In the standard definition of a commitment scheme, the sender commits to a message and immediately sends the commitment to the recipient interested in it. However the sender may not always know at the time of commitment who will become interested in it. Further, when the interested party does emerge, it could be critical to establish when the commitment was made. Employing a proof of work protocol at commitment time will later allow anyone to "carbon date" when the commitment was made, approximately, without trusting any external parties. We present CommitCoin, an instantiation of this approach that harnesses the existing computational power of the Bitcoin peer-to-peer network; a network used to mint and trade digital cash.

/pdf/commitcoin-carbon-dating-commitments-with-bitcoin-short-1cnol18rt7.pdf

CommitCoin: Carbon Dating Commitments with Bitcoin (Short Paper)

We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.

A forward-secure digital signature scheme.

Client puzzles are meant to act as a defense against denial of service (DoS) attacks by requiring a client to solve some moderately hard problem before being granted access to a resource. However, recent client puzzle difficulty definitions (Stebila and Ustaoglu, 2009; Chen et al., 2009) do not ensure that solving n puzzles is n times harder than solving one puzzle. Motivated by examples of puzzles where this is the case, we present stronger definitions of difficulty for client puzzles that are meaningful in the context of adversaries with more computational power than required to solve a single puzzle.

A protocol using strong client puzzles may still not be secure against DoS attacks if the puzzles are not used in a secure manner. We describe a security model for analyzing the DoS resistance of any protocol in the context of client puzzles and give a generic technique for combining any protocol with a strong client puzzle to obtain a DoS-resistant protocol.

/pdf/stronger-difficulty-notions-for-client-puzzles-and-denial-of-2zle4tgbmn.pdf

Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols

Discrete exponential operation, such as modular exponentiation and scalar multiplication on elliptic curves, is a basic operation of many public-key cryptosystems. However, the exponential operations are considered prohibitively expensive for resource-constrained mobile devices. In this paper, we address the problem of secure outsourcing of exponentiation operations to one single untrusted server. Our proposed secure outsourcing scheme for general exponential (ExpSOS) only requires a very limited number of modular multiplications at local mobile environment, and thus it can achieve significant computational performance gain. ExpSOS also provides a secure verification scheme with probability approximately 1 to ensure that the mobile end users can always receive valid results. The comprehensive analysis as well as the simulation results in real mobile device demonstrates that our proposed ExpSOS can significantly improve the existing schemes in efficiency, security, and result verifiability. We apply ExpSOS to securely outsource several cryptographic protocols to show that ExpSOS can be widely applied to many computation-intensive applications and achieve significant performance improvement.

ExpSOS: Secure and Verifiable Outsourcing of Exponentiation Operations for Mobile Cloud Computing

Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols.

The problem of securely outsourcing cryptographic computations to the untrusted servers was formally addressed first by Hohenberger and Lysyanskaya in TCC 2005. They presented an algorithm which outsources computation of modular exponentiations securely to two non-interacting third-party servers but the checkability of third-party computations has probability 1 / 2. Chen et al. improved this algorithm for two non-colluding servers by increasing the checkability probability to 2/3. For real-world cryptographic applications it is desirable that the checkability probability is \(1-\epsilon \), where \(\epsilon \) becomes negligible for appropriate parameter choices. Towards a more practical use, we present an algorithm(s) for secure outsourcing of (simultaneous) modular exponentiation(s) which can be seen as another application of the Chinese remainder theorem (CRT). Interestingly the checkability probability of our algorithm is 1 in the presence of two non colluding servers. Our algorithm is superior in both efficiency and checkability compared to that of the previously known schemes of the same kind. Finally we discuss the potential practical applications for our outsourcing schemes, for example computing the final exponentiation in pairings.

CRT-Based Outsourcing Algorithms for Modular Exponentiations

Client puzzles are meant to act as a defense against denial of service (DoS) attacks by requir-ing a client to solve some moderately hard problem before being granted access to a resource.However, recent client puzzle diculty de nitions (Stebila and Ustaoglu, 2009; Chen et al.,2009) do not ensure that solving n puzzles is n times harder than solving one puzzle. Motivatedby examples of puzzles where this is the case, we present stronger de nitions of diculty forclient puzzles that are meaningful in the context of adversaries with more computational powerthan required to solve a single puzzle.A protocol using strong client puzzles may still not be secure against DoS attacks if thepuzzles are not used in a secure manner. We describe a security model for analyzing the DoSresistance of any protocol in the context of client puzzles and give a generic technique forcombining any protocol with a strong client puzzle to obtain a DoS-resistant protocol.Keywords: client puzzles, proof of work, denial of service resistance, protocols

Stronger diculty notions for client puzzles and denial-of-service-resistant protocols (full version)

Lightweight ciphers become indispensable and inevitable in the ubiquitous smart devices. However, the security of ciphers is often subverted by various types of attacks, especially, implementation attacks such as side-channel attacks. These attacks emphasise the necessity of providing efficient countermeasures. In this paper, our contribution is threefold: First, we propose a method to choose the efficient decomposition of S-box in terms of area. Then we slightly alter the widely used formula to improve the accuracy for weighted sum estimation of the shared S-Box and present the practical implementation of two level decomposition using PRINCE S-Box. Finally, we present the first quantitative study on the efficacy of Transparency Order (TO) of decomposed S-Boxes in thwarting a side-channel attack. For PRINCE S-Box we observe that TO-based decomposed implementation has better DPA resistivity than the naive implementation. To benchmark the DPA resistivity of TO(decomposed S-Box) implementation we arrive at an efficient threshold implementation of PRINCE, which itself merits to be an interesting contribution.

Decomposed S-Boxes and DPA Attacks: A Quantitative Case Study using PRINCE.

For the past few years, research works on the topic of secure outsourcing of cryptographic computations has drawn significant attention from academics in security and cryptology disciplines as well as information security practitioners. One main reason for this interest is their application for resource constrained devices such as RFID tags. While there has been significant progress in this domain since Hohenberger and Lysyanskaya have provided formal security notions for secure computation delegation, there are some interesting challenges that need to be solved that can be useful towards a wider deployment of cryptographic protocols that enable secure outsourcing of cryptographic computations. This position paper brings out these challenging problems with RFID technology as the use case together with our ideas, where applicable, that can provide a direction towards solving the problems.

Jothi Rangasamy

Papers

CRT-Based Outsourcing Algorithms for Modular Exponentiations

Stronger diculty notions for client puzzles and denial-of-service-resistant protocols (full version)

Decomposed S-Boxes and DPA Attacks: A Quantitative Case Study using PRINCE.

On secure outsourcing of cryptographic computations to cloud

Decomposed S-Boxes and DPA Attacks: A Quantitative Case Study Using PRINCE