The aim of this thesis is to present novel techniques for proving cryptographic schemes secure against quantum adversaries. Most results are within the context of an idealized model called the ... Show moreThe aim of this thesis is to present novel techniques for proving cryptographic schemes secure against quantum adversaries. Most results are within the context of an idealized model called the ‘quantum random-oracle model’. A particular challenge is to extract some piece of knowledge an adversary possesses just from its interaction with an oracle, while mitigating the effects of the collapse of the wave function caused by the observation of a quantum state. Show less
With the continued success of the open RISC-V architecture, practical deployment of RISC-V processors necessitates an in-depth consideration of their testability, safety and security aspects. This... Show moreWith the continued success of the open RISC-V architecture, practical deployment of RISC-V processors necessitates an in-depth consideration of their testability, safety and security aspects. This survey provides an overview of recent developments in this quickly-evolving field. We start with discussing the application of state-of-the-art functional and system-level test solutions to RISC-V processors. Then, we discuss the use of RISC-V processors for safety-related applications; to this end, we outline the essential techniques necessary to obtain safety both in the functional and in the timing domain and review recent processor designs with safety features. Finally, we survey the different aspects of security with respect to RISC-V implementations and discuss the relationship between cryptographic protocols and primitives on the one hand and the RISC-V processor architecture and hardware implementation on the other. We also comment on the role of a RISC-V processor for system security and its resilience against side-channel attacks. Show less
This dissertation presents new cryptographic protocols, which can be divided into two families. Protocols in the first family achieve unilateral security: this means that they protect legitimate... Show moreThis dissertation presents new cryptographic protocols, which can be divided into two families. Protocols in the first family achieve unilateral security: this means that they protect legitimate users against an external attacker. Concretely, we assume that two users wish to communicate securely over a given communication system, where an external attacker eavesdrops and tampers with some of the wires of the system. We contribute to the topic by presenting protocols with improved efficiency and a simpler definition compared to previous work, and we design interactive protocols that achieve security against a stronger attacker.Protocols of the second type achieve multilateral security, meaning that they protect users against each other. This is the case for multi-party computation or MPC, where several users wish to compute a function on private inputs while keeping inputs private and without appealing to a trusted third party; we contribute to this topic by adding a cheater-detection functionality to a well-established MPC protocol.A key component that underlies these scenarios is secret sharing; we investigate this topic by casting in particular a new light on its connections with coding theory. This allows us to better harness the features of recent code constructions to obtain improved secret-sharing schemes. Show less
Cryptographic hash functions compute a small fixed-size hash value for any given message. A main application is in digital signatures which require that it must be hard to find collisions, i.e.,... Show moreCryptographic hash functions compute a small fixed-size hash value for any given message. A main application is in digital signatures which require that it must be hard to find collisions, i.e., two different messages that map to the same hash value. In this thesis we provide an analysis of the security of the cryptographic hash function standards MD5 and SHA-1 that have been broken since 2004 due to so called identical-prefix collision attacks. In particular, we present more efficient identical-prefix collision attacks on both MD5 and SHA-1 that improve upon the literature. Furthermore, we introduce a new more flexible attack on MD5 and SHA-1 called the chosen-prefix collision attack that allows significantly more control over the two colliding messages. Moreover, we have proven that our new attack on MD5 poses a realistic threat to the security of everyday applications with our construction of a rogue Certificat ion Authority (CA). Our rogue CA could have enabled the total subversion of secure communications with any website -- if we had not purposely crippled it. Our research has promoted the migration away from these weak hash functions towards more secure hash functions. Show less