[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] 01/05: worked on introduction
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] 01/05: worked on introduction |
|
Date: |
Sat, 06 Jun 2020 11:48:41 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a commit to branch master
in repository anastasis.
commit d647c0b9815f830b510e1ff9868b97689744cf7c
Author: Dennis Neufeld <dennis.neufeld@students.bfh.ch>
AuthorDate: Thu Jun 4 22:04:23 2020 +0000
worked on introduction
---
doc/thesis/introduction.tex | 30 ++++++++++++++++++++----------
doc/thesis/related_work.tex | 6 +++---
2 files changed, 23 insertions(+), 13 deletions(-)
diff --git a/doc/thesis/introduction.tex b/doc/thesis/introduction.tex
index 5123595..f78e82f 100644
--- a/doc/thesis/introduction.tex
+++ b/doc/thesis/introduction.tex
@@ -1,15 +1,25 @@
\section{Introduction}
-Secure storage of private cryptographic keys or in general every kind of core
secret is a big problem
-because there is no reasonable solution solving it while meeting the following
criteria:
-\begin{itemize}
- \item Only the user must be in control of the core secret.
- \item The solution must ensure confidentiality of the stored core
secret.
- \item The solution must ensure availability of the core secret.
- \item The user doesn't need to memorize a password.
-\end{itemize}
+Secure storage of private cryptographic keys or in general every kind of core
secret is a big problem because most current key management systems just reduce
the problem of memorizing a high-entropy passphrase or key to memorizing a
low-entropy passphrase. This of course cannot be the solution because you
undermine the whole security of a cryptographic system using such solutions.\\
+Key management systems have to deal with the question, how to store a key.
Keys are used to encrypt high sensitive personal data and therefore they must
be kept safely. Only the legitimated owner of a key should have the possibility
to recover a lost key. Most people have difficulties memorizing a high-entropy
passphrase and therefore tend to use low-entropy passphrases. That is why you
can't rely on memorizing a password which is needed to recover a key.\\
-There are several applications which are in need of a key escrow system with
the described properties. For example for email encryption using Pretty Good
Privacy (PGP) \cite{garfinkel1995} you need a private key which is stored to
the device running PGP. Losing the PGP private key means following: All
received emails which are encrypted with a key derived from the private key are
unreadable and you need to build your trust network again. Because emails could
contain high sensitive inform [...]
+There are several applications which are in need of a key escrow system with
the described properties. For example for email encryption using Pretty Good
Privacy (PGP)~\cite{garfinkel1995} you need a private key which is stored to
the device running PGP. Losing the PGP private key means following: All
received emails which are encrypted with a key derived from the private key are
unreadable and you need to build your trust network again. Because emails could
contain high sensitive inform [...]
-Another application relying on a core secret are cryptocurrencies like
Bitcoin. Each user of Bitcoin needs a so called Wallet which stores and
protects the private keys of the user. Those private keys legitimate its owners
to spend the bitcoins corresponding to the keys \cite{LLLW*2017}. Therefor
losing those keys means losing all the corresponding Bitcoins which in some
cases could be a loss of millions of Euros \cite{millions_lost}.\\
+Another application relying on a core secret are cryptocurrencies like
Bitcoin. Each user of Bitcoin needs a so called Wallet which stores and
protects the private keys of the user. Those private keys legitimate its owners
to spend the bitcoins corresponding to the keys \cite{LLLW*2017}. Therefore
losing those keys means losing all the corresponding Bitcoins which in some
cases could be a loss of millions of Euros \cite{millions_lost}.\\
FIXME: PEP, TALER, Europaeische Zentralbank
+
+\subsection{Principles}
+For Anastasis we have following design principles, in order of importance:
+\begin{enumerate}
+ \item Anastasis must be Free Software.
+ \item Anastasis must not rely on the trustworthiness of individual
providers. It must be possible to use Anastasis safely even if an individual
provider is compromised. Anastasis must minimize the amount of information
exposed to providers and the network.
+ \item The user is in control.
+ \item The system must be economical viable to operate. This implies
usability and efficiency of the system.
+ \item Anastasis must support a diverse range of use cases.
+\end{enumerate}
+
+\subsection{Approaches}
+FIXME
+
+\subsection{Applications}
+FIXME
\ No newline at end of file
diff --git a/doc/thesis/related_work.tex b/doc/thesis/related_work.tex
index 1f032e0..c65f128 100644
--- a/doc/thesis/related_work.tex
+++ b/doc/thesis/related_work.tex
@@ -7,7 +7,7 @@ A pseudo random generator is an algorithm producing a sequence
of bits for which
\subsubsection{Pseudo random function (PRF)}
A pseudo random function PRF(k, m) takes two arguments, a secret key k and
some data m, and returns an output that is unpredictable as long the secret key
k is unknown to an attacker and is a random value \cite{nielsen2002}.\\
-PRFs can be constructed using PRGs \cite{GGM1986}.
+PRFs can be constructed using PRGs.~\cite{GGM1986}
\subsubsection{Hash function}
Hash functions "compress a string of arbitrary length to a string of fixed
length [...]" \cite{Preneel1999}. The output of a hash function often is called
a "hash". Hash functions in general should be very fast to compute.
Cryptographic hash functions need to fulfil additional security requirements
which are called:
@@ -22,10 +22,10 @@ Pre-image resistance, also called "one way property", means
that for a given has
The second pre-image resistance is described by following: For a given hash
function H and a hash value H(x), it is computationally infeasible to find x
and x' such that H(x) = H(x') \cite{SG2012}. In Anastasis hash functions also
are involved in signing our so called recovery document. Hence an attacker
should not be able to create a malicious recovery document with the same hash
value as the original one.\\
The definition of collision resistance slightly differs from the second
pre-image resistance: For a given hash function H, it is computationally
infeasible to find a pair (x, y) such that H(x) = H(y) \cite{SG2012}. As we are
using HKDFs for deriving keys in Anastasis, an attacker should not be able to
find some other input values also leading to the same keys we use.\\
A cryptographic hash function should also behave as a pseudo random function.
This means that although a hash function is purely deterministic, the output
must not be predictable.\\
-The avalanche effect describes the property of an algorithm that causes a
significant change of the output value, usually a bit flipping of more than
half the output is desired, if the input is changed slightly (for example,
flipping a single bit) \cite{RK2011}. The more bits are flipping in the output
value the higher the entropy of the randomness of the hash function.
+The avalanche effect describes the property of an algorithm that causes a
significant change of the output value, usually a bit flipping of more than
half the output is desired, if the input is changed slightly (for example,
flipping a single bit).~\cite{RK2011} The more bits are flipping in the output
value the higher the entropy of the randomness of the hash function.
There are several applications for cryptographic hash functions. For example
you can store the hash value of a passphrase instead of the passphrase itself
in a computer to protect the passphrase. Another important application is
verification of message integrity: Before and after transmission of a message
you can calculate the hash values of it and compare them to determine if the
message changed during transmission.\\
-In Anastasis we use SHA-512 \cite{GJW2011} for fast hash functions.
+In Anastasis we use SHA-512~\cite{GJW2011} for fast hash functions.
\subsubsection{HMAC}
When it comes to integrity of messages during communication of two parties
over an insecure channel Keyed-Hash Message Authentication Codes (HMAC) are
used as check values. An HMAC function is based on a hash function and takes
two arguments, a key K and a message M:\\
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.