پروتکلی برای ارتباطات گمنام احراز اصالت شده با رمزنگاری پساکوانتومی و قراردادهای هوشمند

نوع مقاله : علمی-پژوهشی

نویسندگان

1 دانشکده مهندسی برق و کامپیوتر- دانشگاه تربیت مدرس- تهران- ایران

2 شرکت امن افزار گستر آپادانا- تهران- ایران

3 دانشکده ریاضی و علوم کامپیوتر- دانشگاه صنعتی امیرکبیر- تهران- ایران

چکیده

ارتباط امن یکی از پایه‌ای‌ترین زیرساخت‌ها در فضای مجازی است. هرچند پروتکل‌های قدرتمندی به این منظور ارائه شده‌اند اما با پیشرفت‌هایی که خصوصاً‌ در چند سال اخیر در ایجاد رایانه‌های کوانتومی اتفاق افتاده، مقاومت نسبت به حملات کوانتومی مورد توجه ویژه قرار گرفته است. به دلیل جدید و نابالغ بودن حوزه پساکوانتوم، پروتکل‌های پساکوانتومی معدودی در دسترس هستند. همچنین احراز هویت طرفین در ضمن حفظ حریم خصوصی و گمنامی آن‌ها همواره با چالش‌هایی همراه بوده است. در این مقاله، یک پروتکل کامل برای احراز هویت، توافق کلید، و تبادل پیام ارائه شده است که نسبت به حملات کوانتومی مقاوم است، از زنجیره قالب‌ها و قراردادهای هوشمند برای احراز هویت استفاده می‌کند، و با استفاده از الگوریتم چرخ‌دنده دوتایی و رمزنگاری انتها-به-انتها از امنیت بالایی در تبادل پیام برخوردار است. در این پروتکل از توافق کلید پساکوانتومی در آغاز ارتباط استفاده می‌شود. کلیدهای عمومی مربوطه در فضای ابری نگهداری، و برای احراز اصالت آن‌ها از قرارداد هوشمند استفاده می‌شود. کلیدهای رمزنگاری با استفاده از پروتکل چرخ دنده دوتایی تولید می‌شوند و برای هر پیام یکتا هستند. ارزیابی این پروتکل نشان می‌دهد نسبت به پروتکل‌های پیشین بهبود یافته، و توانسته است در عین حفظ حریم خصوصی و امنیت بالا، کارایی خوبی داشته و در عمل قابل استفاده باشد.

کلیدواژه‌ها

عنوان مقاله [English]

A Protocol for Authenticated Anonymous Communications by Post-Quantum Cryptography and Smart Contracts

نویسندگان [English]

  • M. M. Mojahed 1
  • A. Hassani Karbasi 2
  • S. Dorri Nogoorani 1
  • A. Kiakojouri 3
1 Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran
2 ISMS Lead Auditor and Industrial Cybersecurity Consultant, Amnafzar Gostar Apadana Co., Tehran, Iran
3 Faculty of Mathematics and Computer Science, Amirkabir University of Technology, Tehran, Iran
چکیده [English]

Security of communications is a foundation for interactions in the cyber space.  Recent advances in the field of quantum computing has attracted attentions to quantum attacks. Post-quantum cryptography is a relatively new field of research and few post-quantum protocols have been proposed for secure communications. In particular, authentication of the two communicating peers while preserving their privacy and anonymity is a real challenge. In this paper, we propose a comprehensive protocol for secure authentication, key agreement, and message encryption which is resistant to quantum attacks. We use the blockchain technology and a smart contract for authentication, and the double-ratchet protocol for end-to-end encryption. Our initial key agreement uses post-quantum cryptography which brings a high level of security to our protocol. We store public keys on a cloud storage for saving costs but authenticate them using smart contracts. Our analysis of the proposed protocol demonstrates our superiority from privacy, security, and performance aspects in comparison to the related works.
Security of communications is a foundation for interactions in the cyber space.  Recent advances in the field of quantum computing has attracted attentions to quantum attacks. Post-quantum cryptography is a relatively new field of research and few post-quantum protocols have been proposed for secure communications. In particular, authentication of the two communicating peers while preserving their privacy and anonymity is a real challenge. In this paper, we propose a comprehensive protocol for secure authentication, key agreement, and message encryption which is resistant to quantum attacks. We use the blockchain technology and a smart contract for authentication, and the double-ratchet protocol for end-to-end encryption. Our initial key agreement uses post-quantum cryptography which brings a high level of security to our protocol. We store public keys on a cloud storage for saving costs but authenticate them using smart contracts. Our analysis of the proposed protocol demonstrates our superiority from privacy, security, and performance aspects in comparison to the related works.

کلیدواژه‌ها [English]

  • Post-quantum cryptography
  • blockchain
  • smart contract
  • privacy
  • anonymity
  • key management

مراجع

[1] زینب اسکندری، مرجان کائدی، علی بهلولی، «استخراج توکن‌های رمزنگاری جستجوپذیر از ترافیک فشرده‌شده HTTPS به‌منظور بازرسی محتوایی»، مجله مهندسی برق دانشگاه تبریز، جلد ۵۰، شماره ۳، صص. ۱۰۲۳-۱۰۱۱، 1399.
[2] مهرداد زبیری، بابک مظلوم نژاد میبدی، «معرفی روش جدید رمزنگاری مبتنی بر تولید متن رمز شده متغیر»، مجله مهندسی برق دانشگاه تبریز، جلد ۴۹، شماره ۲، صص. ۶۴۴-۶۲۷، 1398.
[3] Chen, et al., “Report on Post-Quantum Cryptography,” Report NISTIR 8105, National Institute of Standards and Technology, US, 2016, Available online at: https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf [Accessed July 16, 2022].
[4] “Post-Quantum Cryptography: Call for Proposals,” National Institute of Standards and Technology, US, July 7, 2022, Available online at: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/Call-for-Proposals [Accessed July 16, 2022].
[5] PQC Standardization Process: Announcing Four Candidates to be Standardized, Plus Fourth Round Candidates, National Institute of Standards and Technology, US, July 05, 2022, Available online at: https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4 [Accessed July 16, 2022].
[6] T. M. Fernández-Caramès, P. Fraga-Lamas, "Towards post-quantum blockchain: A review on blockchain cryptography resistant to quantum computing attacks," IEEE Access, vol. 8, pp. 21091-21116, 2020.
[7] N. Bindel, U. Herath, M. McKague, D. Stebila, "Transitioning to a quantum-resistant public key infrastructure," International Workshop on Post-Quantum Cryptography, pp. 384-405, 2017.
[8] P. Kampanakis, P. Panburana, E. Daw, D. Van Geest, "The Viability of Post-quantum X. 509 Certificates," IACR Cryptol. ePrint Arch., vol. 2018, p. 63, 2018.
[9] M. Braithwaite, “Experimenting with Post-Quantum Cryptography,” Google online security blog, July 2016, Available online at: https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html [Accessed on July 17, 2021].
[10] Alkim, L. Ducas, T. Pöppelmann, P. Schwabe, "Post-quantum key exchange—a new hope," 25th USENIX security symposium (USENIX security 16), pp. 327–343, 2016.
[11] Bos, C. Costello, L. Ducas, I. Mironov, M. Naehrig, V. Nikolaenko, A. Raghunathan, D. Stebila, "Frodo: Take off the ring! Practical, quantum-secure key exchange from LWE," Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1006–1018, 2016.
[12] Alwen, S. Coretti, and Y. Dodis, "The double ratchet: Security notions, proofs, and modularization for the signal protocol," Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 129-158, 2019.
[13] "Signal," Signal.org, Available online at: https://signal.org/docs/ [Accessed Dec. 15, 2020].
[14] Marlinspike, "WhatsApp’s Signal Protocol integration is now complete,” Signal.org, Available online at: https://signal.org/blog/whatsapp-complete [Accessed Dec. 15, 2020].
[15] "WhatsApp Encryption Overview," Technical white paper, WhatsApp.com, Available online at: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf [Accessed Dec. 15, 2020].
[16] “Facebook Messenger Deploys Signal Protocol for End-to-End Encryption,” Signal.org, Available online at: https://signal.org/blog/facebookmessenger [Accessed Dec. 15, 2020].
[17] “Open Whisper Systems Partners with Google on End-to-End Encryption for Allo,” Signal.org, Available online at: https://signal.org/blog/allo [Accessed Dec. 15, 2020].
[18] Lund, “Signal Partners with Microsoft to Bring End-to-End Encryption to Skype,” Signal.org, Available online at: https://signal.org/blog/skype-partnership [Accessed Dec. 15, 2020].
[19] Borisov, I. Goldberg, E. Brewer, “Off-the-record communication, or, why not to use PGP,” aProceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, pp. 77-84, 2004.
[20] Bobrysheva, S. Zapechnikov, "Post-Quantum Security of Messaging Protocols: Analysis of Double Ratcheting Algorithm," the 2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 2041-2044, 2020.
[21] Karbasi, S. Shahpasand, "SINGLETON: A Lightweight and Secure End-to-End Encryption Protocol for the Sensor Networks in the Internet of Things based on Cryptographic Ratchets," The Journal of Supercomputing, vol. 77, no. 4, pp. 1-39, 2021.
[22] Karbasi, S. Shahpasand, "A Post-quantum End-to-end Encryption over Smart Contract-Based Blockchain for Defeating Man-in-the-Middle and Interception Attacks", Peer-to-Peer Networking and Applications, vol. 13, no. 5, pp. 1-19, 2020.
[23] Buterin, “Ethereum Whitepaper,” Ethereum.org, 2014, Available online at: https://ethereum.org/en/whitepaper/ [Accessed Dec. 15, 2020].
[24] Zhang, F. Xiao, X. Luo, "A Framework and DataSet for Bugs in Ethereum Smart Contracts," the 2020 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 139-150, 2020.
[25] SIDH GitHub, Available online at: https://github.com/Microsoft/PQCrypto-SIDH [Accessed Dec. 15, 2020].
[26] Durieux, J. F. Ferreira, R. Abreu, P. Cruz, "Empirical review of automated analysis tools on 47,587 Ethereum smart contracts", Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 530-541,2020.
[27] “Smart Contract Weakness Classification and Test Cases.” SWC Registry, Available online at: https://swcregistry.io/ [Accessed Dec. 15, 2020].
[28] Dika, M. Nowostawski, "Security vulnerabilities in ethereum smart contracts", the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 955-962, 2018.
 

فایل ها

هم رسانی

ارجاع به این مقاله

آمار