FastPay: High-Performance Byzantine Fault Tolerant Settlement

FastPay allows a set of distributed authorities, some of which are Byzantine, to maintain a high-integrity and availability settlement system for pre-funded payments. It can be used to settle payments in a native unit of value (crypto-currency), or as a financial side-infrastructure to support retail payments in fiat currencies. FastPay is based on Byzantine Consistent Broadcast as its core primitive, foregoing the expenses of full atomic commit channels (consensus). The resulting system has low-latency for both confirmation and payment finality. Remarkably, each authority can be sharded across many machines to allow unbounded horizontal scalability. Our experiments demonstrate intra-continental confirmation latency of less than 100ms, making FastPay applicable to point of sale payments. In laboratory environments, we achieve over 80,000 transactions per second with 20 authorities---surpassing the requirements of current retail card payment networks, while significantly increasing their robustness

Zef: Low-latency, Scalable, Private Payments

We introduce Zef, the first Byzantine-Fault Tolerant (BFT) protocol to support payments in anonymous digital coins at arbitrary scale. Zef follows the communication and security model of FastPay: both protocols are asynchronous, low-latency, linearly-scalable, and powered by partially-trusted sharded authorities. In contrast with FastPay, user accounts in Zef are uniquely-identified and safely removable. Zef coins are bound to an account by a digital certificate and otherwise stored off-chain by their owners. To create and redeem coins, users interact with the protocol via privacy-preserving operations: Zef uses randomized commitments and NIZK proofs to hide coin values; and, created coins are made unlinkable using the blind and randomizable threshold anonymous credentials of Coconut. Besides the detailed specifications and our analysis of the protocol, we are making available an open-source implementation of Zef in Rust. Our extensive benchmarks on AWS confirm textbook linear scalability and demonstrate a confirmation time under one second at nominal capacity. Compared to existing anonymous payment systems based on a blockchain, this represents a latency speedup of three orders of magnitude, with no theoretical limit on throughput

On the security of oscillator-based random number generators

Physical random number generators (a.k.a. TRNGs) appear to be critical components of many cryptographic systems. Yet, such building blocks are still too seldom provided with a formal assessment of security, in comparison to what is achieved for conventional cryptography. In this work, we present a comprehensive statistical study of TRNGs based on the sampling of an oscillator subject to phase noise (a.k.a. phase jitters). This classical layout, typically instantiated with a ring oscillator, provides a simple and attractive way to implement a TRNG on a chip. Our mathematical study allows one to evaluate and control the main security parameters of such a random source, including its entropy rate and the biases of certain bit patterns, provided that a small number of physical parameters of the oscillator are known. In order to evaluate these parameters in a secure way, we also provide an experimental method for filtering out the global perturbations affecting a chip and possibly visible to an attacker. Finally, from our mathematical model, we deduce specific statistical tests applicable to the bit stream of a TRNG. In particular, in the case of an insecure configuration, we show how to recover the parameters of the underlying oscillator

Structure, nonlinear properties, and photosensitivity of (GeSe2)​100-​x(Sb2Se3)​x glasses

International audienceChalcogenide glasses from (GeSe2)​100-​x(Sb2Se3)​x system were synthesized, with x varying from 5 to 70, in order to evaluate the influence of antimony selenide addn. on nonlinear optical properties and photosensitivity. Nonlinear refractive index and two photon absorption coeffs. were measured both at 1064 nm in picosecond regime using the Z-​scan technique and at 1.55 μm in femtosecond regime using an original method based on direct anal. of beam profile change while propagating in the chalcogenide glasses. The study of their photosensitivity at 1.55 μm revealed highly glass compn. dependent behavior and quasi-​photostable compns. have been identified in femtosecond regime. To better understand these characteristics, the evolution of the glass transition temp., d. and structure with the chem. compn. were detd

A Fully Abstract Symbolic Semantics for Psi-Calculi

We present a symbolic transition system and bisimulation equivalence for psi-calculi, and show that it is fully abstract with respect to bisimulation congruence in the non-symbolic semantics. A psi-calculus is an extension of the pi-calculus with nominal data types for data structures and for logical assertions representing facts about data. These can be transmitted between processes and their names can be statically scoped using the standard pi-calculus mechanism to allow for scope migrations. Psi-calculi can be more general than other proposed extensions of the pi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, or the concurrent constraint pi-calculus. Symbolic semantics are necessary for an efficient implementation of the calculus in automated tools exploring state spaces, and the full abstraction property means the semantics of a process does not change from the original

Sécurité des protocoles cryptographiques : aspects logiques et calculatoires

This thesis is dedicated to the automatic verification of cryptographic protocols in the logical and computational settings.The first part concerns the security of procotols in the logical (formal) framework. To begin with, we show how to specify various security properties of protocols (secrecy, authentication, resistance to dictionary attacks) in a concurrent language and how to analyze them automatically for a bounded number of sessions. The second part deals with the computational soundness of logical models. We concentrate on static equivalence, applied notably to several kinds of encryption and data vulnerable to dictionary attacks (such as passwords). We show that under simple conditions, any (logical) proof of static equivalence between two messages implies their (computational) indistinguishability.Cette thèse est consacrée au problème de la vérification automatique des protocoles cryptographiques d'un point de vue logique et calculatoire.Dans une première partie, nous abordons la sécurité des protocoles dans le cadre logique (formel). Nous montrons comment spécifier différentes propriétés de sécurité des protocoles (secret, authentification, résistance aux attaques par dictionnaire) au moyen d'un langage de processus et comment les analyser de manière automatique pour un nombre borné de sessions.La seconde partie traite de la justification cryptographique des modèles logiques. Nous nous intéressons ici à la notion d'équivalence statique, appliquée en particulier au chiffrement et aux données vulnérables aux attaques par dictionnaire (par ex. des mots de passe). Dans ce cadre, nous montrons que sous certaines conditions simples, toute preuve logique d'équivalence statique implique d'indistinguibilité cryptographique des données modélisées

Deciding security of protocols against off-line guessing attacks

We provide an effective procedure for deciding the existence of off-line guessing attacks on security protocols, for a bounded number of sessions. The procedure consists of a constraint solving algorithm for determining satisfiability and equivalence of a class of second-order E-unification problems, where the equational theory E is presented by a convergent subterm rewriting system. To the best of our knowledge, this is the first decidability result to use the generic definition of off-line guessing attacks due to Corin et al. based on static equivalence in the applied pi calculus

Économiser l'or du banquier

National audienc