Colin Boyd

Round-Optimal Contributory Conference Key Agreement

Becker and Wille derived a lower bound of only one round for multi-party contributory key agreement protocols. Up until now no protocol meeting this bound has been proven secure. We present a protocol meeting the bound and prove it is secure in Bellare and Rogaways model. The protocol is much more efficient than other conference key agreement protocols with provable security, but lacks forward secrecy.

Off-Line Fair Payment Protocols Using Convertible Signatures

An exchange or payment protocol is considered fair if neither of the two parties exchanging items or payment at any time during the protocol has a significant advantage over the other entity. Fairness is an important property for electronic commerce. This paper identifies a design framework based on existing fair protocols which use offline trusted third parties, but with convertible signatures as the underlying mechanism. We show that in principle any convertible signature scheme can be used to design a fair payment protocol. A specific protocol is detailed based on RSA undeniable signatures which is more efficient than other similar fair payment schemes. Furthermore, in this protocol the final signature obtained is always an ordinary RSA signature.

Integrating error detection into arithmetic coding

Arithmetic coding for data compression has gained widespread acceptance as the right method for optimum compression when used with a suitable source model. A technique to implement error detection as part of the arithmetic coding process is described. Heuristic arguments are given to show that a small amount of extra redundancy can be very effective in detecting errors very quickly, and practical tests confirm this prediction.

Providing Receipt-Freeness In Mixnet-Based Voting Protocols

It had been thought that it is difficult to provide receipt-freeness in mixnet-based electronic voting schemes. Any kind of user chosen randomness can be used to construct a receipt, since a user can prove to a buyer how he had encrypted the ballot. In this paper we propose a simple and efficient method to incorporate receipt-freeness in mixnet-based electronic voting schemes by using the well known re-encryption technique and designated verifier re-encryption proof (DVRP). In our scheme a voter has to prepare his encrypted ballot through a randomization service provided by a tamper resistant randomizer (TRR), in such a way that he finally loses his knowledge on randomness. This method can be used in most mixnet-based electronic voting scheme to provide receipt-freeness.

On Key Agreement and Conference Key Agreement

An attack is demonstrated on a previously proposed class of key agreement protocols. Analysis of the attack reveals that a small change in the construction of the protocols is sufficient to prevent the attack. The insight gained allows a generalisation of the class to a new design for conference key agreement protocols.

Errors in computational complexity proofs for protocols

Proofs are invaluable tools in assuring protocol implementers about the security properties of protocols. However, several instances of undetected flaws in the proofs of protocols (resulting in flawed protocols) undermine the credibility of provably-secure protocols. In this work, we examine several protocols with claimed proofs of security by Boyd & Gonzalez Nieto (2003), Jakobsson & Pointcheval (2001), and Wong & Chan (2001), and an authenticator by Bellare, Canetti, & Krawczyk (1998). Using these protocols as case studies, we reveal previously unpublished flaws in these protocols and their proofs. We hope our analysis will enable similar mistakes to be avoided in the future.

Key Agreement Using Statically Keyed Authenticators

A family of authenticators based on static shared keys is identified and proven secure. The authenticators can be used in a variety of settings, including identity-based ones. Application of the authenticators to Diffie-Hellman variants in appropriate groups leads to authenticated key agreement protocols which have attractive properties in comparison with other proven-secure protocols. We explore two key agreement protocols that result.

On a limitation of BAN logic

In the past few years a lot of attention has been paid to the use of special logics to analyse cryptographic protocols, foremost among these being the logic of Burrows, Abadi and Needham (the BAN logic). These logics have been successful in finding weaknesses in various examples. In this paper a limitation of the BAN logic is illustrated with two examples. These show that it is easy for the BAN logic to approve protocols that are in practice unsound.

Key Establishment Protocols for Secure Mobile Communications: A Selective Survey

We analyse several well-known key establishment protocols for mobile communications. The protocols are examined with respect to their security and suitability in mobile environments. In a number of cases weaknesses are pointed out, and in many cases refinements are suggested, either to improve the efficiency or to allow simplified security analysis.

Efficient One-Round Key Exchange in the Standard Model

We consider one-round key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how KEMs can be used in a generic way to obtain two different protocol designs with progressively stronger security guarantees. A detailed analysis of the performance of the protocols is included; surprisingly, when instantiated with specific KEM constructions, the resulting protocols are competitive with the best previous schemes that have proofs only in the random oracle model.