Formal Proofs of Security for Privacy-Preserving Blockchains and other Cryptographic Protocols

Longo, Riccardo

January 2018

Cryptography is used to protect data and communications. The basic tools are cryptographic primitives, whose security and efficiency are widely studied. But in real-life applications these primitives are not used individually, but combined inside complex protocols. The aim of this thesis is to analyse various cryptographic protocols and assess their security in a formal way. In chapter 1 the concept of formal proofs of security is introduced and the main categorisation of attack scenarios and types of adversary are presented, and the protocols analysed in the thesis are briefly introduced with some motivation. In chapter 2 are presented the security assumptions used in the proofs of the following chapters, distinguishing between the hardness of algebraic problems and the strength of cryptographic primitives. Once that the bases are given, the first protocols are analysed in chapter 3, where two Attribute Based Encryption schemes are proven secure. First context and motivation are introduced, presenting settings of cloud encryption, alongside the tools used to build ABE schemes. Then the first scheme, that introduces multiple authorities in order to improve privacy, is explained in detail and proven secure. Finally the second scheme is presented as a variation of the first one, with the aim of improving the efficiency performing a round of collaboration between the authorities. The next protocol analysed is a tokenization algorithm for the protection of credit cards. In chapter 4 the advantages of tokenization and the regulations required by the banking industry are presented, and a practical algorithm is proposed, and proven secure and compliant with the standard. In chapter 5 the focus is on the BIX Protocol, that builds a chain of certificates in order to decentralize the role of certificate authorities. First the protocol and the structure of the certificates are introduced, then two attack scenarios are presented and the protocol is proven secure in these settings. Finally a viable attack vector is analysed, and a mitigation approach is discussed. In chapter 6 is presented an original approach on building a public ledger with end-to-end encryption and a one-time-access property, that make it suitable to store sensitive data. Its security is studied in a variety of attack scenarios, giving proofs based on standard algebraic assumptions. The last protocol presented in chapter 7 uses a proof-of-stake system to maintain the consistency of subchains built on top of the Bitcoin blockchain, using only standard Bitcoin transactions. Particular emphasis is given to the analysis of the refund policies employed, proving that the naive approach is always ineffective whereas the chosen policy discourages attackers whose stake falls below a threshold, that may be adjusted varying the protocol parameters.

Settore MAT/02 - Algebra

Gluing silting objects along recollements of well generated triangulated categories

Fabiano, Bonometti

January 2019

We provide an explicit procedure to glue (not necessarily compact) silting objects along recollements of triangulated categories with coproducts having a ‘nice’ set of generators, namely, well generated triangulated categories. This procedure is compatible with gluing co-t-structures and it generalizes a result by Liu, Vitória and Yang. We provide conditions for our procedure to restrict to tilting objects and to silting and tilting modules. As applications, we retrieve the classification of silting modules over the Kronecker algebra and the classification of non-compact tilting sheaves over a weighted noncommutative regular projective curve of genus 0.

Settore MAT/02 - Algebra

Differential attacks using alternative operations and block cipher design

Civino, Roberto

January 2018

Block ciphers and their security are the main subjects of this work. In the first part it is described the impact of differential cryptanalysis, a powerful statistical attack against block ciphers, when operations different from the one used to perform the key addition are considered on the message space. It is proven that when an alternative difference operation is carefully designed, a cipher that is proved secure against classical differential cryptanalysis can instead be attacked using this alternative difference. In the second part it is presented a new design approach of round functions for block ciphers. The proposed round functions can give to the cipher a potentially better level of resistance against statistical attacks. It is also shown that the corresponding ciphers can be proven secure against a well-known algebraic attack, based on the action of the permutation group generated by the round functions of the cipher.

Settore MAT/02 - Algebra

On algebraic and statistical properties of AES-like ciphers

Rimoldi, Anna

January 2009

The Advanced Encryption Standard (AES) is nowadays the most widespread block cipher in commercial applications. It represents the state-of-art in block cipher design and provides an unparalleled level of assurance against all known cryptanalytic techniques, except for its reduced versions. Moreover, there is no known efficient way to distinguish it from a set of random permutations. The AES (and other modern block ciphers) presents a highly algebraic structure, which led researchers to exploit it for novel algebraic attacks. These tries have been unsuccessful, except for academic reduced versions. Starting from an intuition by I. Toli, we have developed a mixed algebraic-statistical attack. Using the internal algebraic structure of any AES-like cipher, we build an algebraic setting where a related-key (statistical) distinguishing attack can be mounted. Our data reveals a significant deviation of the full AES-128 from a set of random permutations. Although there are recent successful related-key attacks on the full AES-192 and the full AES-256 (with non-practical complexity), our attack would be the first-ever practical distinguishing attack on the full AES-128 (to the best of our knowledge).

Settore MAT/02 - Algebra

Graded Lie algebras of maximal class in characteristic p, generated by two elements of degree 1 and p

Scarbolo, Claudio

January 2014

Lie algebras of maximal class (or filiform Lie algebras) are the Lie-theoretic analogue of pro-p-groups of maximal class. In particular, they are 2-generated. If one further assumes that the algebras are graded over the positive integers, then over a field of characteristic p it has been shown that a classification is possible provided one generator has degree 1 and the other has either degree 1 or 2. In this thesis I give a classification of graded Lie algebras of maximal class with generators of degree 1 and p, respectively.

Settore MAT/02 - Algebra

On structure and decoding of Hermitian codes

Marcolla, Chiara

January 2013

Given a linear code, it is important both to identify fast decoding algorithms and to estimate the rst terms of its weight distribution. Ecient decoding algorithms allow the exploitation of the code in practical situations, while the knowledge of the number of small-weight codewords allows to estimate its decoding performance. For ane-variety codes and its subclass formed by Hermitian codes, both problems are as yet unsolved. We investigate both and provide some solutions for special cases of interest. The rst problem is faced with use of the theory of Gröbner bases for zero-dimensional ideals. The second problem deals in particular with small-weight codewords of high-rate Hermitian codes. We determine them by studying some geometrical properties of the Hermitian curve, specically the intersection number of the curve with lines and parabolas.

Settore MAT/02 - Algebra

Intersections of Algebraic Curves and their link to the weight enumerators of Algebraic-Geometric Codes

Bonini, Matteo

January 2019

Channel coding is the branch of Information Theory which studies the noise that can occur in data transmitted through a channel. Algebraic Coding Theory is the part of Channel Coding which studies the possibility to detect and correct errors using algebraic and geometric techniques. Nowadays, the best performing linear codes are known to be mostly algebraic geometry codes, also named Goppa codes, which arise from an algebraic curve over a finite field, by the pioneering construction due to V. D. Goppa. The best choices for curves on which Goppa's construction and its variants may provide codes with good parameters are those with many rational points, especially maximal curves attaining the Hasse-Weil upper bound for the number of rational points compared with the genus of the curve. Unfortunately, maximal curves are difficult to find. The best known examples of maximal curves are the Hermitian curve, the Ree curve, the Suzuki curve, the GK curve and the GGS curve. In the present thesis, we construct and investigate algebraic geometry codes (shortly AG codes), their parameters and automorphism groups.

Settore MAT/02 - Algebra

An investigation on Integer Factorization applied to Public Key Cryptography

Santilli, Giordano

January 2019

Public key cryptography allows two or more users to communicate in a secure way on an insecure channel, using two different keys: a public key, which has the function to encrypt the messages, and a private key, employed in the decryption of the ciphertext. Because of the importance of these keys,their generation is a sensible issue and it is often based on an underlying mathematical problem, which is considered hard to be solved. Among these difficult problems, the Integer Factorization Problem (IFP) is one of the most famous: given a composite integer number, recovering its factors is commonly believed to be hard (worst-case complexity). In this thesis, after a brief explaination of the developments on integer factorization and a description of the General Number Field Sieve (GNFS), we will present different strategies to face this well-known problem of Number Theory. First, we will employ elementary remarks on modular arithmetic to produce a formula that describes the remainders of a given integer, starting from just three monotonic remainders and we will link this result to the behaviour of a second-degree interpolating polynomial. Secondly, we will show an attempt to improve GNFS, considering two linearly disjoint quadratic fields and study the relation between first-degree prime ideals. Finally, we will characterize the elements used in GNFS through some systems having integer solutions, that can be found using Groebner Bases.

Settore MAT/02 - Algebra

Simple objects in the heart of a t-structure

Rapa, Alessandro

January 2019

Historically, the study of modules over finite dimensional algebras has started with the study of the ones with finite dimension. This is sufficient when dealing with a finite dimensional algebra of finite representation type, where there are only finitely many indecomposable modules of finite length. Indecomposable modules of infinite length occur when dealing with algebras of infinite representation type and the study of pure-injective modules over a finite dimensional algebra is crucial for the problem of describing infinite dimensional modules. In this talk, we consider a specific class of finite dimensional algebras of infinite representation type, called "tubular algebras". Pure-injective modules over tubular algebra have been partially classified by Angeleri Hügel and Kussin, in 2016, and we want to give a contribution to the classification of the ones of "irrational slope". In this talk, first, via a derived equivalence, we move to a more geometrical framework, ie. we work in the category of quasi-coherent sheaves over a tubular curve, and we approach our classification problem from the point of view of tilting/cotilting theory. More precisely, we consider specific torsion pairs cogenerated by infinite dimensional cotilting sheaves and we study the Happel-Reiten-Smalø heart of the corresponding t-structure in the derived category. These hearts are locally coherent Grothendieck categories and, in these categories, the pure-injective sheaves over the tubular curve become injective objects. In order to study injective objects in a Grothendieck category is fundamental the classification of the simple objects. In the seminar, we use some techniques coming from continued fractions and universal extensions to provide a method to construct an infinite dimensional sheaf of a prescribed irrational slope that becomes simple in the Grothendieck category given as the heart of a precise t-structure.

Settore MAT/02 - Algebra

Graded Lie algebras of maximal class in positive characteristic, generated by two elements of different weights.

Ugolini, Simone

January 2010

The aim of this thesis is to begin the study of graded Lie algebras of maximal class over a field of odd characteristic, which are generated by two elements of different weights.

Settore MAT/02 - Algebra