3 research outputs found
Tight Short-Lived Signatures
A Time-lock puzzle (TLP) sends information into the future: a predetermined
number of sequential computations must occur (i.e., a predetermined amount of
time must pass) to retrieve the information, regardless of parallelization.
Buoyed by the excitement around secure decentralized applications and
cryptocurrencies, the last decade has witnessed numerous constructions of TLP
variants and related applications (e.g., cost-efficient blockchain designs,
randomness beacons, e-voting, etc.).
In this poster, we first extend the notion of TLP by formally defining the
"time-lock public key encryption" (TLPKE) scheme. Next, we introduce and
construct a "tight short-lived signatures" scheme using our TLPKE. Furthermore,
to test the validity of our proposed schemes, we do a proof-of-concept
implementation and run detailed simulations
Trenchcoat: Human-Computable Hashing Algorithms for Password Generation
The average user has between 90-130 online accounts, and around passwords are in use this year. Most people are terrible at
remembering "random" passwords, so they reuse or create similar passwords using
a combination of predictable words, numbers, and symbols. Previous
password-generation or management protocols have imposed so large a cognitive
load that users have abandoned them in favor of insecure yet simpler methods
(e.g., writing them down or reusing minor variants).
We describe a range of candidate human-computable "hash" functions suitable
for use as password generators - as long as the human (with minimal education
assumptions) keeps a single, easily-memorizable "master" secret - and rate them
by various metrics, including effective security.
These functions hash master-secrets with user accounts to produce sub-secrets
that can be used as passwords; s, takes a website
, produces a password , parameterized by master secret , which may or
may not be a string.
We exploit the unique configuration of each user's associative and
implicit memory (detailed in section 2) to ensure that sources of randomness
unique to each user are present in each master-secret . An adversary
cannot compute or verify efficiently since is unique to each
individual; in that sense, our hash function is similar to a physically
unclonable function. For the algorithms we propose, the user need only complete
primitive operations such as addition, spatial navigation or searching.
Critically, most of our methods are also accessible to neurodiverse, or
cognitively or physically differently-abled persons.
We present results from a survey (n=134 individuals) investigating real-world
usage of these methods and how people currently come up with their passwords,
we also survey 400 websites to collate current password advice
RANDGENER: Distributed Randomness Beacon from Verifiable Delay Function
Buoyed by the excitement around secure decentralized applications, the last
few decades have seen numerous constructions of distributed randomness beacons
(DRB) along with use cases; however, a secure DRB (in many variations) remains
an open problem. We further note that it is natural to want some kind of reward
for participants who spend time and energy evaluating the randomness beacon
value -- this is already common in distributed protocols.
In this work, we present RandGener, a novel -party commit-reveal-recover
(or collaborative) DRB protocol with a novel reward and penalty mechanism along
with a set of realistic guarantees. We design our protocol using trapdoor
watermarkable verifiable delay functions in the RSA group setting (without
requiring a trusted dealer or distributed key generation)