Keychat: Secure Messaging via Bitcoin. Robert Chen, John Kuszmaul, Yiming Zheng Mentored By Alin Tomescu
|
|
- Daniel Allison
- 5 years ago
- Views:
Transcription
1 Keychat: Secure Messaging via Bitcoin Robert Chen, John Kuszmaul, Yiming Zheng Mentored By Alin Tomescu 1
2 Motivation We want to secure communications. Alice Bob Sensitive Financial Information Yay, Money! 2
3 End-to-end Encryption People generate a key pair. They broadcast public keys. Alice SKB(C) = Financial Information Bob C = PKB(Financial Information) I can t decrypt this because I don t have Bob s secret key. 3
4 The Problem: Public Key Distribution People can encrypt messages, but they might be encrypting them for the wrong person. Alice Bob C = PKM(Financial Information) C = PKB(Financial Information) Mallory 4
5 The Current State of Common Communications Apps Facebook Messenger, Gmail - Do not use end-to-end encryption by default WhatsApp, Signal - Public keys are stored in a central directory that may be insecure. Alice What is Bob s Public Key? Signal PKD I know! It s PKB. 5
6 Are append-only PKDs enough for security? If append-only, then Bob can detect fake PKM What else can the malicious PKD do? Public Key Directory Name Public Key Alice PKA Bob PKB PKM 6
7 Our Work: Public Key Directory Equivocation Name Public Key Alice PKA Version 1 Version 2A Version 2B Alice s Perspective Bob s Perspective Name Public Key Name Public Key Alice PKA Alice PKA Bob PKM Bob PKB 7
8 Outline Keybase Bitcoin Catena Catena Op tim ize s Keychat Witnesses Keybase Bitcoin 8
9 Keybase: A public key directory S1 = H(DIR1) S2 = H(DIR2) Name Public Key Name Public Key John PKJ John PKJ Robert PKR Robert PKR Keybase PKD Server Yiming PKY 9
10 Keybase Summaries Yiming S1 (1) Yiming PK? Keybase PKD Server (2) PKY (3) Verify PKY against S1 (1) Yiming PK? Robert S1 (2) PKY (3) Verify PKY against S1 10
11 Keybase Equivocation Yiming S1, S2 (1) Yiming PK? Keybase PKD Server (2) PKY (3) Verify PKY against S2 (1) Yiming PK? Robert S1, S2' (2) PKM (3) Verify PKM against S2 11
12 Keybase Non-equivocation Important that Yiming and Robert have the same history of hashes/summaries: S1, S2, S3... Bitcoin Keybase PKD Server S1, S2, S3... Download S1, S2, S3... Robert's, Yiming's Keychat apps 12
13 Outline Keybase Bitcoin Catena Catena Op tim ize s Keychat Witnesses Keybase Bitcoin 13
14 Bitcoin: Blockchain Block 1 A B, 5 BTC C D, 10 BTC 14
15 Bitcoin: Blockchain Block 1 Block 2 A B, 5 BTC D B, 2 BTC C D, 10 BTC A B, 1 BTC 15
16 Bitcoin: Blockchain Block 1 Block 2 A B, 5 BTC D B, 2 BTC C D, 10 BTC A B, 1 BTC Block n M A, 2 BTC 16
17 However, Can Forks Happen? Block 1 Block 2 A B, 5 BTC D B, 2 BTC C D, 10 BTC A B, 1 BTC Block n M A, 2 BTC Block n M B, 2 BTC 17
18 However, Can Forks Happen? Answer: No! Block 1 Block 2 A B, 5 BTC D B, 2 BTC C D, 10 BTC A B, 1 BTC Block n M A, 2 BTC Block n M B, 2 BTC 18
19 Keybase Witnessing Summaries Block j Block i A B, 5 BTC D B, 2 BTC C D, 10 BTC A B, 1 BTC K K, 1 BTC S1 K K, 1 BTC S2 Block n M A, 2 BTC K K, 1 BTC S3 19
20 Equivocation Within a Block? Block j D B, 2 BTC A B, 1 BTC K K, 1 BTC S2 K K, 1 BTC S 2 20
21 Hashes: A Reminder SHA 256 (Hash Function) 21
22 Hashes: A Reminder SHA 256 (Hash Function) 22
23 Hashes: A Reminder SHA 256 (Hash Function) 46f4e4edb a20af8d92 7b6416a dd e441ac0bf26e2e 23
24 More Properties of Ideal Hash Functions SHA 256 (Hash Function) '46f4e4edb a20af8d92 7b6416a dd e441ac0bf26e2e' Always 256 bits Bitcoin block C D, 10 BTC SHA 256 (Hash Function) b7a4c0d08a9f74f47ce44d1f7 a58d9344b35aab00c ffb6fea556e6fa Always 256 bits 24
25 More Properties of Ideal Hash Functions Given the output:?????? SHA 256 (Hash Function) We should not be able to easily find the input 'c74c28b6dfc5099a3ce5386ae 9866fadd44618c7db489ebe87 b f988d' One Way (OW): Given y, infeasible to find any x such that h(x) = y. 25
26 Takeaways - Can feed in any size data as input fixed length output - Randomness: Small change in input data entirely different output - One-way: Given a hash, can t feasibly find any data that hashes to it - Perfect for a tamper-evident, append-only log! 26
27 Blockchain: A Closer Look! Block 1 h1= H( H(TXNS1) ) TXNS1 Block Header: - Contains hash pointer to TXN data - Contains hash pointer to previous block 27
28 Blockchain: A Closer Look! Block 1 h1= H( H(TXNS1) TXNS1 Block 2 ) h2= H( h1, H(TXNS2) ) TXNS2 Block Header: - Contains hash pointer to TXN data - Contains hash pointer to previous block 28
29 Blockchain: A Closer Look! Block 1 h1= H( H(TXNS1) TXNS1 Block 2 ) h2= H( h1, H(TXNS2) TXNS2 Block n ) h3 hn-1 hn= H( hn-1, H(TXNSn) ) TXNSn Block Header: - Contains hash pointer to TXN data - Contains hash pointer to previous block 29
30 Transactions: A Closer Look! - Block n Transactions stored in Merkle Tree Merkle Root hash stored in header hn= H( hn-1,rn ) TXNSn Rn=H(M1,M2) tx2 M1=H(H(tx1),H(tx2)) M2=H(H(tx3),H(tx4)) A C, 5 BTC B C, 10 BTC H(tx1) H(tx2) H(tx3) H(tx4) 30
31 Transactions: Membership Proof Block n hn= H( hn-1,rn ) TXNSn tx2 A C, 5 BTC B C, 10 BTC H(tx1) H(tx2) H(tx3) H(tx4) Membership proof for tx2? 31
32 Transactions: Membership Proof Block n hn= H( hn-1,rn ) TXNSn tx2 A C, 5 BTC B C, 10 BTC H(tx1) H(tx2) H(tx3) H(tx4) Membership proof for tx2 32
33 Transactions: Membership Proof Block n hn= H( hn-1,rn ) TXNSn tx2 M2 A C, 5 BTC B C, 10 BTC H(tx1) H(tx2) H(tx3) H(tx4) Membership proof for tx2 33
34 Transactions: Membership Proof Block n hn= H( hn-1,rn ) TXNSn tx2 M2 A C, 5 BTC B C, 10 BTC H(tx1) H(tx2) H(tx3) H(tx4) Membership proof for tx2 34
35 Transactions: Membership Proof Block n hn= H( hn-1,rn ) TXNSn tx2 M1=H(H(tx1),H(tx2)) M2 A C, 5 BTC B C, 10 BTC H(tx1) H(tx2) H(tx3) H(tx4) Membership proof for tx2 35
36 Yay! Membership Proof Success Block n hn= H( hn-1, Rn ) = Rn TXNSn Rn'=H(M1,M2) tx2 M1=H(H(tx1),H(tx2)) M2 A C, 5 BTC B C, 10 BTC H(tx1) H(tx2) H(tx3) H(tx4) Membership proof for tx2 36
37 Transaction Format Block i Block j Block n Merkle tree of TXNs in each block 37
38 Transaction Format Block j Block i Block n PKB has 3Ƀ PKA has 3Ƀ txa txb Transactions transfer coins 38
39 Transaction Format Block j Block i from SKA PKA has 3Ƀ txa Block n PKB has 3Ƀ txb Transactions transfer coins Output = # of coins and owner's PK Input "spends" previous output 39
40 Transaction Format Block j Block i Block n from SKA PKA has 3Ƀ txa txb PKB has 3Ƀ s1 Arbitrary statement s1 Data can be embedded in TXNs. 40
41 Transaction Format Block i Block j Block n PKB has 3Ƀ txb txc s1 Bob gives Carl 3Ƀ, What happens if Bob tries to double spend? 41
42 Transaction Format Block i Block j txb Block n txc s1 txc' No double-spent coins: A TXN output can only be referred to by a single TXN input. 42
43 Outline Keybase Bitcoin Catena Catena Op tim ize s Keychat Witnesses Keybase Bitcoin 43
44 Problem with Keybase - Equivocation Within a Block? Block j D B, 2 BTC A B, 1 BTC K K, 1 BTC S2 K K, 1 BTC S 2 Auditors must download the entire Bitcoin blockchain to check if any blocks contain invalid Keybase transactions 44
45 Key idea behind Catena Efficiently use Bitcoin's mechanism that prevents double spends as proof of non-equivocation. TX2 TX1 TX'2 45
46 Key idea behind Catena Efficiently use Bitcoin's mechanism that prevents double spends as proof of non-equivocation. TX1 s 1 TX2 s 2 TX'2 s' 2 46
47 Catena Block i TX s 1 Block j Block n No inconsistent s'3 as it would require a double-spend! TX s' 3 TX s 2 TX s 3 Linear chain of transactions containing statements 47
48 Efficient auditing Header i Keychat client Bitcoin Network GTX Keybase server 48
49 Efficient auditing Header i Keychat client GTX Q: Next block header(s)? Bitcoin Network Keybase server 49
50 Efficient auditing Header i Keychat client Header i+1 Bitcoin Network GTX Header j Keybase server 50
51 Efficient auditing Header i Keychat client Bitcoin Network Header j GTX Keybase server 51
52 Efficient auditing Header i Keychat client Header j GTX Q: What is s1 in the log? Bitcoin Network Keybase server 52
53 Efficient auditing Header i Keychat client Bitcoin Network Header j GTX TX1 s 1 Keybase server 53
54 Efficient auditing Header i Keychat client Bitcoin Network GTX Header j TX1 s 1 Keybase server 54
55 Efficient auditing Header i Keychat client GTX Header j TX1 s 1 Q: Next block header(s)? Bitcoin Network Keybase server 55
56 Efficient auditing Header i Keychat client Header j+1 Bitcoin Network GTX Header j TX1 s 1 Header n Keybase server 56
57 Efficient auditing Header i Keychat client Bitcoin Network GTX Header j Header n TX1 s 1 Keybase server 57
58 Efficient auditing Header i Keychat client GTX Header j Header n TX1 s 1 Q: What is s2 in the log? Bitcoin Network Keybase server 58
59 Efficient auditing Header i Keychat client Bitcoin Network GTX Header j Header n TX1 s 1 TX2 s 2 Keybase server 59
60 Efficient auditing Header i Keychat client Bitcoin Network GTX Header j TX1 s 1 Header n TX2 s 2 Keybase server 60
61 Auditing bandwidth e.g., 460K block headers + 10K statements = ~41 MB (80 bytes each) (around 600 bytes each) 61
62 Recap Keybase can equivocate, so they witness the directory in Bitcoin, but inefficiently S1, S2, S3,... Keybase Bitcoin S1, S2, S3,... Keychat client (110 GB) 62
63 Recap Keybase can equivocate, so they witness the directory in Bitcoin, but inefficiently Use Catena to make auditing the Keybase PKD more efficient S1, S2, S3,... Keybase Bitcoin Catena.,..,S3,S2 S1 Keychat client (41 MB) 63
64 Outline Keybase Bitcoin Catena Catena Op tim ize s Keychat Witnesses Keybase Bitcoin 64
65 Keychat Uses the Keybase PKD, so users can communicate securely without fear of public key equivocation Implemented using Meteor, a Javascript framework that allows KeyChat to work as both a website and an Android app Keychat 65
66 Next steps Implement Catena for Keybase using Java to efficiently witness the Keybase Public Key Directory in the Bitcoin blockchain Implement Keychat using Meteor 66
67 Acknowledgements Thanks to our mentor Alin Tomescu for his support and guidance! Thanks to PRIMES for this opportunity! Thanks to our parents for their support! Thanks to all of you for being such a great audience! 67
68 Ask us questions! Keychat Catena Op tim es ize s Us Witnesses Keybase Bitcoin 68
Catena: Preventing Lies with
November 28th, 2016 Catena: Preventing Lies with Alin Tomescu alinush@mit.edu MIT CSAIL Srinivas Devadas devadas@mit.edu MIT CSAIL New England Security Day (NESD), Fall '16 The problem: Equivocation The
More informationProblem: Equivocation!
Bitcoin: 10,000 foot view Bitcoin and the Blockchain New bitcoins are created every ~10 min, owned by miner (more on this later) Thereafter, just keep record of transfers e.g., Alice pays Bob 1 BTC COS
More informationCatena: Efficient Non-equivocation via Bitcoin
Catena: Efficient Non-equivocation via Bitcoin Alin Tomescu MIT CSAIL Srinivas Devadas MIT CSAIL Abstract We present Catena, an efficiently-verifiable Bitcoin witnessing scheme. Catena enables any number
More informationBitcoin and Blockchain
Bitcoin and Blockchain COS 418: Distributed Systems Lecture 18 Zhenyu Song [Credit: Selected content adapted from Michael Freedman. Slides refined by Chris Hodsdon and Theano Stavrinos] Why Bitcoin? All
More informationBlockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini
Blockchain CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. Bitcoin: 10,000 foot view New bitcoins
More informationErgo platform. Dmitry Meshkov
Ergo platform Dmitry Meshkov Prehistory Motivation Theory Practice Provably secure 1000 currencies New features Ad-hoc solutions Impractical Security issues Motivation Theory Provably secure New features
More informationENEE 457: E-Cash and Bitcoin
ENEE 457: E-Cash and Bitcoin Charalampos (Babis) Papamanthou cpap@umd.edu Money today Any problems? Cash is cumbersome and can be forged Credit card transactions require centralized online bank are not
More informationComputer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019
Computer Security 14. Blockchain & Bitcoin Paul Krzyzanowski Rutgers University Spring 2019 April 15, 2019 CS 419 2019 Paul Krzyzanowski 1 Bitcoin & Blockchain Bitcoin cryptocurrency system Introduced
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationEECS 498 Introduction to Distributed Systems
EECS 498 Introduction to Distributed Systems Fall 2017 Harsha V. Madhyastha Today Bitcoin: A peer-to-peer digital currency Spark: In-memory big data processing December 4, 2017 EECS 498 Lecture 21 2 December
More informationBitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1
Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January 2014 2014.01.22 Keeping Current 1 Questions What problem is Bitcoin solving? Where did it come from? How does the system work? What makes
More informationSmalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold
Smalltalk 3/30/15 The Mathematics of Bitcoin Brian Heinold What is Bitcoin? Created by Satoshi Nakamoto in 2008 What is Bitcoin? Created by Satoshi Nakamoto in 2008 Digital currency (though not the first)
More informationCrypto tricks: Proof of work, Hash chaining
Crypto tricks: Proof of work, Hash chaining CS 161: Computer Security Prof. David Wagner April 13, 2016 A Tangent: How Can I Prove I Am Rich? Math Puzzle Proof of Work Problem. To prove to Bob I m not
More informationCONIKS BRINGING KEY TRANSPARENCY TO END USERS. Marcela Melara. Aaron Blankstein, Joseph Bonneau*, Edward W. Felten, Michael J.
CONIKS BRINGING KEY TRANSPARENCY TO END USERS Marcela Melara Aaron Blankstein, Joseph Bonneau*, Edward W. Felten, Michael J. Freedman Princeton University, *Stanford University/EFF E2E Encrypted Communication
More informationP2P BitCoin: Technical details
ELT-53206 Peer-to-Peer Networks P2P BitCoin: Technical details Mathieu Devos Tampere University of Technology Department of Electronics & Communications Engineering mathieu.devos@tut.fi TG406 2 Outline
More informationSecurity, Privacy and Interoperability in Payment- Channel Networks
FAKULTÄT FÜR!NFORMATIK Faculty of Informatics & PRIVACY SECURITY GROUP Security, Privacy and Interoperability in Payment- Channel Networks Pedro Moreno-Sanchez (@pedrorechez) Joint work with Giulio Malavolta,
More informationSpaceMint Overcoming Bitcoin s waste of energy
Bitcoin Overcoming Bitcoin s waste of energy Georg Fuchsbauer joint work with S Park, A Kwon, K Pietrzak, J Alwen and P Gaži Digital currency Decentralized (no bank issuing coins) Pseudonymous Controled
More informationSoftware Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!
Software Security Final Exam Preparation Note: This document contains the questions from the final exam on 09.06.2017. Additionally potential questions about Combinatorial Web Security Testing and Decentralized
More informationBitcoin, Security for Cloud & Big Data
Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013 Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions ( block chain ).
More informationThe power of Blockchain: Smart Contracts. Foteini Baldimtsi
The power of Blockchain: Smart Contracts Foteini Baldimtsi The Blockchain at the heart of a cryptocurrency Alice sends 2 John sends 1 Dave sends 5 to Bob to Eve to Alice Bob sends 1 Eve sends 4 to Dave
More informationThe Blockchain. Josh Vorick
The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a blockchain? A decentralized database that anyone can add to and no one can delete from The Bitcoin blockchain Agenda
More informationCryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies
Intro to Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public Keys and Identities Let s design us some Digital Cash! Intro to Cryptographic
More informationIntroduction to Cryptography in Blockchain Technology. December 23, 2018
Introduction to Cryptography in Blockchain Technology December 23, 2018 What is cryptography? The practice of developing protocols that prevent third parties from viewing private data. Modern cryptography
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationModern key distribution with ClaimChains
Modern key distribution with ClaimChains A decentralized Public Key Infrastructure that supports privacy-friendly social verification NEXTLEAP Bogdan Kulynych Marios Isaakidis Carmela Troncoso George Danezis
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 30 2017 Outline Digital currencies Advantages over paper cash
More informationEnsimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto
Ensimag - 4MMSR Network Security Student Seminar Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto wafa.mbarek@ensimag.fr halima.myesser@ensimag.fr 1 Table of contents: I- Introduction: Classic
More informationBiomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs
Biomedical and Healthcare Applications for Blockchain Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs Network Analysis Working Group 01.25.2018 Outline Introduction to bitcoin + blockchain
More informationUpgrading Bitcoin: Segregated Witness. Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs March-2016
Upgrading Bitcoin: Segregated Witness Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs 141-143 16-March-2016 Topics A short introduction to Bitcoin transactions What is transaction
More informationLecture 3. Introduction to Cryptocurrencies
Lecture 3 Introduction to Cryptocurrencies Public Keys as Identities public key := an identity if you see sig such that verify(pk, msg, sig)=true, think of it as: pk says, [msg] to speak for pk, you must
More informationIntroduction to Bitcoin I
Introduction to Bitcoin I P Peterlongo 1 A Tomasi 1 1 University of Trento Department of Mathematics June 10, 2013 Outline 1 Fiat and online payments Functions of Online payments and cost of clearing 2
More informationBLOCKCHAIN The foundation behind Bitcoin
BLOCKCHAIN The foundation behind Bitcoin Sourav Sen Gupta Indian Statistical Institute, Kolkata CRYPTOGRAPHY Backbone of Blockchain Technology Component 1 : Cryptographic Hash Functions HASH FUNCTIONS
More informationBitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman
Bitcoin CS6450: Distributed Systems Lecture 20 Ryan Stutsman Material taken/derived from Princeton COS-418 materials created by Michael Freedman and Kyle Jamieson at Princeton University. Licensed for
More informationBitcoin, a decentralized and trustless protocol
Bitcoin, a decentralized and trustless protocol Thomas Sibut-Pinote Inria Saclay February 12, 2015 Thomas Sibut-Pinote Bitcoin, a decentralized and trustless protocol 1 / 42 Introduction Questions 1 Introduction
More informationBLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive
BLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive www.blockchaintrainingalliance.com Blockchain Page 3 Blockchain is NOT Bitcoin Page 4 Transactions Page 5 Multi-Signature Addresses An Address
More informationICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa
ICS 421 & ICS 690 Bitcoin & Blockchain Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa Accepted by: Overstock.com Expedia.com Newegg.com Tigerdirect.com
More informationBiomedical Security. Cipher Block Chaining and Applications
1 Biomedical Security Erwin M. Bakker 2 Cipher Block Chaining and Applications Slides and figures are adapted from: W. Stallings, Cryptography and Network Security 4 th Edition and 7 th Edition 1 3 Block
More informationCONIKS: Bringing Key Transparency to End Users
CONIKS: Bringing Key Transparency to End Users Morris Yau 1 Introduction Public keys must be distributed securely even in the presence of attackers. This is known as the Public Key Infrastructure problem
More informationSecurity: Focus of Control
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationZero-Knowledge proof of knowledge transfer. Perm summer school on blockchain 2018
Zero-Knowledge proof of knowledge transfer Teleport Teleport was born in 2016 from the idea to bring the power of peer-to-peer traffic distribution technology like BitTorrent to the solution of traffic
More informationBITCOIN MECHANICS AND OPTIMIZATIONS. Max Fang Philip Hayes
1 BITCOIN MECHNICS ND OPTIMIZTIONS Max Fang Philip Hayes 1 Cryptocurrency Mining: Proof-of-Work Consensus Nadir khtar LECTURE OUTLINE 2 1 Intro and Terminology 2 Bitcoin and Consensus 3 Bitcoin Concepts
More informationYada. A blockchain-based social graph
Yada A blockchain-based social graph January 2018 Abstract The goal of Yada is to achieve an acceptable level anonymity, privacy, and freedom of expression while making available to the public a structure
More informationBlockchains & Cryptocurrencies
1 Blockchains & Cryptocurrencies A Technical Introduction Lorenz Breidenbach ETH Zürich Cornell Tech The Initiative for CryptoCurrencies & Contracts (IC3) 2 Cryptocurrency Mania Market cap as of yesterday:
More informationBLOCKCHAIN The foundation behind Bitcoin
BLOCKCHAIN The foundation behind Bitcoin Sourav Sen Gupta Indian Statistical Institute, Kolkata CRYPTOGRAPHY Backbone of Blockchain Technology Component 1 : Cryptographic Hash Functions HASH FUNCTIONS
More informationEfficient Data Structures for Tamper-Evident Logging
Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances
More informationSCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek Saxena National University of Singapore Bitcoin
More informationMultiparty Computation (MPC) protocols
Multiparty Computation (MPC) protocols Protocols where the users of the protocol don t trust each other, but nevertheless they want to achieve a common goal I don t trust Bob I don t trust Alice Alice
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationAlternatives to Blockchains. Sarah Meiklejohn (University College London)
Alternatives to Blockchains Sarah Meiklejohn (University College London) fully decentralized cryptocurrencies 2 fully decentralized cryptocurrencies tx tx(addra addrb) 2 fully decentralized cryptocurrencies
More informationBlockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective
SESSION ID: LAB3-R09 Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective Tom Plunkett Consulting Solutions Director Oracle Captain Brittany Snelgrove United
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 1 Data Integrity, Message Authentication Risk: an active adversary might change messages exchanged between Alice and Bob M Alice M M M Bob Eve
More informationCOIN. Secure and Anonymous Decentralized Bitcoin Mixing PARTY
COIN PARTY Secure and Anonymous Decentralized Bitcoin Mixing Jan Henrik Ziegeldorf, Roman Matzu7, Fred Grossmann, Mar;n Henze, Klaus Wehrle Communica;on and Distributed Systems (COMSYS), RWTH Aachen, Germany
More informationDistributed Algorithms Bitcoin
Distributed Algorithms Bitcoin Alberto Montresor Università di Trento 2018/12/18 Acknowledgment: Joseph Bonneau, Ed Felten, Arvind Narayanan This work is licensed under a Creative Commons Attribution-ShareAlike
More informationHow Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization
Centralization vs. Decentralization Distributed Consensus Consensus without Identity, using a Block Chain Incentives and Proof of Work Putting it all together Centralization vs. Decentralization Distributed
More informationCS 251: Bitcoin and Cryptocurrencies Fall 2016
CS 251: Bitcoin and Cryptocurrencies Fall 2016 Homework 3 due : 2016-11-28, 23:59 via Gradescope (entry code M4YJ69 ) 1. Idioms of use: Consider the transaction graph in the figure below: rectangles represent
More informationBiomedical Security. Some Security News 10/5/2018. Erwin M. Bakker
Biomedical Security Erwin M. Bakker Some Security News October 03, 2018 - Hackers attacking healthcare through remote access systems and disrupting operations is the number one patient safety risk, according
More informationIntroduction to Cryptoeconomics
Introduction to Cryptoeconomics What is cryptoeconomics? Cryptoeconomics is about... Building systems that have certain desired properties Use cryptography to prove properties about messages that happened
More informationMicropayments, Now! Probabilistic Micropayments in Bitcoin
Micropayments, Now! Probabilistic Micropayments in Bitcoin Jeremy Rubin November 26, 2015 In this paper, I introduce a probabilistic micropayments scheme which works without any modification to the Bitcoin
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University April 9 2018 Schedule HW 4 Due on Thu 04/12 Programming project 3 Due
More informationConsensus & Blockchain
Consensus & Blockchain S P Suresh Chennai Mathematical Institute Formal Methods Update Meeting IIT Mandi July 17, 2017 The Bitcoin revolution is upon us What is Bitcoin? Bitcoin: an exciting new currency
More informationProof-of-Work & Bitcoin
CS 220: Introduction to Parallel Computing Proof-of-Work & Bitcoin Lecture 19 Bitcoin: Mining for Heat https://qz.com/1117836/bitcoin-mining-heatshomes-for-free-in-siberia/ 4/25/18 CS 220: Parallel Computing
More informationChainFS: Blockchain-Secured Cloud Storage
ChainFS: Blockchain-Secured Cloud Storage Qiwu Zou 1, Yuzhe Tang 1, Ju Chen 1, Kai Li 1, Charles A. Kamhoua 2, Kevin Kwiat 3, Laurent Njilla 3 1 Department of EECS, Syracuse University, New York 2 Army
More informationWho wants to be a millionaire? A class in creating your own cryptocurrency
DEVNET-3626 Who wants to be a millionaire? A class in creating your own cryptocurrency Tom Davies, Sr. Manager, DevNet Sandbox Vallard Benincosa, Software Engineer Cisco Spark How Questions? Use Cisco
More informationHashTable CISC5835, Computer Algorithms CIS, Fordham Univ. Instructor: X. Zhang Fall 2018
HashTable CISC5835, Computer Algorithms CIS, Fordham Univ. Instructor: X. Zhang Fall 2018 Acknowledgement The set of slides have used materials from the following resources Slides for textbook by Dr. Y.
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationIntroduction to Software Security Hash Functions (Chapter 5)
Introduction to Software Security Hash Functions (Chapter 5) Seong-je Cho Spring 2018 Computer Security & Operating Systems Lab, DKU Sources / References Textbook, Chapter 5. An Illustrated Guide to Cryptographic
More informationAn analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01
An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01 OPSEC - IETF 101 - London March 2018 Jordi Paillissé, Albert
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationLecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422
Lecture 18 Message Integrity Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422 Cryptography is the study/practice of techniques for secure communication,
More informationSecurity (and finale) Dan Ports, CSEP 552
Security (and finale) Dan Ports, CSEP 552 Today Security: what if parts of your distributed system are malicious? BFT: state machine replication Bitcoin: peer-to-peer currency Course wrap-up Security Too
More informationApplied cryptography
Applied cryptography Electronic Cash Andreas Hülsing 29 November 2016 1 / 61 Classical Cash - Life Cycle Mint produces money (coins / bank notes) Sent to bank User withdraws money (reduces account balance)
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationSecurity Analysis of the Lightning Network
Security Analysis of the Lightning Network Laolu Osuntokun @roasbeef Lightning Labs BPASE 2017 State of the Hash-Lock In-progress Lightning Network specifications (lighting-rfc) Basis of Lightning Technology
More informationEthereum. Campbell R. Harvey* Duke University and NBER. Ashwin Ramachandran Duke University. Brent Xu ConsenSys. Innovation and Cryptoventures
Innovation and Cryptoventures Ethereum Campbell R. Harvey* Duke University and NBER Ashwin Ramachandran Duke University Brent Xu ConsenSys February 12, 2018 1 2 Overview Ethereum Basics Under the hood
More informationSecure Programming Lecture 15: Information Leakage
Secure Programming Lecture 15: Information Leakage David Aspinall 21st March 2017 Outline Overview Language Based Security Taint tracking Information flow security by type-checking Summary Recap We have
More informationConcurrency and Privacy with Payment Channel Networks
Concurrency and Privacy with Payment Channel Networks Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei*, and Srivatsan Ravi Friedrich-Alexander-University Purdue University *TU Vienna
More informationUNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 10 Digital Signatures Israel Koren ECE597/697 Koren Part.10.1 Content of this part
More informationEncrypted Data Deduplication in Cloud Storage
Encrypted Data Deduplication in Cloud Storage Chun- I Fan, Shi- Yuan Huang, Wen- Che Hsu Department of Computer Science and Engineering Na>onal Sun Yat- sen University Kaohsiung, Taiwan AsiaJCIS 2015 Outline
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationAcknowledgement HashTable CISC4080, Computer Algorithms CIS, Fordham Univ.
Acknowledgement HashTable CISC4080, Computer Algorithms CIS, Fordham Univ. Instructor: X. Zhang Spring 2018 The set of slides have used materials from the following resources Slides for textbook by Dr.
More informationBitcoin (and why it uses SO much energy)
Bitcoin (and why it uses SO much energy) David Malone Hamilton Institute / Dept Maths&Stats Maynooth University. 2018-11-08 Bitcoin Background Bitcoin is a cryptocurrency that started around 2008 2009.
More informationBitcoin/Namecoin/*coin: On Bitcoin like protocols and their relation to other IT-Security issues
: On Bitcoin like protocols and their relation to other IT-Security issues Aljosha Judmayer ajudmayer@sba-research.org 2014-11-07 SBA Research Area 1 (GRC): Governance, Risk and Compliance P1.1: Risk Management
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationWhatsApp Encryption Overview. Technical white paper
WhatsApp Encryption Overview Technical white paper July 6, 2017 Originally published April 5, 2016 Contents Introduction................................... 3 Terms......................................
More informationA Lightweight Blockchain Consensus Protocol
A Lightweight Blockchain Consensus Protocol Keir Finlow-Bates keir@chainfrog.com Abstract A lightweight yet deterministic and objective consensus protocol would allow blockchain systems to be maintained
More informationCS 251: Bitcoin and Crypto Currencies Fall 2015
CS 251: Bitcoin and Crypto Currencies Fall 2015 Final Exam The exam is open book and open notes. You have 2 hours. Please answer all five questions. All questions are weighted equally. You may use course
More informationData Integrity. Modified by: Dr. Ramzi Saifan
Data Integrity Modified by: Dr. Ramzi Saifan Encryption/Decryption Provides message confidentiality. Does it provide message authentication? 2 Message Authentication Bob receives a message m from Alice,
More informationIntroducing. Bitcoin. A dilettante s guide to Bitcoin scalability. BIP-9000 (self-assigned) Quote It s kind of fun to do the impossible.
Introducing Bitcoin 9000 A dilettante s guide to Bitcoin scalability. BIP-9000 (self-assigned) Quote It s kind of fun to do the impossible. Walt Disney Goal Safely scale Bitcoin to process over 9000 transactions.
More informationNeel Gupte. Index Terms Bitcoin, Cryptocurreny, Block Chain, Hashing, Proof-of-Work, Double-spending, Momentum Method, Proof of Stake.
International Journal of Scientific & Engineering Research, Volume 6, Issue 9, September-2015 259 An Analysis of the Hash-Based Proof-of-Work Chain in the Bitcoin Network Neel Gupte Abstract A Bitcoin
More informationRefresher: Applied Cryptography
Refresher: Applied Cryptography (emphasis on common tools for secure processors) Chris Fletcher Fall 2017, 598 CLF, UIUC Complementary reading Intel SGX Explained (ISE) Victor Costan, Srini Devadas https://eprint.iacr.org/2016/086.pdf
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationPart 2. Use Cases (40 points). Consider examples of such signed records R (as in Part 1) from systems we discussed.
CPS 512 midterm exam #1, 10/5/17 Your name please: NetID: Sign for your honor: Part 1. Digital Signatures (25 points). Suppose that a principal Alice (A) signs a message/record (R) that is received by
More informationBITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW
BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW Rustie Lin Wang Move the area1 over the image a little inside and then right click, replace image to change the background. (and delete this box while
More informationMechanics of Bitcoin
Mechanics of Bitcoin Minsoo Ryu Hanyang University Outline Bitcoin Transactions Bitcoin Scripts Bitcoin Blocks Bitcoin Network Limitations and Improvements For more information, visit https://bitcoin.org/en/developer-reference#
More informationDigital Signatures. Luke Anderson. 7 th April University Of Sydney.
Digital Signatures Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Digital Signatures 1.1 Background 1.2 Basic Operation 1.3 Attack Models Replay Naïve RSA 2. PKCS#1
More informationCertifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Motivation All PCs may soon include trusted computing
More informationbitcoin allnet exam review: transport layer TCP basics congestion control project 2 Computer Networks ICS 651
bitcoin allnet exam review: transport layer TCP basics congestion control project 2 Computer Networks ICS 651 Bitcoin distributed, reliable ("hard to falsify") time-stamping network each time-stamp record
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More information