Das, Poulami (2023)
Secure Infrastructures in the Realm of Decentralization.
Technische Universität Darmstadt
doi: 10.26083/tuprints-00024422
Ph.D. Thesis, Primary publication, Publisher's Version
Text
thesis_final.pdf Copyright Information: CC BY-SA 4.0 International - Creative Commons, Attribution ShareAlike. Download (3MB) |
Item Type: | Ph.D. Thesis | ||||
---|---|---|---|---|---|
Type of entry: | Primary publication | ||||
Title: | Secure Infrastructures in the Realm of Decentralization | ||||
Language: | English | ||||
Referees: | Faust, Prof. Dr. Sebastian ; Kiayias, Prof. Dr. Aggelos | ||||
Date: | 30 August 2023 | ||||
Place of Publication: | Darmstadt | ||||
Collation: | 259 Seiten in verschiedenen Zählungen | ||||
Date of oral examination: | 24 October 2022 | ||||
DOI: | 10.26083/tuprints-00024422 | ||||
Abstract: | Most of today's online services such as e-commerce and online banking are based on centralized service providers, hence easily prone to single points of failure, cyber-attacks and censorship. An alternative approach to mitigate this issue, is to design decentralized systems, where the control is distributed among several entities, instead of a single centralized authority. A decentralized system often consists of a complex distribution of trust among different parties, or even organizations. Henceforth, it is often challenging to build a decentralized system. It is not surprising that security guarantees of such complex decentralized systems depend on several factors: not only conventional properties of data integrity, confidentiality and authentication, but also other relevant factors such as availability, accountability and authorization. In this thesis, we aim to build provably secure infrastructures that serves a decentralized system in one way or another. Our contribution is in three different settings of blockchain, byzantine agreement and cloud. Firstly, we consider the decentralized payment platform offered by blockchains. Although the core blockchain protocol has been thoroughly analyzed, the underling infrastructure of blockchain wallets is rather ad-hoc. Cryptocurrency wallets constitute an indispensable key management mechanism for every user that wants to send or receive blockchain payments. However, it lacks formal security analysis. We close this gap by designing provably secure wallets in presence of a classical as well as a quantum adversary. Through our security analysis, we provide concrete bit security achieved by BIP32 wallets, which is a wallet standardization deployed in many practical wallets. Interestingly, we observe that slightly modified yet equally efficient version of BIP32 achieves higher level of bit security than the original version. Secondly, we consider the problem of byzantine agreement (BA) – a fundamental problem in distributed computing as well as an important building block in the design of decentralized systems. Classically, byzantine agreement is known to be impossible without a public key infrastructure (PKI), in presence of a corruption threshold of <n/2 parties. Interestingly, a class of BA protocols has emerged that overcomes this well-known impossibility by taking inspiration from the decentralized model of blockchains. This setting allows a group of pseudonymous parties to achieve consensus, via some proof of computation, for instance, proof of work (PoW). Taking inspiration from the above mentioned computational model, prior works were able to achieve BA protocols with time complexity of O(nk^2), O(k) or O(n). We show for the first time, a BA protocol, in the computational model of verifiable delay function (VDF) that runs in expected constant time. On the negative side, we are able to show a lower bound on the communication complexity of such protocols. Precisely, we prove that no protocol can achieve BA in the VDF model without any PKI assumption, in less than O(sqrt(n)) send-to-all steps. Thirdly, we consider the setting of cloud storage for end-users, where we aim to design an usable yet secure encryption service that overcomes the dependence on centralized service providers. To this end, we build our primitive: Distributed Password-authenticated Symmetric-key Encryption (DPaSE) that enables users to generate strong encryption keys from a single password with the assistance of a set of n servers. We use a new variant of an oblivious PRF (OPRF) as the main building block to build DPaSE. |
||||
Alternative Abstract: |
|
||||
Status: | Publisher's Version | ||||
URN: | urn:nbn:de:tuda-tuprints-244228 | ||||
Classification DDC: | 000 Generalities, computers, information > 004 Computer science | ||||
Divisions: | 20 Department of Computer Science > Angewandte Kryptographie | ||||
Date Deposited: | 30 Aug 2023 14:07 | ||||
Last Modified: | 19 Oct 2023 14:54 | ||||
URI: | https://tuprints.ulb.tu-darmstadt.de/id/eprint/24422 | ||||
PPN: | 511417691 | ||||
Export: |
View Item |