Subliminal channels in post-quantum digital signature schemes

We analyze the digital signatures schemes submitted to NIST\u27s Post-Quantum Cryptography Standardization Project in search for subliminal channels

Kleptography and steganography in blockchains

Despite its vast proliferation, the blockchain technology is still evolving, and witnesses continuous technical innovations to address its numerous unresolved issues. An example of these issues is the excessive electrical power consumed by some consensus protocols. Besides, although various media reports have highlighted the existence of objectionable content in blockchains, this topic has not received sufficient research. Hence, this work investigates the threat and deterrence of arbitrary-content insertion in public blockchains, which poses a legal, moral, and technical challenge. In particular, the overall aim of this work is to thoroughly study the risk of manipulating the implementation of randomized cryptographic primitives in public blockchains to mount kleptographic attacks, establish steganographic communication, and store arbitrary content. As part of our study, we present three new kleptographic attacks on two of the most commonly used digital signatures: ring signature and ECDSA. We also demonstrate our kleptographic attacks on two real cryptocurrencies: Bytecoin and Monero. Moreover, we illustrate the plausibility of hijacking public blockchains to establish steganographic channels. Particularly, we design, implement, and evaluate the first blockchain-based broadcast communication tool on top of a real-world cryptocurrency. Furthermore, we explain the detrimental consequences of kleptography and steganography on the users and the future of the blockchain technology. Namely, we show that kleptography can be used to surreptitiously steal the users' secret signing keys, which are the most valuable and guarded secret in public blockchains. After losing their keys, users of cryptocurrencies will inevitably lose their funds. In addition, we clarify that steganography can be used to establish subliminal communication and secretly store arbitrary content in public blockchains, which turns them into cheap cyberlockers. Consequently, the participation in such blockchains, which are known to store unethical content, can be criminalized, hindering the future adoption of blockchains. After discussing the adverse effects of kleptographic and steganographic attacks on blockchains, we survey all of the existing techniques that can defend against these attacks. Finally, due to the shortcomings of the available techniques, we propose four countermeasures that ensure kleptography and steganography-resistant public blockchains. Our countermeasures include two new cryptographic primitives and a generic steganographyresistant blockchain framework (SRBF). This framework presents a universal solution that deters steganography and practically achieves the right to be forgotten (RtbF) in blockchains, which represents a regulatory challenge for current immutable blockchains

ID-Based Digital Signatures with Security Enhanced Approach, Journal of Telecommunications and Information Technology, 2009, nr 4

In the paper the ID-based digital signatures with signer’s protection in case of the private key compromising is investigated. The proposed protocols have two main ingredients. First is the application of the credential system for the suitable verification key approval. Second is the application of the subliminal channel together with the interactive generation of the secret key, to obtain the increased resistance of the system against the powerful adversary. The particular interest was turned towards the significance of the deniable encryption in creation of the corresponding protocols

Tõhus peit- ja aktiivse ründaja vastu kaitstud turvaline ühisarvutus

Turvaline ühisarvutus on tänapäevase krüptograafia üks tähtsamaid kasutusviise, mis koondab elegantsed matemaatilised lahendused praktiliste rakenduste ehitamiseks, võimaldades mitmel erineval andmeomanikul sooritada oma andmetega suvalisi ühiseid arvutusi, ilma neid andmeid üksteisele avaldamata. Passiivse ründaja vastu turvalised protokollid eeldavad, et kõik osapooled käituvad ausalt. Aktiivse ründaja vastu turvalised protokollid ei lekita privaatseid andmeid sõltumata ründaja käitumisest. Käesolevas töös esitatakse üldine meetod, mis teisendab passiivse ründaja vastu turvalised ühisarvutusprotokollid turvaliseks aktiivse ründaja vastu. Meetod on optimeeritud kolme osapoolega arvutusteks üle algebraliste ringide; praktikas on see väga efektiivne mudel, mis teeb reaalse maailma rakendused teostatavateks. Meetod lisab esialgsele arvutusprotokollile täitmisjärgse verifitseerimisfaasi, mis muudab valesti käitunud osapooltel vahelejäämise vältimise tõenäosuse kaduvväikseks, säilitades esialgse protokolli turvagarantiid. Lisaks uurib käesolev töö rünnete uut eesmärki, mis seisneb mingi ausa osapoole vaate manipuleerimises sellisel viisil, et ta saaks midagi teada teise ausa osapoole privaatsete andmete kohta. Ründaja ise ei tarvitse seda infot üldse teada saada. Sellised ründed on olulised, sest need kohustavad ausat osapoolt tühjendama oma süsteemi teiste osapoolte andmetest, kuid see ülesanne võib olla päris mittetriviaalne. Eelnevalt pakutud verifitseerimismehhanisme täiendatakse nii, et privaatsed andmed oleksid kaitstud ka ausate osapoolte eest. Paljud ühisarvutusplatvormid on varustatud programmeerimiskeelega, mis võimaldab kirjutada privaatsust säilitavaid rakendusi ilma allolevale krüptograafiale mõtlemata. Juhul, kui programm sisaldab tingimuslauseid, kus arvutusharu valik sõltub privaatsetest andmetest, ei tohi ükski osapool haru valikust midagi teada, nii et üldjuhul peavad osapooled täitma kõik harud. Harude suure arvu kor-ral võib arvutuslik lisakulu olla ülisuur, sest enamik vahetulemustest visatakse ära. Käesolevas töös pakutakse selliseid lisakulusid vähendavat optimeerimist.Secure multiparty computation is one of the most important employments of modern cryptography, bringing together elegant mathematical solutions to build up useful practical applications. It allows several distinct data owners to perform arbitrary collaborative computation on their private data without leaking any information to each other. Passively secure protocols assume that all parties follow the protocol rules. Actively secure protocols do not leak private data regardless of the attacker’s behaviour. This thesis presents a generic method for turning passively secure multiparty protocols to actively secure ones. The method is optimized for three party computation over algebraic rings, which has proven to be quite an efficient model, making large real-world applications feasible. Our method adds to the protocol a post-execution verification phase that allows a misbehaving party to escape detection only with negligible probability. It preserves the privacy guarantees of the original protocol. In this thesis, we also study a new adversarial goal in multiparty protocols. The goal is to manipulate the view of some honest party in such a way, that this honest party learns the private data of some other honest party. The adversary itself might not learn this data at all. Such attacks are significant because they create a liability to the first honest party to clean its systems from the second honest party’s data, which may be a highly non-trivial task in practice. We check the security of our verification mechanism in this new model, and we propose some minor modifications that ensure data protection also from the honest parties. Many secure multiparty computation platforms come with a programming language that allows the developer to write privacy-preserving applications without thinking of the underlying cryptography. If a program contains conditional statements where the choice of the computational branch depends on private data, then no party should know which branch has been executed, so in general the parties need to execute all of them. If the number of branches is large, the computational overhead may be enormous, as most of the intermediate results are just discarded. In this thesis, we propose an automatic optimization that reduces this overhead

The role of previous experience in conscious perception

Which factors determine whether a stimulus is consciously perceived or unconsciously processed? Here, I investigate how previous experience on two different time scales – long term experience over the course of several days, and short term experience based on the previous trial – impact conscious perception. Regarding long term experience, I investigate how perceptual learning does not only change the capacity to process stimuli, but also the capacity to consciously perceive them. To this end, subjects are trained extensively to discriminate between masked stimuli, and concurrently rate their subjective experience. Both the ability to discriminate the stimuli as well as subjective awareness of the stimuli increase as a function of training. However, these two effects are not simple byproducts of each other. On the contrary, they display different time courses, with above chance discrimination performance emerging before subjective experience; importantly, the two learning effects also rely on different circuits in the brain: Moving the stimuli outside the trained receptive field size abolishes the learning effects on discrimination ability, but preserves the learning effects on subjective awareness. This indicates that the receptive fields serving subjective experience are larger than the ones serving objective performance, and that the channels through which they receive their information are arranged in parallel. Regarding short term experience, I investigate how memory based predictions arising from information acquired on the trial before affect visibility and the neural correlates of consciousness. To this end, I vary stimulus evidence as well as predictability and acquire electroencephalographic data. A comparison of the neural processes distinguishing consciously perceived from unperceived trials with and without predictions reveals that predictions speed up processing, thus shifting the neural correlates forward in time. Thus, the neural correlates of consciousness display a previously unappreciated flexibility in time and do not arise invariably late as had been predicted by some theorists. Admittedly, however, previous experience does not always stabilize perception. Instead, previous experience can have the reverse effect: Seeing the opposite of what was there, as in so-called repulsive aftereffects. Here, I investigate what determines the direction of previous experience using multistable stimuli. In a functional magnetic resonance imaging experiment, I find that a widespread network of frontal, parietal, and ventral occipital brain areas is involved in perceptual stabilization, whereas the reverse effect is only evident in extrastriate cortex. This areal separation possibly endows the brain with the flexibility to switch between exploiting already available information and emphasizing the new. Taken together, my data show that conscious perception and its neuronal correlates display a remarkable degree of flexibility and plasticity, which should be taken into account in future theories of consciousness

A critical examination of the methodology and evidence of the first and second generation elite leaders of the Society for Psychical Research with particular reference to the life, work and ideas of Frederic WH Myers and his colleagues and to the assessment of the automatic writings allegedly produced post-mortem by him and others (the cross-correspondences).

This thesis outlines the canons of evidence developed by the elite Cambridge- based and educated leaders of the Society for Psychical Research to assess anomalous phenomena, and second, describes the gradual shift away from that approach, by their successors and the reasons for such a partial weakening of those standards, and the consequences for the general health of the SPR .It argues that, for a variety of reasons, this methodology has not always been fully appreciated or described accurately. Partly this is to do with the complex personality of Myers who provoked a range of contradictory responses from both contemporaries and later scholars who studied his life and work; partly to do with the highly selective criticisms of his and his colleagues’ work by TH Hall (which criticisms have entered general discourse without proper examination and challenge); and partly to a failure fully to appreciate how centrally derived their concepts and approaches were from the general concerns of late-Victorian science and social science. Their early achievements (given the base from which they started) were considerable but the methodology they developed was gradually eroded in some fields by their successors. This was partly because of the nature of the material; partly because of the shared, subjective elite networks of the group; and partly because of the impact of the affair of Gerald Balfour and Winifred Coombe-Tennant on the assessment and interpretation of the cross- correspondence automatic writings. This led to some neglect of experimental work and to an almost cultish atmosphere within the leadership of the SPR itself, particularly damaging in the interwar period

Change blindness: eradication of gestalt strategies

Arrays of eight, texture-defined rectangles were used as stimuli in a one-shot change blindness (CB) task where there was a 50% chance that one rectangle would change orientation between two successive presentations separated by an interval. CB was eliminated by cueing the target rectangle in the first stimulus, reduced by cueing in the interval and unaffected by cueing in the second presentation. This supports the idea that a representation was formed that persisted through the interval before being 'overwritten' by the second presentation (Landman et al, 2003 Vision Research 43149–164]. Another possibility is that participants used some kind of grouping or Gestalt strategy. To test this we changed the spatial position of the rectangles in the second presentation by shifting them along imaginary spokes (by ±1 degree) emanating from the central fixation point. There was no significant difference seen in performance between this and the standard task [F(1,4)=2.565, p=0.185]. This may suggest two things: (i) Gestalt grouping is not used as a strategy in these tasks, and (ii) it gives further weight to the argument that objects may be stored and retrieved from a pre-attentional store during this task

A survey of the mathematics of cryptology

Herein I cover the basics of cryptology and the mathematical techniques used in the field. Aside from an overview of cryptology the text provides an in-depth look at block cipher algorithms and the techniques of cryptanalysis applied to block ciphers. The text also includes details of knapsack cryptosystems and pseudo-random number generators

Emotional processing of natural visual images in brief exposures and compound stimuli: fMRI and behavioural studies

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Can the brain register the emotional valence of brief exposures of complex natural stimuli under conditions of forward and backward masking, and under conditions of attentional competition between foveal and peripheral stimuli? To address this question, three experiments were conducted. The first, a behavioural experiment, measured subjective valence of response (pleasant vs unpleasant) to test the perception of the valence of natural images in brief, masked exposures in a forward and backward masking paradigm. Images were chosen from the International Affective Picture System (IAPS) series. After correction for response bias, responses to the majority of target stimuli were concordant with the IAPS ratings at better than chance, even when the presence of the target was undetected. Using functional magnetic resonance imaging (fMRI), the effects of IAPS valence and stimulus category were objectively measured on nine regions of interest (ROIs) using the same strict temporal restrictions in a similar masking design. Evidence of affective processing close to or below conscious threshold was apparent in some of the ROIs. To further this line of enquiry, a second fMRI experiment mapping the same ROIs and using the same stimuli were presented in a foveal (‘attended’) peripheral (‘to-be-ignored’) paradigm (small image superimposed in the centre of a large image of the same category, but opposite valence) to investigate spatial parameters and limitations of attention. Results are interpreted as showing both valence and category specific effects of ‘to-be-ignored’ images in the periphery. These results are discussed in light of theories of the limitations of attentional capacity and the speed in which we process natural images, providing new evidence of the breadth of variety in the types of affective visual stimuli we are able to process close to the threshold of conscious perception.Economic and Social Research Council (ESRC