A Protocol for Authenticated Anonymous Communications by Post-Quantum Cryptography and Smart Contracts

Document Type : Original Article

Authors

1 Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran

2 ISMS Lead Auditor and Industrial Cybersecurity Consultant, Amnafzar Gostar Apadana Co., Tehran, Iran

3 Faculty of Mathematics and Computer Science, Amirkabir University of Technology, Tehran, Iran

Abstract

Security of communications is a foundation for interactions in the cyber space.  Recent advances in the field of quantum computing has attracted attentions to quantum attacks. Post-quantum cryptography is a relatively new field of research and few post-quantum protocols have been proposed for secure communications. In particular, authentication of the two communicating peers while preserving their privacy and anonymity is a real challenge. In this paper, we propose a comprehensive protocol for secure authentication, key agreement, and message encryption which is resistant to quantum attacks. We use the blockchain technology and a smart contract for authentication, and the double-ratchet protocol for end-to-end encryption. Our initial key agreement uses post-quantum cryptography which brings a high level of security to our protocol. We store public keys on a cloud storage for saving costs but authenticate them using smart contracts. Our analysis of the proposed protocol demonstrates our superiority from privacy, security, and performance aspects in comparison to the related works.
Security of communications is a foundation for interactions in the cyber space.  Recent advances in the field of quantum computing has attracted attentions to quantum attacks. Post-quantum cryptography is a relatively new field of research and few post-quantum protocols have been proposed for secure communications. In particular, authentication of the two communicating peers while preserving their privacy and anonymity is a real challenge. In this paper, we propose a comprehensive protocol for secure authentication, key agreement, and message encryption which is resistant to quantum attacks. We use the blockchain technology and a smart contract for authentication, and the double-ratchet protocol for end-to-end encryption. Our initial key agreement uses post-quantum cryptography which brings a high level of security to our protocol. We store public keys on a cloud storage for saving costs but authenticate them using smart contracts. Our analysis of the proposed protocol demonstrates our superiority from privacy, security, and performance aspects in comparison to the related works.

Keywords


[1] زینب اسکندری، مرجان کائدی، علی بهلولی، «استخراج توکن‌های رمزنگاری جستجوپذیر از ترافیک فشرده‌شده HTTPS به‌منظور بازرسی محتوایی»، مجله مهندسی برق دانشگاه تبریز، جلد ۵۰، شماره ۳، صص. ۱۰۲۳-۱۰۱۱، 1399.
[2] مهرداد زبیری، بابک مظلوم نژاد میبدی، «معرفی روش جدید رمزنگاری مبتنی بر تولید متن رمز شده متغیر»، مجله مهندسی برق دانشگاه تبریز، جلد ۴۹، شماره ۲، صص. ۶۴۴-۶۲۷، 1398.
[3] Chen, et al., “Report on Post-Quantum Cryptography,” Report NISTIR 8105, National Institute of Standards and Technology, US, 2016, Available online at: https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf [Accessed July 16, 2022].
[4] “Post-Quantum Cryptography: Call for Proposals,” National Institute of Standards and Technology, US, July 7, 2022, Available online at: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/Call-for-Proposals [Accessed July 16, 2022].
[5] PQC Standardization Process: Announcing Four Candidates to be Standardized, Plus Fourth Round Candidates, National Institute of Standards and Technology, US, July 05, 2022, Available online at: https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4 [Accessed July 16, 2022].
[6] T. M. Fernández-Caramès, P. Fraga-Lamas, "Towards post-quantum blockchain: A review on blockchain cryptography resistant to quantum computing attacks," IEEE Access, vol. 8, pp. 21091-21116, 2020.
[7] N. Bindel, U. Herath, M. McKague, D. Stebila, "Transitioning to a quantum-resistant public key infrastructure," International Workshop on Post-Quantum Cryptography, pp. 384-405, 2017.
[8] P. Kampanakis, P. Panburana, E. Daw, D. Van Geest, "The Viability of Post-quantum X. 509 Certificates," IACR Cryptol. ePrint Arch., vol. 2018, p. 63, 2018.
[9] M. Braithwaite, “Experimenting with Post-Quantum Cryptography,” Google online security blog, July 2016, Available online at: https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html [Accessed on July 17, 2021].
[10] Alkim, L. Ducas, T. Pöppelmann, P. Schwabe, "Post-quantum key exchange—a new hope," 25th USENIX security symposium (USENIX security 16), pp. 327–343, 2016.
[11] Bos, C. Costello, L. Ducas, I. Mironov, M. Naehrig, V. Nikolaenko, A. Raghunathan, D. Stebila, "Frodo: Take off the ring! Practical, quantum-secure key exchange from LWE," Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1006–1018, 2016.
[12] Alwen, S. Coretti, and Y. Dodis, "The double ratchet: Security notions, proofs, and modularization for the signal protocol," Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 129-158, 2019.
[13] "Signal," Signal.org, Available online at: https://signal.org/docs/ [Accessed Dec. 15, 2020].
[14] Marlinspike, "WhatsApp’s Signal Protocol integration is now complete,” Signal.org, Available online at: https://signal.org/blog/whatsapp-complete [Accessed Dec. 15, 2020].
[15] "WhatsApp Encryption Overview," Technical white paper, WhatsApp.com, Available online at: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf [Accessed Dec. 15, 2020].
[16] “Facebook Messenger Deploys Signal Protocol for End-to-End Encryption,” Signal.org, Available online at: https://signal.org/blog/facebookmessenger [Accessed Dec. 15, 2020].
[17] “Open Whisper Systems Partners with Google on End-to-End Encryption for Allo,” Signal.org, Available online at: https://signal.org/blog/allo [Accessed Dec. 15, 2020].
[18] Lund, “Signal Partners with Microsoft to Bring End-to-End Encryption to Skype,” Signal.org, Available online at: https://signal.org/blog/skype-partnership [Accessed Dec. 15, 2020].
[19] Borisov, I. Goldberg, E. Brewer, “Off-the-record communication, or, why not to use PGP,” aProceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, pp. 77-84, 2004.
[20] Bobrysheva, S. Zapechnikov, "Post-Quantum Security of Messaging Protocols: Analysis of Double Ratcheting Algorithm," the 2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 2041-2044, 2020.
[21] Karbasi, S. Shahpasand, "SINGLETON: A Lightweight and Secure End-to-End Encryption Protocol for the Sensor Networks in the Internet of Things based on Cryptographic Ratchets," The Journal of Supercomputing, vol. 77, no. 4, pp. 1-39, 2021.
[22] Karbasi, S. Shahpasand, "A Post-quantum End-to-end Encryption over Smart Contract-Based Blockchain for Defeating Man-in-the-Middle and Interception Attacks", Peer-to-Peer Networking and Applications, vol. 13, no. 5, pp. 1-19, 2020.
[23] Buterin, “Ethereum Whitepaper,” Ethereum.org, 2014, Available online at: https://ethereum.org/en/whitepaper/ [Accessed Dec. 15, 2020].
[24] Zhang, F. Xiao, X. Luo, "A Framework and DataSet for Bugs in Ethereum Smart Contracts," the 2020 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 139-150, 2020.
[25] SIDH GitHub, Available online at: https://github.com/Microsoft/PQCrypto-SIDH [Accessed Dec. 15, 2020].
[26] Durieux, J. F. Ferreira, R. Abreu, P. Cruz, "Empirical review of automated analysis tools on 47,587 Ethereum smart contracts", Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 530-541,2020.
[27] “Smart Contract Weakness Classification and Test Cases.” SWC Registry, Available online at: https://swcregistry.io/ [Accessed Dec. 15, 2020].
[28] Dika, M. Nowostawski, "Security vulnerabilities in ethereum smart contracts", the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 955-962, 2018.