Protocols

Contents

Authentication

Basics

Password based

TLS

IPSEC

IPSEC is a network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

SSH

SSH basics

SSH is a network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

SSH operates as a layered protocol suite comprising three principal hierarchical components: SSH may be used in several ways. In the simplest manner, both ends of a communication channel use automatically generated public-private key pairs to encrypt a connection, and then use a password to authenticate the user. Command: 'ssh -V' gives version (OpenSSH), 'man ssh' gives info.

'ssh -Q cipher' queries symmetrical ciphers, e.g. 'ssh -Q cipher-auth' queries symmetric ciphers that support authenticated encryption), e.g. 'ssh -Q mac' queries macs, e.g. 'ssh -Q key', 'ssh -Q key-cert' and 'ssh -Q key-plain' query key types.

'ssh -Q kex' queries key exchange algorithms, e.g.

'ssh -Q sig' queries signature algorithms, e.g.

SSH other

Quantum Key Distribution

A secure communication method which implements a cryptographic protocol involving components of quantum mechanics. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages.

Other selective protocols

Privacy related

Intro PETs

Fiat-Shamir (creating a signature on a proof of knowledge)

The Fiat–Shamir heuristic is a technique for taking an interactive proof of knowledge and creating a digital signature based on it. This way, some fact (for example, knowledge of a certain secret number) can be publicly proven without revealing underlying information. The technique is due to Amos Fiat and Adi Shamir (1986). For the method to work, the original interactive proof must have the property of being public-coin, i.e. verifier's random coins are made public throughout the proof protocol.

Direct Anonymous Attestation

A protocol that enables remote authentication of a trusted computer whilst preserving privacy of the platform's user. It has been adopted by the Trusted Computing Group (TCG). See also ISO/IEC 20008.

Zero Knowledge

ZK introduction

ZK basics

Consider a client owning a public input x, a server owns a private input w, and the client wishes to learn z := F (x, w) for a program F known to both parties. For instance, x may be a query, w a confidential database, and F the program that executes the query on the database.

zk SNARKS (Succinct Non-Interactive Zero Knowledge)

Many works have obtained zk-SNARK constructions.

Other

Selective Disclosure

SD basics

Camenisch and IDEMIX

Brands and Microsoft U-Prove

BBS and BBS+

The BBS+ signature scheme, described by Ho Au et al. as an extension of the BBS group signature scheme by Boneh et al. , is a signature scheme often adapted to support a feature called selective disclosure.

SD-JWT

Signal

The Signal protocol is a cryptographic messaging protocol that provides end-to-end encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among many others, serving well over 1 billion active users.

It requires servers so it's not P2P.

It includes several uncommon security properties (such as "future secrecy" or "post-compromise security"), enabled by a technique called *ratcheting* in which session keys are updated with every message sent.

The protocol combines the Double Ratchet algorithm, prekeys, and a triple Elliptic-curve Diffie–Hellman (3-DH) handshake, and uses Curve25519, AES-256, and HMAC-SHA256 as primitives.

Peer2peer

I2P

I2P is a scalable, self organizing, resilient packet switched anonymous network layer, upon which any number of different anonymity or security conscious applications can operate. Each of these applications may make their own anonymity, latency, and throughput tradeoffs without worrying about the proper implementation of a free route mixnet, allowing them to blend their activity with the larger anonymity set of users already running on top of I2P.

Noise

Nebula

Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect computers anywhere in the world. Nebula is portable, and runs on Linux, OSX, Windows, iOS, and Android. It can be used to connect a small number of computers, but is also able to connect tens of thousands of computers.