Quang-Minh Nguyen – Semester project
One of the key challenges blockchain technology faces today is to offer performance on par with more traditional centralised payment processors (e.g. Visa). In particular, how to achieve scalability, i.e. increase the total transaction volume with the number of participants. Many approaches have been considered, however most of them trade either security or decentralisation for scalability. The main goal is to achieve sharding in a decentralised and secure manner while providing good performance.
Jeanne Chaverot – Semester project
SkipChains are cryptographically-traversable, offline and peer-to-peer-verifiable blockchain structures. A SkipChain is traversable in both directions, such that one party can efficiently prove the correctness of a transaction anywhere in time with respect to the other party’s reference point on the blockchain, in a logarithmic number of steps, regardless of which party has a more up-to-date view of the blockchain. Today, we have the public Cothority status dashboard at http://status.dedis.ch/, which gives no detail into what blocks and data are stored on the SkipChain. How do we inspect and verify the data that is stored in a given SkipChain? The goal of this project is to develop a platform allowing users to navigate through a SkipChain’s blocks and their content.
Cross Platform Mobile Frontend for Blockchain Data Handling
Leo Meynent – Bachelor project
This reports describes the work that has been done, for one part on the BC Admin tool, and, for the other part, on the cross-platform mobile application PopCoins. Both are interfaces allowing a user to interact with ByzCoin skipchains, features implemented as a part of DEDIS’ Cothority framework. The project focused especially on the management of Distributed Access Right Controls (DARC): its main goal was to provide a terminal CLI and a user-friendly mobile application to spawn, evolve and delete them.
Calypso on Ethereum
Gudmundsson Björn – Semester project
In the modern era of technology, blockchains seems to be the answer to everything. A question that arises early on when developing a blockchain based application is: “Which blockchain platform should be used to solve this problem?”. Currently there are many kinds of different blockchain platforms so choosing a blockchain platform to use is a non-trivial task. The researchers at the Decentralized and Distributed systems (DEDIS) laboratory at École polytechnique federale de Lausanne (EPFL), along with researchers at Trinity College in the United states have developed an application framework called Calypso that allows for auditable sharing of data over blockchains. Calypso uses an in-house developed blockchain called Byzcoin to store on-chain secrets. Byzcoin is capable of running smart contracts to verify the validity of transactions before they are added to a block or validated on the blockchain. The Calypso framework has received great praise from both academics and industry but currently it has been developed using the Byzcoin blockchain. Byzcoin has not received the widespread commercial and industrial adaptation that other blockchains such as Ethereum and HyperLedger have received, but the underlying structure of the Calypso framework should be blockchain platform independent, as long as the platform supports certain operations. This project explores whether the Calypso framework really is platform independent as long the platform supports the deployment and interaction with smart contract on the blockchain.
Adaptively Secure View-Change
Swarali Karkhanis – Semester project
In this report we present and evaluate BLS-CoSi, a collective signing protocol using BLS signature scheme with pairing-based elliptic curves. Section 2 presents the background for BLS-CoSi. Section 3 then presents the design and implementation of BLS-CoSi. Section 4 experimentally evaluates the protocol and Section 5 concludes.
Making an overview of Cross-Platform projects
Louis-Maxence Garret – Master optional project
This project aims to evaluate some of the most famous cross-platform frameworks through various criteria. These are tested by writing for each a simple and similar application with basic but mandatory features. Frameworks can then be compared to each other, on criteria ranging from ease of integration of existing code to the UI library capabilities. The report discusses the development process for those applications, the issues encountered and their severity level, and finishes with the evaluation of the frameworks. NativeScript is the starting point of those evaluations as the popcoins app1 developed at DEDIS already depends on this cross-platform framework. React Native, Flutter, Go Mobile, Xamarin and Ionic frameworks are then explored. Finally, a summary of the important information is given and a discussion comparing frameworks altogether takes place.
Integrating DAGA in the cothority framework and using it for a login service
Lucas Pires – Master thesis
The present work consists in first integrating DAGA into the cothority framework by creating a new DAGA authentication service that aims to be easily (re)usable, i.e. not tailored to a specific scenario and offering only vanilla DAGA authentication and context creation protocols. Then using the new DAGA cothority
to build a proof of concept login service consisting in an OpenID Connect (OIDC) Identity Provider offering DAGA authentication
as a service. This allows every OIDC aware clients (or said differently: everyone) to delegates their user authentication to the DAGA cothority by mean of a well proven and established standard.
Analyzing the security of the main Blockchain technologies
Marie-Jeanne Lagarde – Master thesis
Recently, enterprises have been seeing an increasing interest in blockchain and are beginning to investigate possible industry use cases. In this context, the question of blockchain security does not only include consensus schemes that have been widely studied but also access control. The topics of authentication and authorization mechanisms are key concepts of access control schemes that have not been properly addressed with regard to popular industry oriented blockchain technologies.
We propose a detailed description of authentication and authorization mechanisms existing in Ethereum, Quorum, Hyperledger Fabric and Corda. Information is retrieved from official documentation and completed by several experiments that test the expected behaviors, describe unclear or lacking implementation aspects, evaluate the frequency of some attacks and disclose official sample scripts default parameters. We define a general threat model for blockchain authentication and authorization schemes and assess the security of each platform with regard to this model. Finally, we provide hardening guidelines in order to help users prevent the stated vulnerabilities when possible.
Blockchain based approach for preserving car maintenance history, source code
Iva Najdenova – Master thesis
Fighting frauds in the automotive industry is an ongoing challenge. Concerned by this problem are not only the owners and potential buyers of second-hand vehicles, but also entities like insurance companies, garages, car dealers, police etc. In our work, we present a solution for establishing trust between these parties, by keeping records of repairs and maintenance car checks in a decentralized ledger. For this proof of concept, we use the ByzCoin blockchain protocol together with the Calypso framework, which provides a secure way of storing and sharing confidential data over a blockchain with dynamic management of access policies and ownership of the vehicle’s biography. The conducted evaluation of our implementation shows that the system works correctly also with larger networks, and up to 500 simultaneous car enrollments or report submissions.
Transactions in ByzCoin
Pablo Lorenceau – Master semester project
Distributed legder technology is gaining traction in many applications, first and foremost in decentralized payment systems such as e.g. Bitcoin. This adaption imposes challenges on the scalability of such systems, both in total transaction throughput, as well as in the number of participating processing nodes.
This report describes the implementation of OmniLedger, a scalable blockchain with a flexible user interface. We will first describe the necessary background in 2 and discuss how OmniLedger improves on the current state of blockchain technology.
Consensus in ByzCoin
Raphael Dunant – Optional semester project
The purpose of this project is to implement and improve blockchains storage and transactions of accounts, and witness validation of those operations. More precisely, this project has two objectives. The first objective is to add a documented transaction batching library to Omniledger. The second objective is to improve ByzcoinX, by reducing the running time in the most frequent situations by a large factor. This project’s main purposes are the following: • Have clear and reusable code for current and future projects. • Make ByzcoinX more efficient for encouraging its use. The next section will present Omniledger, the blockchain for which all of those technologies are implemented and Merkle trees, a data structure that is the basis upon which transactions are done.
Collective Certificate Management
Claudio Loureiro – Master semester project
In today’s Internet, most of the communication needs to be encrypted to ensure confidentiality and integrity of the data. Before a secured communication channel can be open between two devices (for example, between Alice and Bob), they need to exchange their public keys. Those permits Alice to send encrypted messages to Bob ensuring that he will be the only one who can decrypt it and vice versa. The problem with this exchange is that Bob needs to be certain that the public key that he receives is indeed Alice key. For example, a man-in-the-middle attacker can usurp the identity of Alice and sent his public key to Bob. Because Bob believes that he gets Alice’s key, he will send her confidential encrypted messages using the attacker’s key. Thus, the attacker will be able to read those messages using his private key. One solution that has been developed to prevent this type of attack was to create Certificate Authorities (CAs). Those entities deliver certificates that permit to prove that a key belongs to the appropriate device. Typically, a web server owner request a certificate from a CA so that he can prove to its clients that they use the right public key to communicate with him. Typically by now if a browser wants to establish a secure channel (using HTTPS) with a web server need to first get its certificate.
Cross Platform Mobile App
Sacha Kozma – Semester project
In this report, I will present the work that has been done on the CP-MAC cross-platform mobile application. CP-MAC allows a user to use the framework Cothority, developed at the DEDIS lab, in a functional and user-friendly application. The base application containing all the primitives to use the framework was already done during a previous semester project, thus the focus in this project is to improve the user experience and to extend the application with a new functionality. The chosen functionality is the BeerCoin, a long time running joke at the DEDIS lab which consists of beer tokens that can be distributed in a group using Proof-Of-Personhood. A token can then be used to get a beer and the barman can cryptographically verify if this token is part of the allowed group and unused.
Distributed Key Generation
Kopiga Rasiah – Semester project
One of the most important aspect of cryptography is secrecy. A large number of cryptographic applications requires a trusted authority to hold a secret. However, with the evolving attacks on the Internet, it is difficult to maintain such security that is entrusted to a single party. Secret sharing protocols is one of the solution that overcomes this problem. It involves a dealer who chooses a secret that he divides and share among the multiple servers, inducing the decentralization of the secret. Nevertheless, it still requires to trust a third party. A distributed key generation scheme settles this constraint by allocating the secret to not one dealer, but multiple servers. By doing so, a malicious attacker will need to break into multiples locations which slows down his intrusion process. However, this protection is incomplete for the entire life-time of the secret, as break-ins into subsets of servers are not completely excluded. In this project, I make contribution to an existing implementation of DKG protocol where I will propose a proactive secret sharing scheme that consists of updating the shares. By refreshing the shares, the information that the attacker has stolen previously becomes obsolete. Throughout this project report, I will explain comprehensively the DKG protocol and how I gradually incorporate the proactive secret sharing into that protocol. I will terminate by enumerating possible future improvements. The implementation on which I contributed was developed by the Decentralized and Distributed Systems laboratory team. It is part of the library Kyber which provides a toolbox of advanced cryptographic primitives.
Decentralized Web Archive
Simone Colombo – Master thesis
We present DecenArch, a decentralized system for privacy-conscious webpages archiving. Independent servers retrieve the webpage pointed by a URL submitted by the user and agree a consensus on its content. The consensus protocol provides privacy for the parties, which reach a correct result even in presence of up to n/3 malicious adversaries, where n is the number of nodes in the system. The result of the consensus phase is then cryptographically verified by the servers and only if the entire process has been correctly executed, the webpage and its external resources are archived on a distributed immutable ledger. Anyone can then access the webpage stored on the ledger, thereby achieving censorship resistance.
Christopher Benz – Master thesis
We describe and implement Bls-ByzCoinX, which uses the BonehLynn-Shacham signature scheme to improve scalability of the consensus mechanism and to make it more reliable. Finally, we evaluate the implementation performance by comparing it with existing solutions and show that Bls-ByzCoinX, which provides more robustness than ByzCoin, scales up to 1000 nodes while being at most two times slower than ByzCoin.