diff options
Diffstat (limited to 'doc/cs/ads')
| -rw-r--r-- | doc/cs/ads/abbreviation.tex | 48 | ||||
| -rw-r--r-- | doc/cs/ads/abstract.tex | 26 | ||||
| -rw-r--r-- | doc/cs/ads/glossary.tex | 53 | ||||
| -rw-r--r-- | doc/cs/ads/header.tex | 71 | ||||
| -rw-r--r-- | doc/cs/ads/history.tex | 12 |
5 files changed, 210 insertions, 0 deletions
diff --git a/doc/cs/ads/abbreviation.tex b/doc/cs/ads/abbreviation.tex new file mode 100644 index 000000000..9da168dcc --- /dev/null +++ b/doc/cs/ads/abbreviation.tex @@ -0,0 +1,48 @@ +%!TEX root = ../dokumentation.tex +\chapter*{Abbreviations} +\begin{acronym}[YTMMM] + \acro{AES}{Advanced Encryption Standard} + \acro{AML}{Anti Money Laundering} + \acro{API}{Application Programming Interface} + \acrodefplural{API}[APIs]{Application Programming Interfaces} + \acro{BIP}{Bitcoin Improvement Proposal} + \acro{CA}{Certificate Authority} + \acro{CDH}{Computational Diffie-Hellman} + \acro{CFT}{Combating Financing of Terrorism} + \acro{CMA}{Choosen-Message Attack} + \acro{CS}{Clause Blind Schnorr Signature Scheme} + \acro{CSRF}{Client-Side Request Forgery} + \acro{CWE}{Common Weakness Enumeration} + \acro{DDH}{Decisional Diffie-Hellman} + \acro{DHKE}{Diffie-Hellman key exchange} + \acro{DLP}{Discrete Logarithm Problem} + \acro{DSA}{Digital Signature Algorithm} + \acro{ECC}{Elliptic Curve Cryptography} + \acro{ECDH}{Elliptic Curve Diffie Hellman} + \acro{EdDSA}{Edwards-curve Digital Signature Algorithm} + \acro{EUF}{Existentially Unforgeability} + \acro{FDH}{Full-Domain Hash} + \acro{GNU AGPL}{GNU Affero General Public License} + \acro{GNU GPL}{GNU General Public License} + \acro{GNU LGPL}{GNU Lesser General Public License} + \acro{IPC}{Inter Process Communication} + \acro{JSON}{JavaScript Object Notation} + \acro{KDF}{Key Derivation Function} + \acro{KYC}{Know Your Customer} + \acro{MAC}{Message Authentication Code} + \acro{NIST}{National Institute of Standards and Technology} + \acro{MK}{Master Key} + \acro{PKI}{Public Key Infrastructure} + \acro{PRF}{Pseudo Random Function} + \acro{PoS}{Point-of-Sales} + \acro{PRNG}{Pseudo Random Number Generator} + \acro{RNG}{Random Number Generator} + \acro{ROS}{Random inhomogeneities in an Overdetermined, Solvable system of linear equations} + \acro{RT}{Round-Trip} + \acro{RTT}{Round-Trip Time} + \acro{SPOF}{Single Point of Failure} + \acro{SSRF}{Server-Side Request Forgery} + \acro{Taler}{GNU Taler} + \acro{TRNG}{True Random Number Generator} + \acro{URL}{uniform resource locator} +\end{acronym} diff --git a/doc/cs/ads/abstract.tex b/doc/cs/ads/abstract.tex new file mode 100644 index 000000000..0610eb10b --- /dev/null +++ b/doc/cs/ads/abstract.tex @@ -0,0 +1,26 @@ +\chapter*{Abstract} +GNU Taler is an intuitive, fast and socially responsible digital payment system implemented as free software. +While preserving the customers privacy, GNU Taler is still compliant to regulations. +\\\\ +The goal of this thesis is to improve Taler's performance and provide cipher agility by adding support for Schnorr's blind signatures. +To achieve this goal, the current state in research for Schnorr signatures needs to be analyzed. +After choosing a signature scheme, it has to be integrated into the Taler protocols. +Besides implementing the redesigned protocols in Taler, an implementation of the cryptographic routines is needed. +\\\\ +The paper "Blind Schnorr +Signatures and Signed ElGamal Encryption in the Algebraic Group Model" \cite{cryptoeprint:2019:877} from 2019 (updated in 2021) introducing \gls{CSBS} is used as theoretical basis for our improvements. +The paper explains why simple Blind Schnorr Signatures are broken and how the Clause Schnorr Blind Signature scheme is secured against this attack.\\ +Compared to the currently used \gls{RSABS}, the new scheme has an additional request, two blinding factors instead of one and many calculations are done twice to prevent attacks. +\\\\ +The Taler protocols were redesigned to support the Clause Blind Schnorr Signature scheme, including slight alterations to ensure \textit{abort-idempotency}, and then further specified. +Before starting with the implementation of the redesigned protocols, the cryptographic routines for \gls{CSBS} were implemented as part of the thesis. \\ +All of the implemented code is tested and benchmarks are added for the cryptographic routines. +\\\\ +Multiple results were achieved during this thesis: +The redesigned protocols Taler protocols with support for \gls{CSBS}, the implementation of the cryptographic routines, the implementation of Talers core protocols and a detailed comparison between \gls{RSABS} and \gls{CSBS}. +Overall, the \gls{CSBS} are significantly faster, require less disk space, and bandwidth and provide \textit{cipher agility} for Taler. + +\section*{Acknowledgement} +We would like to kindly thank Christian Grothoff (Bern University of Applied Sciences) for his extensive advice, support and very helpful feedback during our whole thesis.\\ +We also kindly thank Jeffrey Burdges (Web 3, Switzerland) for reviewing the proposal containing the redesigned protocols and giving feedback.\\ +Further, we kindly thank Jacob Appelbaum (Bern University of Applied Sciences, Eindhoven University of Technology) for further results for the performance measurements of our cryptographic routines and the insightful conversations. diff --git a/doc/cs/ads/glossary.tex b/doc/cs/ads/glossary.tex new file mode 100644 index 000000000..7132f89a5 --- /dev/null +++ b/doc/cs/ads/glossary.tex @@ -0,0 +1,53 @@ +%!TEX root = ../thesis.tex + +% +% vorher in Konsole folgendes aufrufen: +% makeglossaries makeglossaries dokumentation.acn && makeglossaries dokumentation.glo +% + +% +% Glossareintraege --> reference, name, beschreibung +% Aufruf mit \gls{...} +% +% \newglossaryentry{non-repudiation}{name={non-repudiation},plural={non-repudiation},description={After a message is signed, one can not dispute that a message was signed}} +% \newglossaryentry{sender_authenticity}{name={sender authenticity},plural={sender authenticity},description={The origin/sender of a message can not be forged}} +% \newglossaryentry{message_integrity}{name={message integrity},plural={message integrity},description={No unauthorized change to the message can be made, the message is tamperproof}} +\newglossaryentry{hkdf}{ + name = {HKDF}, + description = {The HMAC-based Extract-and-Expand Key Derivation Function is a function that takes potentially weak keying material as input and outputs high entropy keying material. For more information see section \ref{sec:kdf}} +} + +\newglossaryentry{25519}{ + name = {Curve25519}, + description = {A popular elliptic curve used in many cryptographic systems based on elliptic curve cryptography. See section \ref{par:curve25519}} +} + +\newglossaryentry{fdh}{ + name = {FDH}, + description = {A Full-Domain Hash is a hash function with an image size equal to the original gorup. See section \ref{sec:rsa-fdh}}. +} + +\newglossaryentry{idempotence}{ + name = {idempotence}, + description = {Idempotence in the context of computer science is a property to ensure that the state of system will not change, no matter how many times the same request was made. See section \ref{abort-idempotency}} +} + +\newglossaryentry{abort-idempotency}{ + name = {abort-idempotency}, + description = {Abort-idempotency is a special case of \gls{idempotence}. On every step in a protocol it needs to be ensured that even on an abort, the same request always receives the same response. See section \ref{abort-idempotency}} +} + +\newglossaryentry{RSABS}{ + name = {RSA Blind Signatures}, + description = {Chaums Blind Signature Scheme based on RSA. See section \ref{sec:blind-rsa-sign}} +} + +\newglossaryentry{CSBS}{ + name = {Clause Blind Schnorr Signatures}, + description = {A secure variant of Blind Schnorr Signature Schemes introduced in section \ref{sec:clause-blind-schnorr-sig}} +} + +% \newglossaryentry{25519}{ + % name = {}, + % description = {} +% } diff --git a/doc/cs/ads/header.tex b/doc/cs/ads/header.tex new file mode 100644 index 000000000..0b53317b5 --- /dev/null +++ b/doc/cs/ads/header.tex @@ -0,0 +1,71 @@ +% Hyperlinks +\usepackage[ + hidelinks, + pdfusetitle, +]{hyperref} + +% Grafiken +\usepackage{graphicx} +%Bildpfad +\graphicspath{{images/}} + +% Micro sign +\usepackage{siunitx} + +% Farben +\usepackage{color} +\definecolor{LinkColor}{rgb}{0,0,0.2} + +% Glossar +\usepackage[ + nonumberlist, %keine Seitenzahlen anzeigen + %acronym, %ein Abkürzungsverzeichnis erstellen + %section, %im Inhaltsverzeichnis auf section-Ebene erscheinen + toc, %Einträge im Inhaltsverzeichnis +]{glossaries} +\makeglossaries +\input{ads/glossary} + +%Nomenklatur +\usepackage{nomencl} +\makenomenclature + +%PDF pages +\usepackage{pdfpages} + +%Adjustbox (tikz figures of Taler) +\usepackage{adjustbox} + +%BFH Boxes +% see BFH example for usage, looks nice!<< +\LoadBFHModule{listings,terminal,boxes} + +%Akronyme +\usepackage[printonlyused,footnote]{acronym} + +% Literaturverweise +\usepackage[ + backend=biber, + style=alphabetic, + %citestyle=authoryear +]{biblatex} +\addbibresource{bibliography.bib} +\addbibresource{bibliography_projekt2.bib} + +% TODOs in text +% documentation: http://tug.ctan.org/macros/latex/contrib/todonotes/todonotes.pdf +\usepackage{todonotes} + +%Crypto Grafiken +\usepackage{cryptocode} +%\usepackage{amsmath} + +\usepackage{listings} +\usepackage{xcolor} + +\definecolor{mGreen}{rgb}{0,0.6,0} +\definecolor{mGray}{rgb}{0.5,0.5,0.5} +\definecolor{mPurple}{rgb}{0.58,0,0.82} +\definecolor{backgroundColour}{rgb}{0.95,0.95,0.92} +\definecolor{ApiColor}{HTML}{307FCB} +\definecolor{whyite}{HTML}{A1C66C} % Needs to be here due to some typo in BFH-CI stuff. Thanks BFH. diff --git a/doc/cs/ads/history.tex b/doc/cs/ads/history.tex new file mode 100644 index 000000000..376ee587a --- /dev/null +++ b/doc/cs/ads/history.tex @@ -0,0 +1,12 @@ +\chapter*{Document History} +\addcontentsline{toc}{chapter}{Document History} + +%\begin{center} +\begin{tabular}{ ||l|l|l|l|| } + \hline + Version & Date & Comment & Author \\ + \hline\hline + 0.0.1 & 30.09.2021 & Document created & Gian Demarmels \& Lucien Heuzeveldt \\ + \hline +\end{tabular} +%\end{center}
\ No newline at end of file |