Keyword-Based Delegable Proofs of Storage

Cloud users (clients) with limited storage capacity at their end can outsource bulk data to the cloud storage server. A client can later access her data by downloading the required data files. However, a large fraction of the data files the client outsources to the server is often archival in nature that the client uses for backup purposes and accesses less frequently. An untrusted server can thus delete some of these archival data files in order to save some space (and allocate the same to other clients) without being detected by the client (data owner). Proofs of storage enable the client to audit her data files uploaded to the server in order to ensure the integrity of those files. In this work, we introduce one type of (selective) proofs of storage that we call keyword-based delegable proofs of storage, where the client wants to audit all her data files containing a specific keyword (e.g., "important"). Moreover, it satisfies the notion of public verifiability where the client can delegate the auditing task to a third-party auditor who audits the set of files corresponding to the keyword on behalf of the client. We formally define the security of a keyword-based delegable proof-of-storage protocol. We construct such a protocol based on an existing proof-of-storage scheme and analyze the security of our protocol. We argue that the techniques we use can be applied atop any existing publicly verifiable proof-of-storage scheme for static data. Finally, we discuss the efficiency of our construction.Comment: A preliminary version of this work has been published in International Conference on Information Security Practice and Experience (ISPEC 2018

A Survey on Exotic Signatures for Post-Quantum Blockchain: Challenges & Research Directions

Blockchain technology provides efficient and secure solutions to various online activities by utilizing a wide range of cryptographic tools. In this paper, we survey the existing literature on post-quantum secure digital signatures that possess exotic advanced features and which are crucial cryptographic tools used in the blockchain ecosystem for (i) account management, (ii) consensus efficiency, (iii) empowering scriptless blockchain, and (iv) privacy. The exotic signatures that we particularly focus on in this work are the following: multi-/aggregate, threshold, adaptor, blind and ring signatures. Herein the term exotic refers to signatures with properties which are not just beyond the norm for signatures e.g. unforgeability, but also imbue new forms of functionalities. Our treatment of such exotic signatures includes discussions on existing challenges and future research directions in the post-quantum space. We hope that this article will help to foster further research to make post-quantum cryptography more accessible so that blockchain systems can be made ready in advance of the approaching quantum threats

Post-Quantum Authentication in the MQTT Protocol

Message Queue Telemetry Transport (MQTT) is a common communication protocol used in the Internet of Things (IoT). MQTT is a simple, lightweight messaging protocol used to establish communication between multiple devices relying on the publish–subscribe model. However, the protocol does not provide authentication, and most proposals to incorporate it lose their lightweight feature and do not consider the future risk of quantum attacks. IoT devices are generally resource-constrained, and postquantum cryptography is often more computationally resource-intensive compared to current cryptographic standards, adding to the complexity of the transition. In this paper, we use the postquantum digital signature scheme CRYSTALS-Dilithium to provide authentication for MQTT and determine what the CPU, memory and disk usage are when doing so. We further investigate another possibility to provide authentication when using MQTT, namely a key encapsulation mechanism (KEM) trick proposed in 2020 for transport level security (TLS). Such a trick is claimed to save up to 90% in CPU cycles. We use the postquantum KEM scheme CRYSTALS-KYBER and compare the resulting CPU, memory and disk usages with traditional authentication. We found that the use of KEM for authentication resulted in a speed increase of 25 ms, a saving of 71%. There were some extra costs for memory but this is minimal enough to be acceptable for most IoT devices

Generic Blockchain on Generic Human Behavior

International audienceBlockchain is a type of distributed ledger. A wide range of consensus algorithms exists to reach consensus in a decentralized manner. However, most of them trade energy consumption for a degree of openness. Blockchains are primarily used for tokens and cryptocurrencies. Often the process of minting new tokens depends on actionable real world behaviors. A difficulty persists in securely translating said behavior into a decentralized blockchain. We formalize the generic concept of Proof of Behavior (PoB), and use it to create a consensus mechanism for generic permissionless blockchains

Query Processing in Blockchain Systems: Current State and Future Challenges

When, in 2008, Satoshi Nakamoto envisioned the first distributed database management system that relied on cryptographically secured chain of blocks to store data in an immutable and tamper-resistant manner, his primary use case was the introduction of a digital currency. Owing to this use case, the blockchain system was geared towards efficient storage of data, whereas the processing of complex queries, such as provenance analyses of data history, is out of focus. The increasing use of Internet of Things technologies and the resulting digitization in many domains, however, have led to a plethora of novel use cases for a secure digital ledger. For instance, in the healthcare sector, blockchain systems are used for the secure storage and sharing of electronic health records, while the food industry applies such systems to enable a reliable food-chain traceability, e.g., to prove compliance with cold chains. In these application domains, however, querying the current state is not sufficient—comprehensive history queries are required instead. Due to these altered usage modes involving more complex query types, it is questionable whether today’s blockchain systems are prepared for this type of usage and whether such queries can be processed efficiently by them. In our paper, we therefore investigate novel use cases for blockchain systems and elicit their requirements towards a data store in terms of query capabilities. We reflect the state of the art in terms of query support in blockchain systems and assess whether it is capable of meeting the requirements of such more sophisticated use cases. As a result, we identify future research challenges with regard to query processing in blockchain systems

Trustworthy, Secure, and Privacy-aware Food Monitoring Enabled by Blockchains and the IoT

A large number of food scandals (e. g., falsely declared meat or non-compliance with hygiene regulations) are causing considerable concern to consumers. Although Internet of Things (IoT) technologies are used in the food industry to monitor production (e. g., for tracing the origin of meat or monitoring cold chains), the gathered data are not used to provide full transparency to the consumer. To achieve this, however, three aspects must be considered: a) The origin of the data must be verifiable, i. e., it must be ensured that the data originate from calibrated sensors. b) The data must be stored tamper-resistant, immutable, and open to all consumers. c) Despite this openness, the privacy of affected data subjects (e. g., the carriers) must still be protected. To this end, we introduce the SHEEPDOG architecture that “shepherds” products from production to purchase to enable a trustworthy, secure, and privacy-aware food monitoring. In SHEEPDOG, attribute-based credentials ensure trustworthy data acquisition, blockchain technologies provide secure data storage, and fine-grained access control enables privacy-aware data provision