当前位置:
X-MOL 学术
›
Peer-to-Peer Netw. Appl.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks
Peer-to-Peer Networking and Applications ( IF 3.3 ) Pub Date : 2020-03-19 , DOI: 10.1007/s12083-020-00901-w Amir Hassani Karbasi , Siyamak Shahpasand
Peer-to-Peer Networking and Applications ( IF 3.3 ) Pub Date : 2020-03-19 , DOI: 10.1007/s12083-020-00901-w Amir Hassani Karbasi , Siyamak Shahpasand
Ethereum is a public, open-source, decentralized, and peer-to-peer blockchain-based computing network which is involving to the usefulness of smart contract. It gives a distributed Turing-complete virtual machine in which some codes can be executed by utilizing a worldwide and public network of nodes. The compelled certificate creation and Man-In-The-Middle (MITM) attacks are two major attacks on End-to-End Encryption (EEE) and SSL/TLS. A portion of the real attacks on end-to-end encryption and SSL/TLS is IP/ARP poisoning and the phishing attack. MITM attack makes the client difficult to understand, whether they are associated with a unique verified and secured connection or not. Since the certificate and public-key that is being passed during the connection setup is unreliable and insecure, the attacker can undoubtedly change the data in the certificate and leaves the endorsement of the certificate and public-key to the client. The purpose of this paper is to present a solution of providing the legitimacy and authenticity of freely shared and published online digital data, e.g., digital certificates, cryptographic keys, and common reference strings such as shared passwords using a mix of recently developed innovations which primary include blockchain, smart contract, InterPlanetary File System (IPFS), and quantum-resistant Password-based Authenticated Key Exchange (PAKE) protocol over rings and ideal lattices. Ethereum smart contract is utilized to manage, surveil, and give detectability and visibility into the history of digital data from its beginning to the most recent variant, in a way that it is decentralized and internationally accessed with high integrity, resiliency, and transparency, that we should thank to the immutability and irreversibility of the blockchain. The full code of our smart contract is given, with a discourse on the execution and testing of its key functionalities.
中文翻译:
通过基于智能合约的区块链进行量子后的端到端加密,以克服中间人攻击和拦截攻击
以太坊是一个公共的,开源的,去中心化的,对等的,基于区块链的计算网络,它涉及智能合约的有用性。它提供了一个分布式图灵完备的虚拟机,其中的某些代码可以通过使用全球性的公共节点网络来执行。强制证书创建和中间人(MITM)攻击是对端到端加密(EEE)和SSL / TLS的两种主要攻击。对端到端加密和SSL / TLS的真正攻击的一部分是IP / ARP中毒和网络钓鱼攻击。MITM攻击使客户端难以理解,无论它们是否与唯一的经过验证和安全的连接相关联。由于在建立连接过程中传递的证书和公钥不可靠且不安全,毫无疑问,攻击者可以更改证书中的数据,并将证书和公共密钥的认可留给客户端。本文的目的是提供一种解决方案,该解决方案使用最新开发的创新技术来提供自由共享和发布的在线数字数据(例如,数字证书,加密密钥和通用参考字符串,例如共享密码)的合法性和真实性。包括区块链,智能合约,行星际文件系统(IPFS),以及基于环和理想晶格的抗量子密码基于密码的认证密钥交换(PAKE)协议。以太坊智能合约用于管理,监视数字数据的历史,并提供从其开始到最新变体的可检测性和可视性,在高度分散,高度完整性,弹性和透明性的国际范围内,我们应该感谢区块链的不可变性和不可逆性。给出了我们智能合约的完整代码,并讨论了其关键功能的执行和测试。
更新日期:2020-03-19
中文翻译:
通过基于智能合约的区块链进行量子后的端到端加密,以克服中间人攻击和拦截攻击
以太坊是一个公共的,开源的,去中心化的,对等的,基于区块链的计算网络,它涉及智能合约的有用性。它提供了一个分布式图灵完备的虚拟机,其中的某些代码可以通过使用全球性的公共节点网络来执行。强制证书创建和中间人(MITM)攻击是对端到端加密(EEE)和SSL / TLS的两种主要攻击。对端到端加密和SSL / TLS的真正攻击的一部分是IP / ARP中毒和网络钓鱼攻击。MITM攻击使客户端难以理解,无论它们是否与唯一的经过验证和安全的连接相关联。由于在建立连接过程中传递的证书和公钥不可靠且不安全,毫无疑问,攻击者可以更改证书中的数据,并将证书和公共密钥的认可留给客户端。本文的目的是提供一种解决方案,该解决方案使用最新开发的创新技术来提供自由共享和发布的在线数字数据(例如,数字证书,加密密钥和通用参考字符串,例如共享密码)的合法性和真实性。包括区块链,智能合约,行星际文件系统(IPFS),以及基于环和理想晶格的抗量子密码基于密码的认证密钥交换(PAKE)协议。以太坊智能合约用于管理,监视数字数据的历史,并提供从其开始到最新变体的可检测性和可视性,在高度分散,高度完整性,弹性和透明性的国际范围内,我们应该感谢区块链的不可变性和不可逆性。给出了我们智能合约的完整代码,并讨论了其关键功能的执行和测试。
京公网安备 11010802027423号