[tahoe-dev] GSOC proposal---"100 year cryptography"

Fri Apr 16 07:46:04 PDT 2010

Hello, all the mentors and developers:
I just wrote a new proposal about the "100 year cryptography" GSOC project.
The main part is about the project. The other personal-related part is the
same as another submitted one-"DVCS integration with tahoe". Please have a
check, thank you!!

The project that I’m interested in is “100 Year Cryptography”.

The cryptographic algorithm will be increasingly weaker because of the
constant cryptanalysis. An excellent public cryptographic algorithm is often
used widely all over the world and even becomes the standard, such as AES,
MD5, SHA-1 etc. These applications seem that put all eggs in a basket. Once
the algorithm were broken, the result will be very serious. The lessons have
been learnt from the broken of classic hash functions such as MD5, SHA-1. Of
course, creating new secure algorithms is a good choice such as SHA-3
competition, but this procedure need some time. How can we improve the
security of applications based on the existing algorithms? Combiner is a
good choice. A black-box combiner for some cryptographic primitive is a
construction, which given black box access to two candidate schemes,
securely implements the primitive, if at least one of the two candidates
securely implements it [2]. For example, if we use a secure combiner of MD5
and whirlpool, even if MD5 is not secure, the whole combiner is still secure
because whirlpool is secure. A secure combiner can provide better security.
So implementing secure combiners is a good complement.

Tahoe is a system for secure, distributed storage. It uses cryptography
heavily for confidentiality and integrity. For example, it uses Merkle hash
tree and encryption in immutable files and mutable files. In this project we
aim to implement the combiner of ciphers and block cipher etc as a new
security primitive to provide better security.

The work I will do and the deliverables and include as follows:

1. combiner of ciphers,  C, python implementation and Python API
About 2-3 weeks
This part is mainly for symmetric ciphers such as block cipher and stream
cipher. Take two ciphers as underlying primitives. For block cipher it need
to specify an appropriate operation mode, such as CBC, CRT, or OFB etc.
Generate independent keys for each cipher. When encrypting, first encrypt
using the first cipher and then feed the ciphertext as the plaintext into
the second cipher. That is, C = E2(K2, E1(K1, M)), where K1 and K2 are
independent keys, E1 and E2 are two underlying ciphers.

2. combiner of hash function,  C, python implementation and Python API.
About 3-4 weeks
This part is manly to implement four type combiners of hash function
presented in [2] by Fischlin etc. A hash function takes two hash functions
H0, H1 and combines them into a failure-tolerant function such that this
function remains secure as long as at least one of the two functions H0 or
H1 is secure. A hash combiner can provide better security and has practical
applications such as in TLS and SSL[1]. In [2], Fischlin etc present robust
multi-property combiners for hash functions. The properties that combiners
provides include collision resistance(CR), target collision-resistance(TCR),
one-wayness(OW), pseudorandomness(PRF), message authentication(MAC) and
indifferentiability from random oracles(IRO). For a strongly
multi-property-robust hash function combiner, if either hash function has
property P, the combiner also has this property. There are four kinds of
combiners mentioned that we can implement. The basic one is Comb4P which can
preserve four properties ( CR, MAC, TCR, PRF) but cannot preserve IRO. There
are many crypto schemes that are proved secure in the Random Oracle Model.
So the indifferentiability property is important. If C is indifferentiable
from a random oracle then C can replace the random oracle in any
cryptosystem. The second one is Comb4P&IRO which can preserve additional IRO
property. And the third one is Comb4P&OW which can preserve CR, TCR, MAC and
OW properties. The last one is Comb6P which is the strongest and can
preserve CR, TCR, PRF, MAC, OW, IRO.

3. all kinds of test harness, unit tests, test vectors
About 2-3 weeks
Do unit tests and test vectors. Write test harness to exercise the new
components as much as possible. Thoroughly test the components. The unit
tests need to be done when each feature is complemented.

4. documentation and specification
About 1 week
Write related documentation and specification for afterwards maintenance and
modification etc. Including source codes, design rational, structure of
components etc.

5. (when all of above is successfully completed) combiner of signature
algorithm, related test harness and doc etc.
This part will be done when the above part is successfully completed. The
rough plan is that maybe implementing a combiner of signature algorithms
such as RSA and ECDSA signature. This part need further discussed.

Reference:
[1] M.Fischlin, A.Lehmann, D.Wagner, "Hash Function Combiners in TLS and
SSL", CT-RSA 2010
http://www.cdc.informatik.tu-darmstadt.de/~fischlin/publications/fischlin.ssl-combiners.2010.pdf

[2] M.Fischlin, A.Lehmann, K.Pietrzak, "Robust Multi-Property Combiners for
Hash Functions Revisites."
http://www.cdc.informatik.tu-darmstadt.de/~alehmann/publications/MPRCombinersRevisited.pdf

 Regards
   Yu Xue

-- 
    此致
敬礼!
                      薛宇

                  身前身后
                  是时间的深渊
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://allmydata.org/pipermail/tahoe-dev/attachments/20100416/faeddcd0/attachment.htm 