Skip to main content
SpringerLink
Log in

Human Public-Key Encryption

  • Conference paper
  • First Online:
Paradigms in Cryptology – Mycrypt 2016. Malicious and Exploratory Cryptology (Mycrypt 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10311))

Included in the following conference series:

  • 615 Accesses

Abstract

This paper proposes a public-key cryptosystem and a short password encryption mode, where traditional hardness assumptions are replaced by specific refinements of the CAPTCHA concept called Decisional and Existential CAPTCHAs.

The public-key encryption method, achieving 128-bit security, typically requires from the sender to solve one CAPTCHA. The receiver does not need to resort to any human aid.

A second symmetric encryption method allows to encrypt messages using very short passwords shared between the sender and the receiver. Here, a simple 5-character alphanumeric password provides sufficient security for all practical purposes.

We conjecture that the automatic construction of Decisional and Existential CAPTCHAs is possible and provide candidate ideas for their implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    “Completely Automated Public Turing test to Tell Computers and Humans Apart”.

  2. 2.

    At a first glance, the previous figures imply that breaking a public-key (as defined in the next section) would only cost $\(10^4\). We make the economic nonlinearity conjecture there are no $\(10^4\) service suppliers allowing the scaling-up of this attack. In other words, if the solving demand d increases so will the price. We have no data allowing to quantify \(\text {price}(d)\).

  3. 3.

    Here Bob must resort to human aid to solve \(\{Q_{i_1}, \cdots , Q_{i_k}\}\).

  4. 4.

    E.g. 128-bit.

  5. 5.

    There are 64 alphanumeric characters, and \(64^5 > 10 \times b\).

  6. 6.

    PAN (16 characters), expiry date (4 characters) and a CVV (4 characters).

  7. 7.

    There are k! combinations, and \(40! > 2^{80}\).

  8. 8.

    In the specific case of Fig. 5, translation, rotation, mirroring as well as border cropping may also generate the meaningful image corresponding to \(\ell _\text {OK}\), but the overall proportion of such images remains negligible.

  9. 9.

    For instance using an iteratively reweighted Voronoi diagram.

References

  1. von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003). doi:10.1007/3-540-39200-9_18

    Chapter  Google Scholar 

  2. von Ahn, L., Maurer, B., McMillen, C., Abraham, D., Blum, M.: Google reCAPTCHA: https://developers.google.com/recaptcha (2007)

  3. Baird, H.S., Lopresti, D.P. (eds.): HIP 2005. LNCS, vol. 3517. Springer, Heidelberg (2005). doi:10.1007/b136509

    Google Scholar 

  4. Canetti, R., Halevi, S., Steiner, M.: Hardness amplification of weakly verifiable puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30576-7_2

    Chapter  Google Scholar 

  5. Canetti, R., Halevi, S., Steiner, M.: Mitigating dictionary attacks on password-protected local storage. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 160–179. Springer, Heidelberg (2006). doi:10.1007/11818175_10

    Chapter  Google Scholar 

  6. Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Designing human friendly human interaction proofs (HIPs). In: van der Veer, G.C., Gale, C. (eds.) Proceedings of the 2005 Conference on Human Factors in Computing Systems, CHI 2005, Portland, Oregon, USA, 2–7 April 2005, pp. 711–720. ACM (2005)

    Google Scholar 

  7. Chew, M., Baird, H.S.: Baffletext: a human interactive proof. In: Kanungo, T., Smith, E.H.B., Hu, J., Kantor, P.B. (eds.) SPIE Proceedings, Document Recognition and Retrieval X, Proceedings, Santa Clara, California, USA, 22–23 January 2003, vol. 5010, pp. 305–316. SPIE (2003)

    Google Scholar 

  8. Chow, R., Golle, P., Jakobsson, M., Wang, L., Wang, X.: Making captchas clickable. In: Spasojevic, M., Corner, M.D. (eds.) Proceedings of the 9th Workshop on Mobile Computing Systems and Applications, HotMobile 2008, Napa Valley, California, USA, 25–26 February 2008, pp. 91–94. ACM (2008)

    Google Scholar 

  9. Dziembowski, S.: How to pair with a human. In: Garay, J.A., Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 200–218. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15317-4_14

    Chapter  Google Scholar 

  10. Elson, J., Douceur, J.R., Howell, J., Saul, J.: Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, 28–31 October 2007, pp. 366–374. ACM (2007)

    Google Scholar 

  11. Goodfellow, I.J., Bulatov, Y., Ibarz, J., Arnoud, S., Shet, V.: Multi-digit number recognition from street view imagery using deep convolutional neural networks. CoRR abs/1312.6082 (2013). http://arxiv.org/abs/1312.6082

  12. Juels, A., Ristenpart, T.: Honey encryption: security beyond the brute-force bound. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 293–310. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55220-5_17

    Chapter  Google Scholar 

  13. Kumarasubramanian, A., Ostrovsky, R., Pandey, O., Wadia, A.: Cryptography using captcha puzzles. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 89–106. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36362-7_7

    Chapter  Google Scholar 

  14. Merkle, R.C.: Secure communications over insecure channels. Commun. ACM 21(4), 294–299 (1978)

    Article  MATH  Google Scholar 

  15. Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz, H. (ed.) Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, USA, 13–17 May 1990, pp. 427–437. ACM (1990)

    Google Scholar 

  16. Nayeem, M.T., Akand, M.M.R., Sakib, N., Kabir, M.W.U.: Design of a human interaction proof (HIP) using human cognition in contextual natural conversation. In: IEEE 13th International Conference on Cognitive Informatics and Cognitive Computing, ICCI*CC 2014, London, UK, 18–20 August 2014, pp. 146–154. IEEE (2014)

    Google Scholar 

  17. Sauer, G., Holman, J., Lazar, J., Hochheiser, H., Feng, J.: Accessible privacy and security: a universally usable human-interaction proof tool. Univ. Access Inf. Soc. 9(3), 239–248 (2010)

    Article  Google Scholar 

  18. Yoon, J.W., Kim, H., Jo, H., Lee, H., Lee, K.: Visual honey encryption: application to steganography. In: Alattar, A.M., Fridrich, J.J., Smith, N.M., Alfaro, P.C. (eds.) Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, IH&MMSec 2015, Portland, OR, USA, 17–19 June 2015, pp. 65–74. ACM (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, École Normale Supérieure, 45 rue d’Ulm, 75230, Paris Cedex 05, France

    Houda Ferradi, Rémi Géraud & David Naccache

Authors
  1. Houda Ferradi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rémi Géraud
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Naccache
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rémi Géraud .

Editor information

Editors and Affiliations

  1. Multimedia University, MMU, Cyberjaya, Malaysia

    Raphaël C.-W. Phan

  2. Snapchat and Columbia University, New York, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ferradi, H., Géraud, R., Naccache, D. (2017). Human Public-Key Encryption. In: Phan, RW., Yung, M. (eds) Paradigms in Cryptology – Mycrypt 2016. Malicious and Exploratory Cryptology. Mycrypt 2016. Lecture Notes in Computer Science(), vol 10311. Springer, Cham. https://doi.org/10.1007/978-3-319-61273-7_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61273-7_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61272-0

  • Online ISBN: 978-3-319-61273-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation