|
|
Hybrid key-combiner for network traffic
Mogrovics, Alexander ; Dzurenda, Petr (oponent) ; Ricci, Sara (vedoucí práce)
Classic cryptography relies predominantly on integer factorization (IF), which is used in RSA, and discrete logarithm problem (DLP), which is used in Diffie-Hellman protocol, or an elliptic curve discrete logarithm problem. Security of these problems is threatened by the advent of quantum computing. For instance, Shorr’s algorithm is able to solve both IF and DLP in polynomial time. The aim of this thesis is to study schemes that belong to classic cryptography and post quantum cryptography in order to implement a proposed hybrid key combiner. This key combiner uses keys from QKD, Kyber and ECDH schemes and internally uses SHA-3 and HMAC.
|
|
|
Confidentiality-preserving computations using homomorphic encryption
Rybár, Matej ; Ricci, Sara (oponent) ; Člupek, Vlastimil (vedoucí práce)
This master's thesis examines homomorphic encryption, focusing on theoretical foundations, security principles, and practical applications. The TFHE library's Rust variant (TFHE-rs) was selected for its performance and security. A military usage scenario involving the Military Grid Reference System (MGRS) was developed to demonstrate secure cloud computing. Homomorphic implementations of MGRS conversion, square root calculations, IEEE 754 floating-point representation, integer-based square root, floating-point square root, and SHA-256 hashing were created. Performance benchmarks showed the homomorphic floating-point square root required approximately 22 seconds and SHA-256 about 10 seconds. The thesis describes the process from receiving MGRS coordinates to returning the computed distance with its hash, detailing a secure client-server architecture. Docker Compose simulated the cloud environment, with Ansible automating deployment. The frontend, developed with React and Leaflet, provides an interactive interface. The successful implementation highlights the feasibility and significance of homomorphic encryption for enhancing data security.
|
|
|
Lattice-Based Cryptography on Constrained Devises
Shapoval, Vladyslav ; Dzurenda, Petr (oponent) ; Ricci, Sara (vedoucí práce)
This master’s thesis presents a modified software implementation of the module-lattice-based signature scheme Dilithium and its distributed variant DS2 for the ARM Cortex-M4 microcontroller. Dilithium is a part of the CRYSTALS suite and was selected by the NIST as a new post-quantum signature standard. This work is focused on reducing the memory footprint of both algorithms in order to make them more applicable to a wider spectrum of microcontrollers and constrained devices. Both signatures were optimized to run on the STM32 Cortex-M4 microcontroller. On one hand, Dilithium signature presented an already optimized implementation that can run on a microcontroller. Therefore, we focused on adding hardware acceleration support for AES for the generation of pseudo-random numbers during the generation of the signature. On the other hand, DS2 signature is more memory demanding and we proposed two microcontroller-tailored optimization approaches. These optimizations aim to reduce memory consumption while maintaining security strength. Experimental results and security analysis demonstrate the efficacy and practicality of our solutions. As a result of our work, we successfully developed new versions of both Dilithium and DS2 with memory consumption reduced by more than 50\% and 90\%, respectively, compared to the original.
|
|
|
Quantum and Post-quantum Cryptography
Krivulčík, Andrej ; Ricci, Sara (oponent) ; Hajný, Jan (vedoucí práce)
With advances in quantum computing comes the threat of breaking the algorithms that are used in everyday communication. With this, an industry of post-quantum cryptography has emerged that develops algorithms resistant to quantum computers. The aim of this thesis is to study methods for combining and using keys established by quantum and post-quantum algorithms in such a way that if one of the given algorithms is broken the resulting hybrid key will still be secure. The resulting key is then used in encrypting the file using AES--256 which is sent between clients.
|
|
|
Web application on elliptic curve cryptography
Štark, Daniel ; Dzurenda, Petr (oponent) ; Ricci, Sara (vedoucí práce)
Elliptic Curve Cryptography is currently the most used form of public-key cryptography. Theoretical part of this thesis is divided to two chapters. The first chapter describes important topics from algebra and number theory, on which the Elliptic Curve Cryptography is built. This includes groups, finite fields, elliptic curves themselves and the mathematical principles of two well-known and used protocols -- ECDH and ECDSA. The second chapter describes the tools, which were used for implementation of user-friendly web application, capable of simulating fundamental operations on elliptic curves and the aforementioned protocols. Key tools, which are introduced in this chapter, are mathematics software system SageMath and framework Spring, used for implementation of web applications in Java. The third chapter of this thesis describes the way the introduced tools were used, ergo the implementation of the web application itself.
|
|
|
Atributová autentizace na platformě Android
Strakoš, Jan ; Ricci, Sara (oponent) ; Malina, Lukáš (vedoucí práce)
Diplomová práce se zabývá implementací pilotního systému atributové autentizace na platformě Android. Podpora atributové autentizace na platformě Android je co do počtu implementací velmi slabá a je potřeba jí věnovat zvýšenou pozornost. V teoretické části práce je rozebrána kryptografická podpora na platformě Android, využití nástroje Android NDK (Native Development Kit) a služby HCE (Host-Card Emulation). Součástí teoretické části práce je i popis schémat systému atributové autentizace včetně pilotního systému RKVAC. Praktická část popisuje průběh implementace systému RKVAC na platformě Android společně s implementací vlastního kryptografického jádra založeného na nativní kryptografické knihovně MCL. V závěru práce jsou uvedeny výsledky měření časové, paměťové a výpočetní náročnosti vytvořených mobilních aplikací.
|
|
|
Web application demonstrating lattice-based cryptography
Sečkár, Martin ; Jedlička, Petr (oponent) ; Ricci, Sara (vedoucí práce)
The aim of this thesis is to develop and implement a web application demonstrating lattice-based cryptography. The application was developed using mainly the Python programming language and Docker container platform. More specifically, the modules utilize the Bokeh library and custom JavaScript functionality expanding the Bokeh library. The modules are hosted on a Flask server where the background calculations are being computed using numPy library. The application contains three modules describing the closest vector problem, learning with errors problem and the Boyen cryptographic protocol based on the latter problem. Users are able to visualize two dimensional lattices and perform selected computations. The codebase is easily expandable and can serve as a learning platform. The thesis also includes installation and user manual.
|
|
|
Cryptographic Escape Room Game
Nosek, Ondřej ; Jedlička, Petr (oponent) ; Ricci, Sara (vedoucí práce)
The thesis deals with the implementation of the escape room game in the form of a~web application. The topic of each room is cryptography in many forms. Concretely it is modular arithmetic, a system for data encryption, including its particular algorithms, as~Advanced Encryption Standard is, or network security basics. The main goals of the thesis are to get acquainted with the topic of escape games, web applications, and the realization of web applications. The escape game contains a total of~four rooms. The thesis describes the choice of technologies on which the application will be built and the implementation of individual rooms, including the possibility of~solving tasks. In the end, it summarizes the achieved results and goals.
|
|
|
Application for monitoring of Linux servers
Kačmarčík, Martin ; Ricci, Sara (oponent) ; Komosný, Dan (vedoucí práce)
PlanetLab Server Manager is an application helping users to develop distributed network projects using the PlanetLab network. It gives an ability to search for a server by its geographical position and access these servers. It offers functionality to render servers on world map. This thesis covers details of the PlanetLab network and its infrastructure. It describes PlanetLab Server Manager (also known as plbmng) and identifies its problems in the current version. The thesis aims to address these problems and describes all the improvements made to the application. Finally, it analyzes the overall status of PlanetLab network using the newly developed tools for status monitoring. To help enable the network projects even further, this Master thesis aims to improve the current application by re-writing it fully into Python 3 language. As the current application is implemented in Bash reimplementation requires complete re-design and re-implementation of functions and will allow to fully utilize perks of Python 3 language. Thesis also aims to extend existing functionality by adding support for filtering servers by their operational status and other small improvements. Application source code is available on GitHUB under the MIT license and the application is available in the PyPI repository as well.
|
|
|
Cryptography on Programmable Smart Cards
Wikarská, Dagmar ; Ricci, Sara (oponent) ; Hajný, Jan (vedoucí práce)
This thesis explores the topic of cryptography schemes using anonymous credentials and revocation. It uses smart cards as anonymous authentication devices with blacklist revocation. Final output of this work is an implementation of a revocation scheme CDH16 on MultOS platform. Secure authentication devices used in banking, transportation, or building access, en- hances anonymity of the user. Implemented protocols could be used as such tools, pre- venting verifier from knowing irrelevant private information. Added revocation scheme protects from misuse of revoked cards by using blacklisting. Blacklisted cards are blocked and verification fails. This requires update of all verifiers blacklist each epoch.
|
host ::
RSS.