Cryptography

06 January 2025 13:45

Secret Sharing & Zero Knowledge Proof

Secret Sharing
Definition
Secret sharing is a cryptographic technique used to divide a secret (e.g., a password, encryption key, or other sensitive data) into
multiple parts, called shares. These shares are distributed among participan4ts such that only specific combinations of shares can
reconstruct the original secret, while individual shares are useless on their own.
Key Concepts
1. Threshold Scheme (t, n):
○ A secret is divided into n shares, and any t or more shares can reconstruct the secret, but fewer than t shares reveal nothing
about it.
○ Example: Shamir's Secret Sharing uses polynomial interpolation to achieve this.
2. Redundancy and Security:
○ Ensures fault tolerance, as not all shares are required for reconstruction.
○ Protects against loss or compromise of individual shares.
Applications
1. Secure Multi-Party Computation: Enables computation on shared data without revealing the data itself.
2. Key Management: Safeguards cryptographic keys by distributing them among multiple parties.
3. Data Backup and Recovery: Protects sensitive data by storing parts of it across multiple locations.

Zero-Knowledge Proofs (ZKP)

Definition
A Zero-Knowledge Proof is a cryptographic protocol that allows one party (the prover) to prove to another party (the verifier) that they
possess certain knowledge or information without revealing the information itself.
Key Properties
1. Completeness:
○ If the prover is truthful, the verifier will be convinced of the statement's validity.
2. Soundness:
○ If the prover is dishonest, they cannot convince the verifier of a false statement.
3. Zero-Knowledge:
○ The verifier learns nothing about the actual information, apart from the fact that the prover possesses it.
Example
Imagine proving you know the solution to a puzzle without showing the solution:
• The verifier sets challenges that only someone with the solution can answer.
• After multiple successful challenges, the verifier is convinced you know the solution, but no information about the solutionis
leaked.
Types of ZKPs
1. Interactive ZKPs:
○ Require a back-and-forth interaction between prover and verifier (e.g., graph isomorphism proofs).
2. Non-Interactive ZKPs:
○ Use cryptographic algorithms to produce a proof that can be verified without direct interaction (e.g., zk-SNARKs used in
blockchain).
Applications
1. Authentication: Verifying identity without sharing passwords or sensitive data.
2. Blockchain: Protecting transaction privacy (e.g., Zcash uses zk-SNARKs).
3. Voting Systems: Ensuring vote integrity without revealing individual votes.
4. Access Control: Proving possession of access credentials without revealing them.

Components of key management

Projects Page 1
 Oblivious vs blind signature

Simultaneously Contract Signing Technique & how does it ensures fairness & non repudiation in digital
transaction
Simultaneous Contract Signing Technique
Definition
Simultaneous Contract Signing is a cryptographic protocol that enables two or more parties to exchange
digital commitments (e.g., contracts, agreements) in a way that ensures fairness and non-repudiation.
The goal is to ensure that all parties either successfully exchange the commitments or none of them can
complete the exchange unilaterally.

Key Techniques Used in Simultaneous Contract Signing

1. Fair Exchange Protocols
○ A protocol ensures that both parties either exchange their signed contracts or nothing
happens at all.
○ If one party attempts to cheat or abort, the other party is protected from unfair outcomes.
2. Cryptographic Primitives Used
○ Digital Signatures: Ensure authenticity and non-repudiation of the contracts.
○ Hash Functions: Often used in commitment schemes to securely bind parties to their
commitments without revealing them upfront.
○ Asymmetric Encryption: Protects the exchange by ensuring only the intended recipient can
decrypt the signed contract.
○ Time-Locked Protocols or Trusted Third Party (TTP): Help handle disputes or failures in
fairness.
3. Atomicity:
○ The protocol ensures that both parties are either able to obtain the signed contract or
neither can. This atomic behavior prevents partial or unfair exchanges.

How It Works
Scenario: Two parties (Alice and Bob) want to sign a contract digitally.
1. Step 1: Commit Phase
○ Both parties digitally sign a hash of the contract and exchange these signed commitments.
○ The hash binds each party to the contract without revealing the full document initially.
2. Step 2: Exchange Phase
○ Each party reveals the full signed contract in a controlled manner, ensuring atomicity.
○ Techniques like time-lock encryption or trusted mediators can help facilitate this step.
3. Step 3: Verification
○ Each party verifies the other's signature to ensure that the contract is valid and authentic.
4. Step 4: Completion or Abort
○ If the exchange is successful, both parties hold valid, signed copies of the contract.
○ If one party refuses to reveal the signed contract, the protocol ensures that the other party
can safely abort without losing anything.

Ensuring Fairness in Digital Transactions

Fairness: Ensures that no party has an advantage over the other during the contract signing process.
This is achieved through:
1. Simultaneity: Both parties exchange commitments and contracts at the same time.
2. Atomicity: Neither party can obtain the other's signed contract without providing their own
signed version.
3. Dispute Resolution: Trusted third parties or arbitrators may intervene to resolve disputes,
ensuring no unfair advantage.

Ensuring Non-Repudiation in Digital Transactions

Non-Repudiation: Prevents any party from denying their participation in the transaction. This is
achieved through:
1. Digital Signatures:
○ Each party signs the contract with their private key, creating a unique and verifiable digital
signature.
○ The signature can be verified using the corresponding public key, proving that the signer
cannot repudiate the contract.
2. Audit Trail:
○ The protocol generates a record of the transaction steps, including signed commitments and
exchanges.
○ This log can be used as evidence in case of disputes.
3. Trusted Third Parties (if used):
○ Act as impartial witnesses to ensure non-repudiation by securely logging all actions.

Example Applications
1. E-commerce: Ensuring fair payment and delivery agreements between buyers and sellers.

Projects Page 2
 1. E-commerce: Ensuring fair payment and delivery agreements between buyers and sellers.
2. Smart Contracts: Blockchain-based automated contract exchanges with cryptographic fairness
guarantees.
3. Digital Agreements: Signing NDAs, service-level agreements, or other legal documents online.
By leveraging cryptographic protocols, simultaneous contract signing ensures trust, fairness, and non-
repudiation, even in the absence of direct human oversight.

Criteria to choose a cryptographic algorithm? What are the various risks associated with secret
algorithms
Principles of Security
• Security Strength
• The algorithm must provide sufficient security against known attacks, such as brute-force,
cryptanalysis, or side-channel attacks. Confidentiality
• The strength of the algorithm depends on the key size, structure, and resistance to vulnerabilities. • Ensures that sensitive information is accessible only to authorized individuals
For example, AES is preferred due to its robustness against attacks. or systems.
• Key Size • Prevents unauthorized access, disclosure, or interception.
• Larger key sizes offer stronger security but require more computational resources. • Techniques: Encryption, Access Controls, Data Masking, and Secure
• The chosen key size must balance security needs and performance requirements. For example, Authentication Mechanisms.
RSA recommends at least 2048-bit keys for modern applications.
• Performance and Efficiency 2. Integrity
• Cryptographic algorithms should operate efficiently with minimal processing overhead. • Ensures the accuracy, consistency, and trustworthiness of data over its
• Algorithms like AES are favored for their speed in both hardware and software implementations. lifecycle.
• Scalability • Protects against unauthorized modifications or deletions.
• The algorithm should scale well with growing data and evolving security requirements. • Techniques: Hashing (e.g., SHA-256), Digital Signatures, Checksums, and
• It should allow for key size upgrades without needing a complete overhaul of the system. Message Authentication Codes (MAC).
• Interoperability
• The algorithm should be widely supported and compatible with existing systems, protocols, and 3. Availability
standards. • Ensures that information and resources are accessible to authorized users
• Popular algorithms like AES and RSA are standardized and universally adopted. when needed.
• Flexibility • Protects against disruptions, such as hardware failures, cyberattacks (e.g.,
• The algorithm should be adaptable for different applications, such as securing data at rest, in DDoS), or natural disasters.
transit, and during computation. • Techniques: Redundancy, Load Balancing, Backup Systems, and Disaster
• Regulatory Compliance Recovery Plans.
• Ensure that the algorithm adheres to national or international security standards and regulations
(e.g., FIPS 140-3 compliance).
• Algorithms like AES are approved for use in secure systems by regulatory bodies.
Supporting Security Principles
• Algorithm Lifetime 4. Authentication
• The algorithm should have a long lifespan before becoming obsolete due to advances in • Confirms the identity of users, devices, or systems before granting access.
computational power or new cryptanalysis techniques. • Techniques: Passwords, Multi-Factor Authentication (MFA), Biometrics, and
• Algorithms like SHA-256 are chosen for their robustness against quantum computing Certificates.
advancements. 5. Authorization
• Implementation Complexity • Ensures that authenticated users have appropriate permissions to access
• Simpler algorithms are less prone to implementation errors, reducing potential vulnerabilities. specific resources or perform actions.
• Avoid overly complex designs that could lead to bugs or unintended weaknesses. • Techniques: Role-Based Access Control (RBAC), Attribute-Based Access
• Resistance to Side-Channel Attacks Control (ABAC), and Policy Enforcement.
• The algorithm must protect against attacks that exploit physical implementations, such as timing 6. Non-Repudiation
attacks, power analysis, or fault injections. • Ensures that a user or entity cannot deny the authenticity of their actions.
• Cost Considerations • Techniques: Digital Signatures, Audit Trails, and Secure Logging Mechanisms.
• Cost of implementation, including hardware and software resources, should align with 7. Accountability
organizational budgets. • Establishes responsibility for actions performed within a system, ensuring
• Community and Peer Review traceability and compliance.
• Prefer algorithms that are well-vetted, peer-reviewed, and widely tested by the cryptographic • Techniques: Logging, Auditing, and Forensic Analysis.
community to ensure reliability. 8. Least Privilege
• Users and systems should have the minimum access rights necessary to
Risk of Secret algorithms perform their functions.
• Reduces the risk of accidental or malicious misuse of resources.
1. Lack of Peer Review and Validation 9. Defense in Depth
○ Secret algorithms are not exposed to public scrutiny, making it difficult to identify vulnerabilities. • Employs multiple layers of security measures to protect systems from
○ Without extensive peer review, there may be undiscovered weaknesses that attackers could potential breaches.
exploit. • Combines physical, technical, and administrative controls.
2. Obscurity is Not Security (Kerckhoffs's Principle) 10. Security by Design
○ Relying on secrecy for security violates Kerckhoffs's principle, which states that the security of a • Incorporates security measures into the design and development phase of
system should depend only on the secrecy of the key, not the algorithm. systems rather than adding them as an afterthought.
○ If the algorithm is exposed, the entire system could be compromised. 11. Privacy
3. Limited Expertise and Testing • Protects individuals' personal data from unauthorized collection, use, or
○ Secret algorithms are typically developed and tested by a small group of individuals, increasing the disclosure.
likelihood of design or implementation flaws. • Techniques: Data Anonymization, Secure Storage, and Compliance with
○ Publicly known algorithms benefit from the collective expertise of the cryptographic community. Regulations (e.g., GDPR, CCPA).
4. Incompatibility and Interoperability Issues 12. Resilience
○ Proprietary algorithms may not be compatible with widely accepted cryptographic standards or
• Ensures that systems can withstand, recover from, and adapt to disruptions,
systems.
ensuring continuity of operations.
○ This can lead to isolated implementations that are difficult to integrate with other systems.
5. Higher Risk of Reverse Engineering
○ Attackers may reverse-engineer the algorithm through hardware or software analysis, revealing its
weaknesses.
○ Once discovered, a secret algorithm often lacks the resilience of public algorithms designed to
withstand such scrutiny.
6. Reduced Trust and Adoption
○ Organizations and users are less likely to trust or adopt systems relying on unverified proprietary
algorithms.
○ Open algorithms, like AES or RSA, are widely trusted because they are thoroughly analyzed and
standardized.
7. Difficulties in Updating or Fixing Issues
○ If vulnerabilities are discovered in a secret algorithm, updating or patching it can be more complex
and less transparent.
○ Public algorithms often have a clear roadmap for updates through standards organizations.
8. Single Point of Failure
○ If the secrecy of the algorithm is compromised, the entire system may fail catastrophically, as the
design is not resilient to exposure.
○ Public algorithms are designed to remain secure even if the algorithm's details are known.
9. Increased Development Costs
○ Developing a proprietary algorithm requires significant resources for design, testing, and
maintenance.
○ These costs may outweigh the benefits, especially when robust, publicly available alternatives
exist.
10. Regulatory and Compliance Challenges
• Many industries and governments mandate the use of standardized, peer-reviewed cryptographic
algorithms.
• Proprietary algorithms may fail to meet these regulatory requirements, limiting their use in critical
systems.

Projects Page 3
 Hash function & Method of implementing hash function to achieve confidentiality & authentication
using Asymmetric key encryption
Hash Function
A hash function is a mathematical algorithm that takes an input (message) and produces a fixed-length
output, known as the hash value or digest. Hash functions are widely used in cryptography due to their
properties:
1. Deterministic: The same input always produces the same output.
2. Fast Computation: The hash value is generated quickly.
3. Irreversibility: It is computationally infeasible to reconstruct the original input from the hash
value.
4. Avalanche Effect: A small change in input results in a significantly different hash value.
5. Collision Resistance: It is difficult to find two different inputs that produce the same hash value.
Common cryptographic hash functions include SHA-256, SHA-3, and MD5 (though MD5 is no longer
considered secure).

Transformation performed in single round of AES

AES vs DES

Projects Page 4