|
|
Lattice-based Threshold Signature Optimization for RAM Constrained Devices
Shapoval, Vladyslav ; Ricci, Sara
The DS2 scheme is a lattice-based (n, n)-threshold signature based on the standardized Dilithium signature. However, deploying DS2, as well as Dilithium, on microcontrollers is a challenge due to the memory limitations of these devices. While the decryption phase can be implemented relatively straightforwardly, the key generation and signing phases require the generation and manipulation of large matrices and vectors, which can quickly exhaust the available memory on the microcontroller. In this paper, we propose an optimization of the DS2 key generation and signing algorithms tailored for microcontrollers. Our approach focuses on minimizing memory consumption by generating large elements, such as the commitment key ck and the random commitment parameter r, on the fly from random and non-random seeds. This approach significantly reduces the overall size of the signature from 143 KB to less than 5 KB, depending on the number of signers involved. We also split the algorithms into two distinct components: a security-critical part and a non-security-critical part. The security-critical part contains operations that require secret knowledge and must be run on the microcontroller itself. Conversely, the non-critical part contains operations that do not require secret knowledge and can be performed on a connected, more powerful central host.
|
|
|
Post-quantum Secure Communication in IoT
Goldshtein, Daniil ; Ricci, Sara (oponent) ; Malina, Lukáš (vedoucí práce)
This work concentrates on the current state of Post-Quantum cryptography and it's applicability on the resource-limited environment of Internet of Things. In theoretical part, it briefly describes currently known types of Post-Quantum algorithms and analyses their best implementations either already recommended, or the ones closest to be selected for further standardization. It also focuses on existing challenges and limitations regarding Internet of Things. The practical part of this thesis is dedicated to the comparison of multiple libraries in terms of their modularity, resource efficiency, support and performance on operating with standardized Post-Quantum algorithms. It is then dedicated to the implementation providing authencity of data with the help of quantum resistant digital signatures, as well as its encryption. The results of all tests are systemized in tables. The conclusion of this thesis contains final analysis and summarizes the results achieved with the developed framework.
|
|
|
Web application module for the design of cybersecurity curricula
Hrachovina, Jiří ; Sikora, Marek (oponent) ; Ricci, Sara (vedoucí práce)
This thesis focuses on enhancing the web-based application REWIRE Cybersecurity Profiler by integrating a machine learning algorithm for course description analysis. This component enables the automatic analysis of course descriptions and links the resulting skill groups to the ENISA ECSF profiles. Additionally, several improvements to the existing application have been proposed, including the implementation of functional URLs, visualization of visitor data through graphs, generation of course descriptions using ChatGPT, and optimization of user interface elements. Finally, the thesis includes a demonstration of the application and proof of its utility in designing study programs.
|
|
|
Hybrid key-combiner for network traffic
Mogrovics, Alexander ; Dzurenda, Petr (oponent) ; Ricci, Sara (vedoucí práce)
Classic cryptography relies predominantly on integer factorization (IF), which is used in RSA, and discrete logarithm problem (DLP), which is used in Diffie-Hellman protocol, or an elliptic curve discrete logarithm problem. Security of these problems is threatened by the advent of quantum computing. For instance, Shorr’s algorithm is able to solve both IF and DLP in polynomial time. The aim of this thesis is to study schemes that belong to classic cryptography and post quantum cryptography in order to implement a proposed hybrid key combiner. This key combiner uses keys from QKD, Kyber and ECDH schemes and internally uses SHA-3 and HMAC.
|
|
|
Confidentiality-preserving computations using homomorphic encryption
Rybár, Matej ; Ricci, Sara (oponent) ; Člupek, Vlastimil (vedoucí práce)
This master's thesis examines homomorphic encryption, focusing on theoretical foundations, security principles, and practical applications. The TFHE library's Rust variant (TFHE-rs) was selected for its performance and security. A military usage scenario involving the Military Grid Reference System (MGRS) was developed to demonstrate secure cloud computing. Homomorphic implementations of MGRS conversion, square root calculations, IEEE 754 floating-point representation, integer-based square root, floating-point square root, and SHA-256 hashing were created. Performance benchmarks showed the homomorphic floating-point square root required approximately 22 seconds and SHA-256 about 10 seconds. The thesis describes the process from receiving MGRS coordinates to returning the computed distance with its hash, detailing a secure client-server architecture. Docker Compose simulated the cloud environment, with Ansible automating deployment. The frontend, developed with React and Leaflet, provides an interactive interface. The successful implementation highlights the feasibility and significance of homomorphic encryption for enhancing data security.
|
|
|
Lattice-Based Cryptography on Constrained Devises
Shapoval, Vladyslav ; Dzurenda, Petr (oponent) ; Ricci, Sara (vedoucí práce)
This master’s thesis presents a modified software implementation of the module-lattice-based signature scheme Dilithium and its distributed variant DS2 for the ARM Cortex-M4 microcontroller. Dilithium is a part of the CRYSTALS suite and was selected by the NIST as a new post-quantum signature standard. This work is focused on reducing the memory footprint of both algorithms in order to make them more applicable to a wider spectrum of microcontrollers and constrained devices. Both signatures were optimized to run on the STM32 Cortex-M4 microcontroller. On one hand, Dilithium signature presented an already optimized implementation that can run on a microcontroller. Therefore, we focused on adding hardware acceleration support for AES for the generation of pseudo-random numbers during the generation of the signature. On the other hand, DS2 signature is more memory demanding and we proposed two microcontroller-tailored optimization approaches. These optimizations aim to reduce memory consumption while maintaining security strength. Experimental results and security analysis demonstrate the efficacy and practicality of our solutions. As a result of our work, we successfully developed new versions of both Dilithium and DS2 with memory consumption reduced by more than 50\% and 90\%, respectively, compared to the original.
|
|
|
Quantum and Post-quantum Cryptography
Krivulčík, Andrej ; Ricci, Sara (oponent) ; Hajný, Jan (vedoucí práce)
With advances in quantum computing comes the threat of breaking the algorithms that are used in everyday communication. With this, an industry of post-quantum cryptography has emerged that develops algorithms resistant to quantum computers. The aim of this thesis is to study methods for combining and using keys established by quantum and post-quantum algorithms in such a way that if one of the given algorithms is broken the resulting hybrid key will still be secure. The resulting key is then used in encrypting the file using AES--256 which is sent between clients.
|
|
|
Web application on elliptic curve cryptography
Štark, Daniel ; Dzurenda, Petr (oponent) ; Ricci, Sara (vedoucí práce)
Elliptic Curve Cryptography is currently the most used form of public-key cryptography. Theoretical part of this thesis is divided to two chapters. The first chapter describes important topics from algebra and number theory, on which the Elliptic Curve Cryptography is built. This includes groups, finite fields, elliptic curves themselves and the mathematical principles of two well-known and used protocols -- ECDH and ECDSA. The second chapter describes the tools, which were used for implementation of user-friendly web application, capable of simulating fundamental operations on elliptic curves and the aforementioned protocols. Key tools, which are introduced in this chapter, are mathematics software system SageMath and framework Spring, used for implementation of web applications in Java. The third chapter of this thesis describes the way the introduced tools were used, ergo the implementation of the web application itself.
|
|
|
Atributová autentizace na platformě Android
Strakoš, Jan ; Ricci, Sara (oponent) ; Malina, Lukáš (vedoucí práce)
Diplomová práce se zabývá implementací pilotního systému atributové autentizace na platformě Android. Podpora atributové autentizace na platformě Android je co do počtu implementací velmi slabá a je potřeba jí věnovat zvýšenou pozornost. V teoretické části práce je rozebrána kryptografická podpora na platformě Android, využití nástroje Android NDK (Native Development Kit) a služby HCE (Host-Card Emulation). Součástí teoretické části práce je i popis schémat systému atributové autentizace včetně pilotního systému RKVAC. Praktická část popisuje průběh implementace systému RKVAC na platformě Android společně s implementací vlastního kryptografického jádra založeného na nativní kryptografické knihovně MCL. V závěru práce jsou uvedeny výsledky měření časové, paměťové a výpočetní náročnosti vytvořených mobilních aplikací.
|
|
|
Web application demonstrating lattice-based cryptography
Sečkár, Martin ; Jedlička, Petr (oponent) ; Ricci, Sara (vedoucí práce)
The aim of this thesis is to develop and implement a web application demonstrating lattice-based cryptography. The application was developed using mainly the Python programming language and Docker container platform. More specifically, the modules utilize the Bokeh library and custom JavaScript functionality expanding the Bokeh library. The modules are hosted on a Flask server where the background calculations are being computed using numPy library. The application contains three modules describing the closest vector problem, learning with errors problem and the Boyen cryptographic protocol based on the latter problem. Users are able to visualize two dimensional lattices and perform selected computations. The codebase is easily expandable and can serve as a learning platform. The thesis also includes installation and user manual.
|
host ::
