Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Ittai Abraham,Philipp Jovanovic,Mary Maller,Sarah Meiklejohn,Gilad Stern,Alin Tomescu

DOI: https://doi.org/10.1007/s00446-022-00436-8

2022-09-10

Distributed Computing

Abstract:We give a protocol for Asynchronous Distributed Key Generation (A-DKG) that is optimally resilient (can withstand faulty parties), has a constant expected number of rounds, has expected communication complexity, and assumes only the existence of a PKI. Prior to our work, the best A-DKG protocols required expected number of rounds, and expected communication. Our A-DKG protocol relies on several building blocks that are of independent interest. We define and design a Proposal Election (PE) protocol that allows parties to retrospectively agree on a valid proposal after enough proposals have been sent from different parties. With constant probability the elected proposal was proposed by a nonfaulty party. In building our PE protocol, we design a Verifiable Gather protocol which allows parties to communicate which proposals they have and have not seen in a verifiable manner. The final building block to our A-DKG is a Validated Asynchronous Byzantine Agreement (VABA) protocol. We use our PE protocol to construct a VABA protocol that does not require leaders or an asynchronous DKG setup. Our VABA protocol can be used more generally when it is not possible to use threshold signatures.

computer science, theory & methods

Haibin Zhang,Sisi Duan,Chao Liu,Boxin Zhao,Xuanji Meng,Shengli Liu,Yong Yu,Fangguo Zhang,Liehuang Zhu

DOI: https://doi.org/10.1109/dsn58367.2023.00059

2023-01-01

Abstract:Distributed key generation (DKG) allows bootstrapping threshold cryptosystems without relying on a trusted party, nowadays enabling fully decentralized applications in blockchains and multiparty computation (MPC). While we have recently seen new advancements for asynchronous DKG (ADKG) protocols, their performance remains the bottleneck for many applications, with only one protocol being implemented (DYX+ ADKG, IEEE S&P 2022). DYX+ ADKG relies on the Decisional Composite Residuosity assumption (being expensive to instantiate) and the Decisional Diffie-Hellman assumption, incurring a high latency (more than 100s with a failure threshold of 16). Moreover, the security of DYX+ ADKG is based on the random oracle model (ROM) which takes hash function as an ideal function; assuming the existence of random oracle is a strong assumption, and up to now, we cannot find any theoretically-sound implementation. Furthermore, the ADKG protocol needs public key infrastructure (PKI) to support the trustworthiness of public keys. The strong models (ROM and PKI) further limit the applicability of DYX+ ADKG, as they would add extra and strong assumptions to underlying threshold cryptosystems. For instance, if the original threshold cryptosystem works in the standard model, then the system using DYX+ ADKG would need to use ROM and PKI. In this paper, we design and implement a modular ADKG protocol that offers improved efficiency and stronger security guarantees. We explore a novel and much more direct reduction from ADKG to the underlying blocks, reducing the computational overhead and communication rounds of ADKG in the normal case. Our protocol works for both the low-threshold and high-threshold scenarios, being secure under the standard assumption (the well-established discrete logarithm assumption only) in the standard model (no trusted setup, ROM, or PKI).

Liang Zhang,Feiyang Qiu,Feng Hao,Haibin Kan

DOI: https://doi.org/10.1109/tifs.2022.3152356

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Distributed key generation (DKG) is widely used in multi-party computation and decentralized applications. DKG has two phases, namely sharing and reconstruction. Most of the prior DKG protocols need at least 2 rounds for the sharing phase, in case some party raises a dispute. The existing 1-round DKG protocol [Fouque et al. , PKC’01], built based on a publicly verifiable secret sharing (PVSS) scheme, assumes a static adversary model and its reconstruction phase requires $O(n^{2})$ communication complexity. Motivated by the observation that a ciphertext-policy attribute-based encryption (CP-ABE) scheme hides secret sharing (SS) in ciphertext, we utilize decentralized CP-ABE to achieve the first adaptively secure 1-round DKG protocol. Firstly, a CP-ABE scheme enables the ciphertexts in DKG to be externally decrypted, making our protocol superior to the PVSS-based DKG protocol in reconstruction. The communication and computation complexities are both lowered to $O(n)$ thanks to the constant-sized decryption key and the proposed batch decryption. The use of CP-ABE also makes our DKG protocol storage-friendly, i.e., the parties store no ciphertext after the sharing phase. Secondly, we add non-interactive zero-knowledge (NIZK) proofs to make the CP-ABE ciphertext publicly verifiable by leveraging the sigma protocol and the Fiat-Shamir heuristic. Thirdly, we demonstrate our protocol’s feasibility by presenting a proof-of-concept implementation over Ethereum, which is used as a public channel and a trustworthy computation platform. The implementation is a non-trivial task due to Ethereum’s incompatibility with the bilinear mapping group.

Hanwen Feng,Tiancheng Mai,Qiang Tang

DOI: https://doi.org/10.1145/3658644.3690253

2024-10-07

Abstract:The classical distributed key generation protocols (DKG) are resurging due to their widespread applications in blockchain. While efforts have been made to improve DKG communication, practical large-scale deployments are still yet to come due to various challenges, including the heavy computation and communication (particularly broadcast) overhead in their adversarial cases. In this paper, we propose a practical DKG for DLog-based cryptosystems, which achieves (quasi-)linear computation and communication per-node cost with the help of a common coin, even in the face of the maximal amount of Byzantine nodes. Moreover, our protocol is secure against adaptive adversaries, which can corrupt less than half of all nodes. The key to our improvements lies in delegating the most costly operations to an Any-Trust group together with a set of techniques for adaptive security. This group is randomly sampled and consists of a small number of individuals. The population only trusts that at least one member in the group is honest, without knowing which one. Moreover, we present a generic transformer that enables us to efficiently deploy a conventional distributed protocol like our DKG, even when the participants have different weights. Additionally, we introduce an extended broadcast channel based on a blockchain and data dispersal network (such as IPFS), enabling reliable broadcasting of arbitrary-size messages at the cost of constant-size blockchain storage.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Michael Sober,Max Kobelt,Giulia Scaffino,Dominik Kaaser,Stefan Schulte

DOI: https://doi.org/10.48550/arXiv.2212.10324

2022-12-20

Cryptography and Security

Abstract:Distributed Key Generation (DKG) is an extensively researched topic as it is fundamental to threshold cryptosystems. Emerging technologies such as blockchains benefit massively from applying threshold cryptography in consensus protocols, randomness beacons, and threshold signatures. However, blockchains and smart contracts also enable further improvements of DKG protocols by providing a decentralized computation and communication platform. For that reason, we propose a DKG protocol that uses smart contracts to ensure the correct execution of the protocol, allow dynamic participation, and provide crypto-economic incentives to encourage honest behavior. The DKG protocol uses a dispute and key derivation mechanism based on Zero-Knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs) to reduce the costs of applying smart contracts by moving the computations off-chain, where the smart contract only verifies the correctness of the computation.

Jie Lin,Hoi-Kwong Lo,Jacob Johannsson,Mattia Montagna,Manfred von Willich

2024-07-31

Abstract:Pre-shared keys (PSK) have been widely used in network security. Nonetheless, existing PSK solutions are not scalable. Moreover, whenever a new user joins a network, PSK requires an existing user to get a new key before they are able to communicate with the new user. The key issue is how to distribute the PSK between different users. Here, we solve this problem by proposing a new protocol called Distributed Symmetric Key Establishment (DSKE). DSKE has the advantage of being scalable. Unlike standard public key infrastructure (PKI) which relies on computational assumptions, DSKE provides information-theoretic security in a universally composable security framework. Specifically, we prove the security (correctness and confidentiality) and robustness of this protocol against a computationally unbounded adversary, who additionally may have fully compromised a bounded number of the intermediaries and can eavesdrop on all communication. DSKE also achieves distributed trust through secret sharing. We present several implementations of DSKE in real environments, such as providing client services to link encryptors, network encryptors, and mobile phones, as well as the implementation of intermediaries, called Security Hubs, and associated test data as evidence for its versatility. As DSKE is highly scalable in a network setting with no distance limit, it is expected to be a cost-effective quantum-safe cryptographic solution to the network security threat presented by quantum computers.

Cryptography and Security,Quantum Physics

Chenxi Wang,William A. Wulf

DOI: https://doi.org/10.1023/A:1019199132298

2000-01-01

Abstract:Public Key Infrastructures (PKI) are important for the security of many networked systems. The current designs of PKIs often rely on a centralized key Certification Authority (CA) for the certification and distribution of keys. This centralized entity poses a performance and scalability bottleneck. In addition, it creates a serious security risk — if the CA is penetrated, the security of the entire system is irretrievably compromised. In this paper, we present an innovative method to generate globally unique keys in a completely distributed fashion. The ability to perform distributed key generation facilitates decentralized PKIs. We present security analysis of the method as well as a set of experimental performance results. Our method scales well, and is cryptographically strong.

Hoi-Kwong Lo,Mattia Montagna,Manfred von Willich

2024-07-30

Abstract:We propose and implement a protocol for a scalable, cost-effective, information-theoretically secure key distribution and management system. The system, called Distributed Symmetric Key Establishment (DSKE), relies on pre-shared random numbers between DSKE clients and a group of Security Hubs. Any group of DSKE clients can use the DSKE protocol to distill from the pre-shared numbers a secret key. The clients are protected from Security Hub compromise via a secret sharing scheme that allows the creation of the final key without the need to trust individual Security Hubs. Precisely, if the number of compromised Security Hubs does not exceed a certain threshold, confidentiality is guaranteed to DSKE clients and, at the same time, robustness against denial-of-service (DoS) attacks. The DSKE system can be used for quantum-secure communication, can be easily integrated into existing network infrastructures, and can support arbitrary groups of communication parties that have access to a key. We discuss the high-level protocol, analyze its security, including its robustness against disruption. A proof-of-principle demonstration of secure communication between two distant clients with a DSKE-based VPN using Security Hubs on Amazon Web Server (AWS) nodes thousands of kilometres away from them was performed, demonstrating the feasibility of DSKE-enabled secret sharing one-time-pad encryption with a data rate above 50 Mbit/s and a latency below 70 ms.

Quantum Physics,Cryptography and Security

Chenxi Wang,William A. Wulf

1996-01-01

Abstract:In a public key cryptographic system, the uniqueness and authenticity of the keys are essential to the success of the system. Traditionally, a single, centralized key distribution/certification server has been used to generate and distribute keys. This approach requires a distinguished trusted entity which could potentially become a single point of failure or penetration in a distributed environment. We present in this paper a new, simple way to handle distributed key generation We assign a unique range of m-bit numbers to each key generator in the system. As a result, the lower-order m bits of the keys generated is a unique number in the assigned range. our scheme not only provides a way to generate globally unique keys in an independent, distributed fashion, it also enhances the security of public-key cryptosystems by eliminating the mapping between keys and entity names.

Zeyu Yang,Ziqing Wang,Fei Qiu,Fagen Li

DOI: https://doi.org/10.1016/j.jisa.2022.103388

IF: 4.96

2023-01-01

Journal of Information Security and Applications

Abstract:A group key agreement protocol allows a set of users to establish a common session key over an open network. A dynamic contributory group key agreement (DCGKA) protocol generates a session key based on contributions of all group members and allows a member to dynamically join or leave this group. Although current DCGKA can resist passive attacks, it cannot resist positive attacks like the man-in-the-middle (MITM) attack. In this paper, we propose a dynamic contributory Group Key Agreement protocol by using Short Signature (called GKA-SS) which uses bilinear map to accomplish the signature and the verification processes. The formal security proof shows that our protocol can resist both active and passive attacks under random oracle model. The informal security analysis indicates that our protocol can obtain backward secrecy, forward secrecy, etc. Besides, we analyze the communication and computation cost of our protocol and simulate it with pypbc library. As compared with TGECDH, our protocol is 2.4 times faster in join phase and 29 times faster in leave phase, when p is 512 bits, q is 160 bits and group size is 256.

Wen-Kai Yu,Ying Yang,Ya-Xin Li,Ning Wei,Shuo-Fei Wang

DOI: https://doi.org/10.3390/s22113994

2022-05-25

Abstract:In existing cryptographic key distribution (CKD) protocols based on computational ghost imaging (CGI), the interaction among multiple legitimate users is generally neglected, and the channel noise has a serious impact on the performance. To overcome these shortcomings, we propose a multi-party interactive CKD protocol over a public network, which takes advantage of the cascade ablation of fragment patterns (FPs). The server splits a quick-response (QR) code image into multiple FPs and embeds different "watermark" labels into these FPs. By using a CGI setup, the server will acquire a series of bucket value sequences with respect to different FPs and send them to multiple legitimate users through a public network. The users reconstruct the FPs and determine whether there is an attack in the public channel according to the content of the recovered "watermark" labels, so as to complete the self-authentication. Finally, these users can extract their cryptographic keys by scanning the QR code (the cascade ablation result of FPs) returned by an intermediary. Both simulation and experimental results have verified the feasibility of this protocol. The impacts of different attacks and the noise robustness have also been investigated.

Zhen Liu,Duncan S. Wong,Jack Poon

DOI: https://doi.org/10.1145/2897845.2897849

2016-01-01

Abstract:In Identity-Based Encryption (IBE) system, the Private Key Generator (PKG) holds the master secret key and is responsible for generating private keys for the users. This incurs the key-escrow problem, i.e. the PKG can decrypt any user' any ciphertexts without any possible detection. Also, compromising the master secret key will enable an adversary to do anything to the whole system, and having the master secret key be unavailable implies that new users cannot obtain private keys from the PKG, and existing users cannot get their private keys back from the PKG when they lost them. To address the key-escrow problem and protect the master secret key as much as possible with strong security and availability, distributed PKG protocols supporting threshold policy have been adopted in some IBE schemes. In this paper, we propose a distributed PKG protocol that supports the policy to be any monotonic access structures. Also, we propose the first distributed PKG protocol that supports the dynamic changes of the PKGs and the policy, while remaining the master secret key unchanged. The two protocols do not need any third party acting as a trusted dealer to present, and the master secret key should never be generated or resided in any one single site. The protocols are applicable to a generic IBE template, which covers many existing important IBE schemes. When applied to this generic type of IBE schemes, the two distributed PKG protocols do not affect the encryption and decryption algorithms, and only each user knows his own private key.

Jia-Meng Yao,Qiong Li,Hao-Kun Mao,Ahmed A. Abd El-Latif

2023-12-14

Abstract:With the advancement of quantum computing, the security of public key cryptography is under serious threat. To guarantee security in the quantum era, Quantum Key Distribution has become a competitive solution. QKD networks can be classified into measurement-device-dependent network and measurement-device-independent network. In measurement-device-dependent networks, the information is available for all trusted relays. This means that all trusted relays are strongly trusted relays that require strict control, which is difficult to realize. To address this issue, measurement-device-independent networks reduce the proportion of strongly trusted relay nodes by introducing untrusted relays. However, due to the higher key rate of measurement-device-dependent protocols over short distances, the communication capability of measurement-device-independent networks has a degradation compared to measurement-device-dependent networks. Therefore, how to reduce the dependence of QKD networks on strong trusted relays without significantly affecting the communication capability has become a major issue in the practicalization process of QKD networks. To address this issue, a novel Multi-Protocol Collaborative networking cell is proposed in this paper. The QKD network built by the MPC networking cell reduces the dependence on strongly trusted relays by combining the two protocols to introduce weak trusted relays while maintaining the high communication capacity. What's more, to further enhance the overall performance of the QKD network, an optimal topology design method is presented via the proposed flow-based mathematical model and optimization method. The simulation results show that the proposed scheme reduces the dependence on strongly trusted relays without a significant reduction in communication capability, our work holds great significance in promoting the practicalization of QKD networks.

Quantum Physics

Changyuan Luo,Ling Sun

DOI: https://doi.org/10.3390/math12193126

IF: 2.4

2024-10-07

Mathematics

Abstract:The specificity and complexity of space networks render the traditional key management mechanism no longer applicable. The certificate-less-based distributed spatial network key management scheme proposed in this paper combines the characteristics of space networks, solving the problems regarding the difficulty of implementing centralized key management in space networks and the excessive overhead required for maintaining public key certificates by constructing a distributed key generation center and establishing strategies such as private key updates, master key component updates, and session key negotiation. This method also avoids the key escrow problem inherent in existing identity-based key management schemes. This scheme provides the DPKG construction method for space networks; designs the update strategy for the DPKG node's master key sharing, providing a specific update algorithm; introduces the batch private key update mechanism; and uses the mapping function to evenly distribute the node's update requests throughout the update time period, avoiding the problem of overly concentrated update requests. After analysis and simulation verification, it was proven that the scheme can meet the necessary security requirements, offering good stability and scalability.

mathematics

Emir Dervisevic,Amina Tankovic,Ehsan Fazel,Ramana Kompella,Peppino Fazio,Miroslav Voznak,Miralem Mehic

2024-08-09

Abstract:Secure communication makes the widespread use of telecommunication networks and services possible. With the constant progress of computing and mathematics, new cryptographic methods are being diligently developed. Quantum Key Distribution (QKD) is a promising technology that provides an Information-Theoretically Secure (ITS) solution to the secret-key agreement problem between two remote parties. QKD networks based on trusted repeaters are built to provide service to a larger number of parties at arbitrary distances. They function as an add-on technology to traditional networks, generating, managing, distributing, and supplying ITS cryptographic keys. Since key resources are limited, integrating QKD network services into critical infrastructures necessitates effective key management. As a result, this paper provides a comprehensive review of QKD network key management approaches. They are analyzed to facilitate the identification of potential strategies and accelerate the future development of QKD networks.

Cryptography and Security

Suman Rath,Neel Kanth Kundu,Subham Sahoo

2024-05-18

Abstract:Quantum key distribution (QKD) has often been hailed as a reliable technology for secure communication in cyber-physical microgrids. Even though unauthorized key measurements are not possible in QKD, attempts to read them can disturb quantum states leading to mutations in the transmitted value. Further, inaccurate quantum keys can lead to erroneous decryption producing garbage values, destabilizing microgrid operation. QKD can also be vulnerable to node-level manipulations incorporating attack values into measurements before they are encrypted at the communication layer. To address these issues, this paper proposes a secure QKD protocol that can identify errors in keys and/or nodal measurements by observing violations in control dynamics. Additionally, the protocol uses a dynamic adjacency matrix-based formulation strategy enabling the affected nodes to reconstruct a trustworthy signal and replace it with the attacked signal in a multi-hop manner. This enables microgrids to perform nominal operations in the presence of adversaries who try to eavesdrop on the system causing an increase in the quantum bit error rate (QBER). We provide several case studies to showcase the robustness of the proposed strategy against eavesdroppers and node manipulations. The results demonstrate that it can resist unwanted observation and attack vectors that manipulate signals before encryption.

Cryptography and Security,Quantum Physics

Zihang Cao,Li Zhao

DOI: https://doi.org/10.1145/3460537.3460556

2021-01-01

Abstract:Digital Rights Management (DRM) is a basic requirement in the Internet era. In order to solve the disadvantages caused by centralization in traditional DRM, many decentralized DRM (DDRM) structure are proposed, and they have achieved decentralization in copyright registration, copyright trading, etc. However, the distribution of content keys is their bottleneck. Different from public copyright and transaction information, content key which is used for digital content decryption cannot be directly disclosed to decentralized nodes. The existing DDRM relies on specific nodes or an ideal trust environment to issue encrypted content keys, which makes the system unable to be completely decentralized. In this paper, we proposed a decentralized key distribution system, and it can be compatible with the existing DDRM structure. We use zero-knowledge proof technology to prove to others the correctness of the encrypted content key without revealing it. We use blockchain technology to achieve decentralized key distribution, without relying on any trusted center. Our system allows consumers and agents to apply for and distribute content keys without trusting each other. Malicious users cannot commit fraud against others, and damaged nodes will not affect the stability and reliability of the system.

Yang Yu,Aixin Zhang,Junhua Tang,Haopeng Chen

DOI: https://doi.org/10.1007/978-90-481-3662-9_42

2010-01-01

Abstract:Group communication mechanism provides several participants with a secure and credible communication environment by sharing a confidential group key within group members. Group Diffle-Hellman key exchange protocol (GDR) is an extension of two-party Diffie-Hellman key exchange. Many protocols based on GDH protocol have been proposed, among which AT-GDH protocol is an authenticated group key agreement protocol. AT-GDH2 protocol complements AT-GDH with a dynamic group key updating scheme. This paper proposes an improved dynamic scheme based on AT-GDH after analyzing the security flaws in AT-GDH2 protocol. We name this proposed group key management process as AT-GDH3. Then the security property of AT-GDH3 protocol is analyzed using the strand space and authentication test theory from the aspects of authentication, implicit key authentication, recency, backward security and forward security. The results show that AT-GDH3 protocol can overcome the security flaws in AT-GDH2 protocol, and can guarantee security properties of group key management.

ZHANG Yong,ZHANG Yi,TANG Ye,WANG Wei-nong

DOI: https://doi.org/10.3321/j.issn:1006-2467.2007.01.014

2007-01-01

Abstract:Based on Diffie-Hellman(DH) key exchange protocol and the thought of logical keys tree,a distributed group key management scheme was presented.Compared with TGDH scheme which is currently the best one among those based on DH protocol,when a member joins into the group,new scheme reduces the modular exponential computation cost of the member which need the most modular exponential computation by 33%.If the leaving of a member does not result in unbalance of the logical keys tree,modular exponential compuataion is not needed in new scheme. Even the leaving of a member results in unbalance of the logical keys tree,the new scheme reduces the modular exponential computation cost of the member which need the most modular exponential computation by 33% also.