Tight Short-Lived Signatures

A Time-lock puzzle (TLP) sends information into the future: a predetermined number of sequential computations must occur (i.e., a predetermined amount of time must pass) to retrieve the information, regardless of parallelization. Buoyed by the excitement around secure decentralized applications and cryptocurrencies, the last decade has witnessed numerous constructions of TLP variants and related applications (e.g., cost-efficient blockchain designs, randomness beacons, e-voting, etc.). In this poster, we first extend the notion of TLP by formally defining the "time-lock public key encryption" (TLPKE) scheme. Next, we introduce and construct a "tight short-lived signatures" scheme using our TLPKE. Furthermore, to test the validity of our proposed schemes, we do a proof-of-concept implementation and run detailed simulations

Trenchcoat: Human-Computable Hashing Algorithms for Password Generation

The average user has between 90-130 online accounts, and around $3 \times 10^{11}$ passwords are in use this year. Most people are terrible at remembering "random" passwords, so they reuse or create similar passwords using a combination of predictable words, numbers, and symbols. Previous password-generation or management protocols have imposed so large a cognitive load that users have abandoned them in favor of insecure yet simpler methods (e.g., writing them down or reusing minor variants). We describe a range of candidate human-computable "hash" functions suitable for use as password generators - as long as the human (with minimal education assumptions) keeps a single, easily-memorizable "master" secret - and rate them by various metrics, including effective security. These functions hash master-secrets with user accounts to produce sub-secrets that can be used as passwords; $F_R($s$, w) \longrightarrow y$, takes a website $w$, produces a password $y$, parameterized by master secret $s$, which may or may not be a string. We exploit the unique configuration $R$ of each user's associative and implicit memory (detailed in section 2) to ensure that sources of randomness unique to each user are present in each master-secret $F_R$. An adversary cannot compute or verify $F_R$ efficiently since $R$ is unique to each individual; in that sense, our hash function is similar to a physically unclonable function. For the algorithms we propose, the user need only complete primitive operations such as addition, spatial navigation or searching. Critically, most of our methods are also accessible to neurodiverse, or cognitively or physically differently-abled persons. We present results from a survey (n=134 individuals) investigating real-world usage of these methods and how people currently come up with their passwords, we also survey 400 websites to collate current password advice

RANDGENER: Distributed Randomness Beacon from Verifiable Delay Function

Buoyed by the excitement around secure decentralized applications, the last few decades have seen numerous constructions of distributed randomness beacons (DRB) along with use cases; however, a secure DRB (in many variations) remains an open problem. We further note that it is natural to want some kind of reward for participants who spend time and energy evaluating the randomness beacon value -- this is already common in distributed protocols. In this work, we present RandGener, a novel $n$-party commit-reveal-recover (or collaborative) DRB protocol with a novel reward and penalty mechanism along with a set of realistic guarantees. We design our protocol using trapdoor watermarkable verifiable delay functions in the RSA group setting (without requiring a trusted dealer or distributed key generation)