Past student projects in 2017

Proposed projects page (archives): Spring-2017


Fall semester

PoP on Ethereum

Hugo Roussel – Bachelor project

Report, Presentation

Abstract

It is difficult to keep a user accountable and anonymous at the same time on internet. Imagine a forum where users wish to share their political views anonymously but still wish to avoid members that don’t add value to the discussion. It’s always possible to block an anonymous account but the malicious user can create a new one easily. The forum could then decide to block certain IP addresses but once again the member could use a VPN or a different connection. Another solution would be to ask each new member to provide an ID and verify their identity, however the discussion isn’t anonymous anymore.

We will explain in the following paper a way to reconcile both ideas and one implementation of it : Proof of Persoonhood tokens and the advantages of porting such a system on a public blockchain.

Implementation of a robust and scalable
consensus protocol for blockchain

Raphaël Dunant – Semester project

Report, Presentation, Code

Abstract

The purpose of this project is to implement a decentralised witness cosigning protocol as described in the paper “Keeping Authorities “Honest or Bust” with Decentralised Witness Cosigning”. This project aims to have a complete, functional, failure resilient, documented and tested code base to allow witness cosigning using the CoSi protocol, explained in the next section. This project uses knowledge from previous tests to create a scalable network of witness using a three-level tree. At the time of the project start, a CoSi code already existed, but was not documented, nor practical. It was assembled only for testing purpose and therefore, we decided to throw it away to start anew.

A Decentralized and Distributed E-voting Scheme Based on Verifiable Cryptographic Shuffles

Andrea Caforio & Etienne Bonvin – Semester project

Report-Adrea, Report-Etienne, Presentation-Andrea, Presentation-Etienne, Code 1, Code 2

Abstract

In this project we propose a new electronic voting scheme that aims to leverage a decentralized and distributed architecture based on the blockchain technology in combination with verifiable cryptographic shuffles of ElGamal ciphertext pairs to achieve an efficient and somewhat scalable implementation. The system is constructed as a state machine that drives the overall life cycle of an election, supported by several underlying distributed protocols that are executed at each phase of the election. Furthermore, the architecture is supposed to be agnostic in terms of the choice of the front end. It provides a lean API that can be accessed through protocol buffer messages over web sockets.

Cross-Platform Mobile Application for the Cothority

Vincent Petri & Cedric Maire – Semester project

Report, Presentation, Code v1, Code v2

Abstract

The Cothority framework has been developed and maintained by the DeDiS laboratory at EPFL. This project provides a framework for developing, analysing, and deploying decentralised and distributed cryptographic protocols. A set of servers that runs these protocols and communicates among each other is referred to as a collective authority, or cothority, and the individual servers are called cothority servers or conodes. A cothority that executes decentralised protocols could be used for collective signing, threshold signing, or the generation of public-randomness, to name only a few options. The highest level of abstraction can be created by protocols like the collective signature (CoSi) protocol, the random numbers (Rand-Hound) protocol, or the communication (Messaging) protocol used by theconodes to exchange data. Then come the services, which rely on these protocols. As of this writing, there exist several services: the Status service to enquire into the status of a conode, the CoSi service for collective signing, the Guard service that allows distributed encryption and decryption of passwords, the SkipChain service for storing arbitrary data on a permissioned blockchain, and the Identity service for distributed key/value pair storage. Applications (also called apps) run on top of these services, including Status, CoSi, Guard, collective identity skipchains (CISC), and proof-of-personhood (PoP). In this project report, we only concentrate on the last two, CISC and PoP.

Public Verifable Randomness

Mathilde Raynal – Semester project

Report, Presentation, Code

Abstract

RandShare introduces key concepts that will be used in the more scalable RandHound protocol. The main goal of RandShare is to remove the incentive for a Byzantine adversary (passively listening on or actively corrupting data in the channel) to misbehave. This is achieved by forcing the adversary to make a decision whether or not to follow the protocol early enough before he has any information about the output preventing him from devising a successful dishonest strategy. More concretely, RandShare extends the approach for distributed key generation in a synchronous model of  by adopting a point-of-no-return strategy and extending it to the asynchronous setting where the adversary can break timing assumptions. We use the concept of a barrier, a specific point in the protocol execution after which the protocol always completes successfully. Specifically, we define the barrier in the protocol as the point when the first honest member reveals the shares he is holding.

Decentralized Internet Archive using the Cothority framework

Nicolas Plancherel – Master thesis

Report, Presentation, Code

Abstract

Since the 1990s, Internet takes more and more importance in the everyday life. People use it to store any data from holidays pictures to government’s communications. They also use it as a reliable source of informations and knowledge. Nevertheless, we observe a centralization of the providers of services and a fragility of the long-term sustainability of the data. Because of that, the latter are very vulnerable to censorship either by deletion, modification, or access denial.

In this report, we present the definition and the implementation of a consensus-based system to create a decentralized internet archive. The particularity of this protocol is that the servers involved in it will first agree on the biggest common subset of the website using a tree comparison based approach. Then they will only store that common subset on a blockchain. The implementation is done inside the Cothority framework. Once a website is archived, our solution makes it impossible for a single entity to remove or modify its content. The consensus algorithm is considered efficient since it grows polynomially with the size of the website and linearly with the number of machine involved in the consensus. Furthermore, our simulations shows that it can save a news web page in under 40 seconds. Finally, from a security point of view, if the leader of the consensus protocol and the majority of the machines involved in the archiving protocol
are honest, the latter will store a honest, immutable snapshot of the web page that can later be securely retrieved by any user of the system.

Collective Certificate Management

Robin Berguerand – Bachelor project

Report, Presentation, Code

Abstract

The goal of this project is to develop a new decentralized infrastructure that will permit a more secure management of certificates and as explained in the introduction, avoid false certificates. This infrastructure needs to be maintained and manipulated by multiple devices. Those devices could be for example CA servers or any other devices.

Forward security for Proof of Personhood

Arthur Villard – Master project

Report, Presentation, Code

Abstract

This work consists of improving DAGA with more modern cryptographic primitives and implementing a complete version of DAGA in Go to be used with POP. The two previous implementation are available as part of larger packages.

Access Control in a Decentralized Collaboration Platform

Nicolas Ritter – Semester project

Report, Presentation

Abstract

The overall goal of this project is to devise access control mechanisms and implement them into the existing Peerdoc program. Access control is a crucial component of any real-world collaboration platform; a user of such a platform will only want explicitly authorized users to access and modify their document. However enforcing access control on a peer-to-peer network isn’t trivial as there is no central authority that can be relied on.

Improvements to Distributed Key Generation For Use in a Real-World Setting

Cedric Cook – Semester project

Report, Presentation

Abstract

In cryptography, secret sharing is a wide spread concept that is needed as a foundation for a multitude of distributed cryptographic systems. For example in security critical applications, just one password may not be enough to secure access to a resource, and hence the concept of distributed keys is created to spread risk over multiple agents in a system. In order to distribute the individual parts of such a master key and to use this key in a secure and intrusion-proof manner, a protocol called Distributed Key Generation (DKG) is used. The DKG protocol can be implemented programmatically by using multiple instances of Verifiable Secret Sharing (VSS). In this project we will take an existing implementation of DKG that was realized in the Go programming language as a part of the Kyber Advanced Crypto Library, and implement changes to make the implementation more compatible with a real-world internet-like asynchronous setting.

Distributed Identity Based Short Linkable Ring Signature

Kasra EdalatNejadKhamene – Ph.D. Semester project

Report, Presentation

Abstract

Linkable Ring Signature is a very valuable method to provide a combination of anonymity and accountability. The major drawback of LRS is that the size of signature grows linearly with the size of anonymity set. This prevents LRS to scale to large systems like a big election. In this report, we use an accumulator to create a constant size LRS. Using accumulator forms a trusted authority for the signature. We use distributed trust and secret sharing to handle this issue. Distributed Identity-Based Short Linkable Ring Signature provides a short signature without relying on a central authority.

Decentralized Access Control

Sandra Siby – Semester project

Report, Presentation

Abstract

In this project, we design, implement and test a decentralized access control system. Our system is based on the concept of policies – a set of rules. We delve into the structure of these policies and how they can be used to provide not only access control, but also identity management. We investigate how access requests can be created and verified. Finally, we evaluate our system by performing some benchmark tests.

Blockchain collections

Matteo Monti – Semester project

Report, Code

Abstract

Blockchains are often used as a decentralized mechanism to store and evolve in time data that can be represented as a set of key/value associations. Among the most notable examples of this are cryptocurrencies, which store ledgers of transactions whose application results in a set of associations between public keys and account balances. In order to determine the value associated to a key, or to validate new blocks, nodes are often required to store either a full copy of the ledger (i.e., the complete set of transactions in the blockchain) or at least a full copy of the resulting database (i.e., the set of key/value associations resulting from the application of all the transactions in the ledger). This results in a high storage complexity that usually prevents lightweight nodes (like mobile phones or web applications) from using the blockchain without the aid of trusted third parties.

In order to address this problem, we introduce collections, a Merkle-tree based key/value store. Collections can be used to securely store a set of key/value associations (or records) on one or more untrusted servers. From the set of records in a collection, an O(1)-size state can be efficiently computed. Nodes holding a copy of the collection’s state can query the untrusted server(s) for records, and securely verify their responses. Moreover, nodes holding a copy of an old state of the collection can, provided with an update, verify its applicability and autonomously and efficiently compute the new state of the collection, resulting from the application of the update.

CHVote: Efficient modular exponentiations

Nicolas Gailly – Semester project

Report, Presentation, Code

Abstract

The canton of Geneva is working on a new digital votation system called CHVote whose main goal is to increase the electorate confidence by providing a secure, transparent and usable online voting system. The final product must enable a Swiss citizen to vote on any election mandated by the Geneva canton using his laptop or mobile phone in a browser environment.

In this work, we focus on the vote casting part of the system from the client side. In order to cast a vote, the client has to perform an k-out-of-n oblivious transfer protocol with the votation servers. In this protocol, the client must perform between a few and a hundred of modular exponentiation computation, depending on the number of votes the client has to perform for a particular votation. In the context of CHVote, these modular exponentiation computations take place in a multiplicative group whose order is a large prime q. It is typically expected for security reason in this scenario that the number of bits needed to represent q can lie between 1024 bits and up to 8192 bits.

Firenet: a transparent and secure decentralized network management scheme

Jingyue Zhao – Ph.D. Semester project

Report, Presentation

Abstract

The long-term goal of Firenet is to explore a transparent and secure decentralized network management scheme for large-scale networks managed by groups of administrators (maybe with differentiated roles and responsibilities in an hierarchic). Both the endpoint hosts and the administrators of the network can be geographically distributed. The administrators manage certain subnets separately or/and the entire network together. The network policies made by the administrators are applied to different ranges of the network (e.g., some subnets or the whole network). The decisions of each administrator may affect the entire network because these network policies may have direct or indirect impacts on other subnets. The administrators need a way to check and supervise the policy making process (maybe hierarchically) to avoid that a compromised administrator (may be bribed, threatened, or coerced) to make malicious policies which will have catastrophic effect on the network.

In this semester project, we assume that a single small group of administrators manage the network together. They are equal to each other and each policy they make need to be checked and approved by a threshold of administrators.

Spring semester

Implementation of an Algorithm for Peer-to-Peer Collaborative Editing

Damien Aymon – Bachelor semester project

Report, Presentation

Abstract

Nowadays, real-time collaborative editing tools are well-known and almost daily used amongst students and employees who need an easy and ready-to-use solution to work on a common project. In contrast to version control systems like Git, users must be able to edit the same document simultaneously and at any time. The changes inferred by one user need to be integrated at every other site and the algorithm must converge towards a unique definitive document version. The most popular and used amongst current implementations are Etherpad and Google Docs, the latter having been launched in 2007.

Despite their accessibility and convenience of use, those existing systems rely on a central organ to process and redistribute operations generated at each site. This involves the loss of control over the data by users. In other words, current solutions infer a trust relation between users and the service provider. Possible system failure or data leakage towards other organizations might break this trust relation.

This problem can be addressed by using a distributed and independent algorithm, which communicates by secured peer-to-peer communication between sites. Collaborative groups can now have ultimate control over their data, communication and how different sites converge to a definitive version of their document.

Extending the web-frontend for the cothority-framework

Gaylor Bosson – Semester project

Report, Presentation

Abstract

The DEDIS laboratory at EPFL has developed a cryptographic protocol framework named Cothority for collective authority. This framework delivers distributed security primitives as signatures or proof of person. In order to improve this framework, a first iteration of a front-end has been developed and this project has the purpose to improve it. The previous website was able to display a static list of available nodes of the Cothority with the different statistics as the traffic or the uptime of each node. You were also allowed to upload a file to sign it with the available members of the Cothority and verify it later on.

The project will bring different improvements as the possibility to choose the current skip-chain. Another one is the storage of a website in a suite of skip-chains in order to insure the user that the HTML content is verified the by the collective authority. Those were the big changes but the project will also improve underlying performance of the web-socket management and simplify the usage of cryptographic primitives as hashing and aggregating public keys.

Cothority Mobile: a mobile application to perform distributed tasks using the cothority-framework

Lucio Romerio – Bachelor project

Report, Presentation

Abstract

The main goal of this project, as suggested by its title, is to implement a mobile application to perform distributed tasks with the cothority-framework. Actually, when I started working on this project, there was already an existing android application using the cisc service. Anyway there were two main reasons to restart from scratch and to implement a new app:

  1. The already existing application used a json-interface to send messages, which has been now substituted by a websocket-interface.

  2. Make your application available both for iOS and Android is obviously better than only providing an Android version.

Web Interface for Secure Decentralized Collaboration Platform

Rehan Mulakhel – Semester project

Report, Presentation

Abstract

The internet is the biggest network ever developed by the humans. One of the primary goals was to established a reliable infrastructure for the communications. That’s why it was designed as a decentralized system. However, the applications developed for the platform were centralized. Companies like Facebook, Google or Netflix monopolized the data flow on the net.

Online real-time collaborative services, such as Google Docs and Ether-pad, rise in popularity thanks to their global accessibility and convenience of use. However, the users of such systems have to fully trust service providers for data protection and preserving privacy. Potential server’s compromise or pressure from state agencies can result into data leakage and fail in this trust.

A decentralized peer-to-peer collaboration can be a solution to these concerns. In fact, data are not concentrated anywhere, nor is the flow. This structure prevents attacks such denial-of-service, making it more robust thus reliable. The state agencies cannot look at the bottleneck since there is no center, making it impossible to scan easily the exchanges of the users.