparteienberechnungen zu verbessern. Im dritten und letzten Teil der Arbeit wird eine neuartige Art der Spezifikation von Datenschutz-Richtlinien erl¨autert. Diese geht nicht von Richtlinien aus, sondern von der Rechtsprechung. Der Vorteil ist, dass in der Rechtsprechung konkrete Abw¨agungen getroffen werden, die Gesetze und Richtlinien nicht enthalten
Collusion-Preserving Computation
In collusion-free protocols, subliminal communication is impossible and parties are thus unable to communicate ``any information beyond what the protocol allows\u27\u27. Collusion-free protocols are interesting for several reasons, but have specifically attracted attention because they can be used to reduce trust in game-theoretic mechanisms. Collusion-free protocols are impossible to achieve (in general) when all parties are connected by point-to-point channels, but exist under certain physical assumptions (Lepinksi et al., STOC~2005) or in specific network topologies (Alwen et al., Crypto~2008).
We provide a ``clean-slate\u27\u27 definition of the stronger notion of collusion preservation. Our goals in revisiting the definition are:
-- To give a definition with respect to arbitrary communication resources (that includes as special cases the communication models from prior work). We can then, in particular, better understand what types of resources enable collusion-preserving protocols.
-- To construct protocols that allow no additional subliminal communication in the case when parties can communicate (a bounded amount of information) via other means. (This property is not implied by collusion-freeness.)
-- To provide a definition supporting \emph{composition}, so that protocols can be designed in a modular fashion using sub-protocols run among subsets of the parties.
In addition to proposing the definition, we explore implications of our model and show a general feasibility result for collusion-preserving computation of
arbitrary functionalities
SoK: Public Randomness
Public randomness is a fundamental component in many cryptographic protocols and distributed systems and often plays a crucial role in ensuring their security, fairness, and transparency properties. Driven by the surge of interest in blockchain and cryptocurrency platforms and the usefulness of such component in those areas, designing secure protocols to generate public randomness in a distributed manner has received considerable attention in recent years. This paper presents a systematization of knowledge on the topic of public randomness with a focus on cryptographic tools providing public verifiability and key themes underlying these systems. We provide concrete insights on how state-of-the-art protocols achieve this task efficiently in an adversarial setting and present various research gaps that may be suitable for future research
Advances in signatures, encryption, and E-Cash from bilinear groups
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 147-161).We present new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions. Our constructions are based on a special type of algebraic group called bilinear groups. 1. Re-Signatures: We present the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signature on the same message. The special information, however, allows nothing else, i.e., the proxy cannot translate from Bob to Alice, nor can it sign on behalf of either Alice or Bob. We show that a path through a graph can be cheaply authenticated using this scheme, with applications to electronic passports. 2. Re-Encryption: We present the first public key cryptosystem where a semi-trusted proxy, given special information, can translate an encryption of a message under Alice's key into an encryption of the same message under Bob's key. Again, the special information allows nothing else, i.e. the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. We apply this scheme to create a new mechanism for secure distributed storage.(cont.) 3. Compact; E-Cash with Tracing and Bounded-Anonymity: We present an offline e-cash system where 2 coins can be stored in O(e + k) bits and withdrawn or spent in 0(f + k) time, where k is the security parameter. The best previously known schemes required at least one of these complexities to be 0(2t . k). In our system, a user's transactions are anonymous and unlinkable, unless she performs a forbidden action, such as double-spending a coin. Performing a forbidden action reveals the identity of the user, and optionally allows to trace all of her past transactions. We provide solutions without using a trusted party. We argue why features of our system are likely to be crucial to the adoption of any e-cash system.by Susan Hohenberger.Ph.D
Cryptographic Protocols for Privacy Enhancing Technologies: From Privacy Preserving Human Attestation to Internet Voting
Desire of privacy is oftentimes associated with the intention to hide certain
aspects of our thoughts or actions due to some illicit activity. This is a
narrow understanding of privacy, and a marginal fragment of the motivations
for undertaking an action with a desired level of privacy. The right for not
being subject to arbitrary interference of our privacy is part of the universal
declaration of human rights (Article 12) and, above that, a requisite for
our freedom. Developing as a person freely, which results in the development
of society, requires actions to be done without a watchful eye. While
the awareness of privacy in the context of modern technologies is not widely
spread, it is clearly understood, as can be seen in the context of elections,
that in order to make a free choice one needs to maintain its privacy. So
why demand privacy when electing our government, but not when selecting
our daily interests, books we read, sites we browse, or persons we encounter?
It is popular belief that the data that we expose of ourselves would not be
exploited if one is a law-abiding citizen. No further from the truth, as this
data is used daily for commercial purposes: users’ data has value. To make
matters worse, data has also been used for political purposes without the
user’s consent or knowledge. However, the benefits that data can bring to
individuals seem endless and a solution of not using this data at all seems
extremist. Legislative efforts have tried, in the past years, to provide mechanisms
for users to decide what is done with their data and define a framework
where companies can use user data, but always under the consent of the latter.
However, these attempts take time to take track, and have unfortunately
not been very successful since their introduction.
In this thesis we explore the possibility of constructing cryptographic protocols
to provide a technical, rather than legislative, solution to the privacy
problem. In particular we focus on two aspects of society: browsing and
internet voting. These two events shape our lives in one way or another, and
require high levels of privacy to provide a safe environment for humans to
act upon them freely. However, these two problems have opposite solutions.
On the one hand, elections are a well established event in society that has
been around for millennia, and privacy and accountability are well rooted
requirements for such events. This might be the reason why its digitalisation
is something which is falling behind with respect to other acts of our society
(banking, shopping, reading, etc). On the other hand, browsing is a recently
introduced action, but that has quickly taken track given the amount of possibilities
that it opens with such ease. We now have access to whatever we
can imagine (except for voting) at the distance of a click. However, the data
that we generate while browsing is extremely sensitive, and most of it is disclosed to third parties under the claims of making the user experience better
(targeted recommendations, ads or bot-detection).
Chapter 1 motivates why resolving such a problem is necessary for the
progress of digital society. It then introduces the problem that this thesis
aims to resolve, together with the methodology. In Chapter 2 we introduce
some technical concepts used throughout the thesis. Similarly, we expose the
state-of-the-art and its limitations.
In Chapter 3 we focus on a mechanism to provide private browsing. In
particular, we focus on how we can provide a safer, and more private way, for
human attestation. Determining whether a user is a human or a bot is important
for the survival of an online world. However, the existing mechanisms
are either invasive or pose a burden to the user. We present a solution that
is based on a machine learning model to distinguish between humans and
bots that uses natural events of normal browsing (such as touch the screen
of a phone) to make its prediction. To ensure that no private data leaves
the user’s device, we evaluate such a model in the device rather than sending
the data over the wire. To provide insurance that the expected model has
been evaluated, the user’s device generates a cryptographic proof. However
this opens an important question. Can we achieve a high level of accuracy
without resulting in a noneffective battery consumption? We provide a positive
answer to this question in this work, and show that a privacy-preserving
solution can be achieved while maintaining the accuracy high and the user’s
performance overhead low.
In Chapter 4 we focus on the problem of internet voting. Internet voting
means voting remotely, and therefore in an uncontrolled environment.
This means that anyone can be voting under the supervision of a coercer,
which makes the main goal of the protocols presented to be that of coercionresistance.
We need to build a protocol that allows a voter to escape the
act of coercion. We present two proposals with the main goal of providing
a usable, and scalable coercion resistant protocol. They both have different
trade-offs. On the one hand we provide a coercion resistance mechanism
that results in linear filtering, but that provides a slightly weaker notion of
coercion-resistance. Secondly, we present a mechanism with a slightly higher
complexity (poly-logarithmic) but that instead provides a stronger notion of
coercion resistance. Both solutions are based on a same idea: allowing the
voter to cast several votes (such that only the last one is counted) in a way
that cannot be determined by a coercer.
Finally, in Chapter 5, we conclude the thesis, and expose how our results
push one step further the state-of-the-art. We concisely expose our contributions,
and describe clearly what are the next steps to follow. The results
presented in this work argue against the two main claims against privacy preserving solutions: either that privacy is not practical or that higher levels
of privacy result in lower levels of security.Programa de Doctorado en Ciencia y TecnologĂa Informática por la Universidad Carlos III de MadridPresidente: AgustĂn MartĂn Muñoz.- Secretario: JosĂ© MarĂa de Fuentes GarcĂa-Romero de Tejada.- Vocal: Alberto Peinado DomĂngue
Signing on Elements in Bilinear Groups for Modular Protocol Design
A signature scheme is called structure-preserving if its verification keys, messages, and signatures are group elements and the verification predicate is a conjunction of pairing product equations. We answer to the open problem of constructing a constant-size structure-preserving signature scheme. The security is proven in the standard model based on a novel non-interactive assumption that can be justified and has an optimal bound in the generic bilinear group model. We also present efficient structure-preserving signature schemes with advanced properties including signing unbounded number of group elements, allowing simulation in the common reference string model, signing messages from mixed groups in the asymmetric bilinear group setting, and strong unforgeability. Among many applications, we show two examples; an adaptively secure round optimal blind signature scheme and a group signature scheme with efficient concurrent join. As a bi-product, several homomorphic trapdoor commitment schemes and one-time signature schemes are presented, too. In combination with the Groth-Sahai non-interactive proof system, these schemes contribute to give efficient instantiations to modular constructions of cryptographic protocols
Towards a New Generation of Permissioned Blockchain Systems
With the release of Satoshi Nakamoto's Bitcoin system in 2008 a new decentralized computation paradigm, known as blockchain, was born. Bitcoin promised a trading network for virtual coins, publicly available for anyone to participate in but owned by nobody. Any participant could propose a transaction and a lottery mechanism decided in which order these transactions would be recorded in a ledger with an elegant mechanism to prevent double spending. The remarkable achievement of Nakamoto's protocol was that participants did not have to trust each other to behave correctly for it to work. As long as more than half of the network participants adhered to the correct code, the recorded transactions on the ledger would both be valid and immutable.
Ethereum, as the next major blockchain to appear, improved on the initial idea by introducing smart contracts, which are decentralized Turing-complete stored procedures, thus making blockchain technology interesting for the enterprise setting. However, its intrinsically public data and prohibitive energy costs needed to be overcome. This gave rise to a new type of systems called permissioned blockchains. With these, access to the ledger is restricted and trust assumptions about malicious behaviour have been weakened, allowing more efficient consensus mechanisms to find a global order of transactions. One of the most popular representatives of this kind of blockchain is Hyperledger Fabric. While it is much faster and more energy efficient than permissionless blockchains, it has to compete with conventional distributed databases in the enterprise sector.
This thesis aims to mitigate Fabric's three major shortcomings. First, compared to conventional database systems, it is still far too slow. This thesis shows how the performance can be increased by a factor of seven by redesigning the transaction processing pipeline and introducing more efficient data structures. Second, we present a novel solution to Fabric's intrinsic problem of a low throughput for workloads with transactions that access the same data. This is achieved by analyzing the dependencies of transactions and selectively re-executing transactions when a conflict is detected. Third, this thesis tackles the preservation of private data. Even though access to the blockchain as a whole can be restricted, in a setting where multiple enterprises collaborate this is not sufficient to protect sensitive proprietary data. Thus, this thesis introduces a new privacy-preserving blockchain protocol based on network sharding and targeted data dissemination. It also introduces an additional layer of abstraction for the creation of transactions and interaction with data on the blockchain. This allows developers to write applications without the need for low-level knowledge of the internal data structure of the blockchain system. In summary, this thesis addresses the shortcomings of the current generation of permission blockchain systems
- …