The members of CrySP are involved in various software projects and distributions. Here is a sampling:

This repository contains the library code, benchmark harness, and reproduction scripts for our paper "Arctic: Lightweight, Stateless, and Deterministic Two-Round Threshold Schnorr Signatures". This code implements both Arctic (the deterministic two-round threshold Schnorr signature scheme) and Shine (the underlying verifiable pseudorandom secret sharing scheme).
PRAC (Private Random Access Computations) implements three-party secure computation, with a particular focus on computations that require random access to memory. Parties 0 and 1 are the computational peers, while party 2 is the server. The server aids the computation, but generally does much less than the two computational peers. This repository enables you to use PRAC as a 3PC framework, and also to replicate the results in our PoPETs 2024(3) paper "PRAC: Round-Efficient 3-Party MPC for Dynamic Data Structures".
Grading on a Curve: How Rust can Facilitate New Contributors while Decreasing Vulnerabilities
This repository contains the code and data necessary to reproduce the results of the "Grading on a Curve: How Rust can Facilitate New Contributors while Decreasing Vulnerabilities" paper. It includes code for pulling the git repositories used, querying vulnerability issues from Mozilla's Bugzilla instance, identifying fix commits with SZZ, comparing SZZ with our hand-annotated fix commits, running a gradient descent algorithm to find parameters for vulnerability learning curves of the combined projects, and generating the plots seen in the paper.
Waks-On/Waks-Off: Fast Oblivious Offline/Online Shuffling and Sorting with Waksman Networks
This code implements fast fully oblivious algorithms for shuffling and sorting data. In the offline/online model, the bulk of the computation can be done in an offline phase that is independent of the data to be permuted. The resulting online phase provides performance improvements over state-of-the-art oblivious shuffling and sorting algorithms both asymptotically (O(β n log n) vs. O(β n log2 n)) and concretely (>5× and >3× speedups), when permuting n items each of size β. Even if an offline phase is not available, the total time of our algorithms is faster than the state of the art when the items to be shuffled or sorted are moderately sized (β > 1400 bytes), and the performance gap only widens as the item sizes increase.
Fast Fully Oblivious Compaction and Shuffling
Several privacy-preserving analytics frameworks have been proposed that use trusted execution environments (TEEs) like Intel SGX. Such frameworks often use compaction and shuffling as core primitives. However, due to advances in TEE side-channel attacks, these primitives, and the applications that use them, should be fully oblivious; that is, perform instruction sequences and memory accesses that do not depend on the secret inputs. Such obliviousness would eliminate the threat of leaking private information through memory or timing side channels, but achieving it naively can result in a significant performance cost. This code implements fast, fully oblivious algorithms for compaction (ORCompact) and shuffling (ORShuffle and BORPStream).
Lox is a reputation-based bridge distribution system that provides privacy protection to users and their social graph and is open to all users. Lox prioritizes protecting the privacy of users and their social graphs and incorporates enumeration resistance mechanisms to improve access to bridges and limit the malicious behaviour of censors. We use an updated unlinkable multi-show anonymous credential scheme, suitable for a single credential issuer and verifier, to protect Lox bridge users and their social networks from being identified by malicious actors.
PIR for Onion Services
Private Information Retrieval for Onion Services is a prototype implementation of Tor with support for asynchronous PIR lookups for onion services. Such private lookups prevent malicious Tor onion service directories from learning the relative popularity of onion services or breaking the unlinkability guarantees of Tor's v3 onion service addresses.
PRSONA (Private Reputation Supporting Ongoing Network Avatars) is a privacy-preserving reputation system designed for use in tight-knit communities.
DHTPIR demonstrates how to integrate private information retrieval (PIR) into censorship-resistant publishing systems based on secure distributed hash tables (DHTs), in order to protect node operators from being exposed to information about what files clients are looking up.
Symmetric Private Information Retrieval (SPIR) built on Spiral
This code implements Symmetric Private Information Retrieval, building on the Spiral PIR library by Menon and Wu. In ordinary PIR, the client learns the database record they were looking for, and the server does not learn which record that was. The client is not prevented, however, from learning additional database records. In Symmetric PIR (SPIR), the client must learn only one database record, in addition to the server learning no information about which record that was. SPIR is similar to oblivious transfer (OT), except that SPIR aims to have sublinear communication, while OT does not have that restriction.
CMZ14 credentials
This code is a Rust library implementing the credentials from the paper "Algebraic MACs and Keyed-Verification Anonymous Credentials" (Chase, Meiklejohn, and Zaverucha, CCS 2014).
ZXAD (pronounced "zed-zad") is a zero-knowledge based private Tor exit abuse detection system. ZXAD detects large-volume traffic attacks without revealing any information, apart from the fact that some user is conveying a high volume of traffic through Tor.
Walking Onions
Walking Onions is a set of protocols and techniques to scale anonymity networks and reduce the amount of data required for clients to download.
Log-sized Proof of 1-of-N knowledge of DL
This code implements the protocol of Section 3 of Groth and Kohlweiss, "One-out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin", Eurocrypt 2015. You can look at this protocol in a number of ways: knowledge of an opening of one of N Pedersen commitments to 0; knowledge of one of N discrete logs of group elements; or knowledge of one of N private keys.
FROST is a Flexible Round-Optimized Schnorr Threshold signature scheme that can support one-round asynchronous threshold signing operations.
Mitigator is an SGX-based prototype implementation of a system to ensure a web server's handling of data submitted in forms is compliant with its privacy policy.
AR Attacks
This is software to execute augmented reality-based attacks on behaviour-based authentication.
Mimicker is the software that we used to execute shoulder surfing and offline training attacks on touch input-based implicit authentication schemes.
ConsenSGX is our work on using trusted execution environments such as Intel SGX to allow Tor clients to fetch only small parts of the Tor network consensus document, without opening them up to epistemic attacks.
Shatter Secrets
Shatter Secrets is an Android app that uses secret sharing to prevent you from being able to disclose encryption keys when crossing international borders.
PrivacyGuard is an Android app that alerts you when one of your apps leaks sensitive information to a remote server.
FireLock is an Android lock library to re-authenticate users conveniently and securely.
Website fingerprinting
Website fingerprinting is a classification attack wherein someone watching a user's local network can determine what websites she is visiting, even if she is using privacy enhancing technologies such as encryption, VPNs, or Tor. We have implementations of old and new website fingerprinting attacks and defenses.
Leading Johnny to Water: Usable Secure Email
This is the companion website for a study evaluating the usability of a secure PGP-compatible webmail client. The client is available as a Chrome browser extension, and allows you to send and receive PGP-encrypted email using Gmail.
Lavinia is a censorship-resistant publishing system that uses a payment system to incentivize adherence to the protocol and ensure document availability.
Slitheen is a decoy routing system for censorship resistance that uses packet replacement to defend against both active and passive attacks.
Style Counsel source code and data set
Style Counsel is a plugin for the Eclipse IDE to help C program authors maintain their privacy when they want to publish their source code anonymously or pseudonymously. It spots idiosyncratic features of their code and prompts them on what to change to remove them. (See the short WPES paper, or the extended version.) The data set is the collection of files from repositories used in Chris McKnight's MMath thesis "StyleCounsel: Seeing the (Random) Forest for the Trees in Adversarial Code Stylometry". The directory structure is 'author/repo-name'. The repositories were found by enumerating the GitHub data API and looking for original repositories containing C source code, with a single contributor. They have also been filtered to remove duplicate files and third-party source, although this should not be taken as a guarantee of clean data; in fact, the dataset contains a significant amount of noise, so it may be advisable to investigate additional measures to reduce this.
SpeedyMurmurs is a routing algorithm for privacy-preserving 'off-chain' transactions in digital transaction networks.
Itus is an implicit authentication library for Android, which can be used to continuously authenticate a smartphone user based on the user's behaviour without requiring deliberate actions by the user.
PrivEx consists of two sets of protocols (S2—secret sharing and D2—distributed decryption) to enable the private collection of statistics from anonymous communications networks using secure multicaprty computation and differential privacy. These protocols are described in our CCS 2014 paper. [tarball, git]
Distributed Key Generation
Distributed key generation allows a number of parties distributed around the Internet to collaboratively generate a secret key, without any of them learning (or choosing) the key individually, or even in small groups. Our software works in the asynchronous network model, which is appropriate for realistic networks such as the Internet, and has been tested for up to 70 globally distributed parties.
FaceCloak is an architecture for protecting user privacy on social networking sites. It is currently available as a Firefox extension for the Facebook social networking site.
Generalized Mersenne Number Toolbox
The GMNT will eventually be a collection of tools for working with generalized Mersenne numbers. Currently, the mrw tool generates C code to perform modular reduction for an arbitrary generalized Mersenne (GM) modulus. Examples of GM primes are the NIST primes recommended for elliptic curve cryptography.
KleeQ enables secure group communications for users of low-connectivity ad-hoc networks. It provides authentication, encryption and forward secrecy for a communicating group.
libspe: A Dynamic System Performance Analysis Library
libspe allows for static collection of timing information and the ability to register any number of objects to be monitored. We allow the set of objects being monitored, and the code that is watching each object, to be easily modified at runtime, without having to restart the program being monitored. The source code for libspe, written in C, is released as a free and open-source project under the BSD license.
NearbyFriend allows you to become aware of a nearby friend without any third-party tracking. It is available as an Android and BlackBerry application and as a plugin for the Pidgin Instant Messaging client.
Oblivious Printing
Oblivious Printing is a novel approach to document printing in which a set of printers print a secret message, in human or machine readable form, without learning the message.
Off-the-Record Messaging
Off-the-Record Messaging (OTR) enables secure and private instant messaging over existing IM networks. In order to emulate real-world "off-the-record" conversions, it provides encryption, authentication, forward secrecy and deniability.
DAKEZ, ZDH, and XZDH are strongly deniable authenticated key exchanges (DAKEs) intended for secure messaging applications. These protocols are described in our paper (to appear at PETS 2018). Both interactive (e.g., instant messaging) and non-interactive (e.g., text messaging) scenarios are supported.
PBCWrapper is a set of C++ wrapper classes for the PBC Pairing-Based Cryptography library. It simplifies the use of that library with C++ programs, providing convenience with object management, operator overloading, and more.
PBC Go Wrapper (documentation)
The PBC Go Wrapper provides access to the Pairing-Based Cryptography library in Go. It supports all of the PBC library's functionality, including pairing generation, element arithmetic, randomization, and data I/O. It is designed to seamlessly integrate with the Go environment by providing automatic garbage collection, element type checking, and integration with the standard Go libraries.
ringsig (documentation)
Ringsig implements ring signatures in Go. Ring signatures are a special type of digital signature that proves a message was signed by one of a set of possible signers, without revealing which member of the set created the signature.
An implementation of Kate, Zaverucha, and Goldberg's polynomial commitments in C++. It provides a convenient interface for committing to polynomials or vectors and opening such commitments. This version also provides classes that implement zero-knowledge proofs and proofs of knowledge about committed polynomials.
relicwrapper provides C++ and python wrappers to the RELIC library for bilinear pairings. The C++ wrapper uses the same API as PBCwrapper, above.
Percy++ is an implemenation of Private Information Retrieval protocols in C++. It provides information-theoretic, computational, or hybrid protection for the privacy of the query, and handles servers that fail to respond or that respond incorrectly.
Sphinx is a cryptographic message format used to relay anonymized messages within a mix network. It is more compact than any comparable scheme, and supports a full set of security features: indistinguishable replies, hiding the path length and relay position, as well as providing unlinkability for each leg of the message's journey over the network. This software is the implementation of the scheme.
NetMirage is a tool for testing IP-based networked applications. NetMirage emulates a large virtual network, allowing you to run and test unmodified applications in real-time. It is compatible with any IP-based Linux application with the capability to bind to a specific IP address. In particular, NetMirage is a modern tool for constructing large-scale virtual Tor networks.
ExperimenTor is a toolkit and network emulation-based testbed designed to support Tor research in a manner that promotes realism, safety, and scalability. The testbed consists of a set of tools for configuring, running, and analyzing whole-network experiments with an isolated Tor deployment running in the ModelNet network emulation platform. We provide the testbed as a set of VMware images that can be used to run Tor experiments out-of-the-box.
BridgeSPA is a protocol and implementation of innocuous SPA (based on Silent Knock) that protects Tor bridges from "aliveness" checks. See the BridgeSPA research paper for details.
The cudadl package is an implementation of van Oorschot and Wiener's parallel version of Pollard's rho algorithm for finding discrete logs. It uses CUDA GPUs (particularly, 2 NVIDIA M2050 GPUs) to do the computation. It is optimized for solving discrete logs over 1536-bit RSA numbers whose totient is smooth; that is, numbers N=pq where p-1 and q-1 are each the product of distinct primes less than B, for B around 258 (New in version 0.9: 292). See the cudadl research paper for details.
Code Talker Tunnel (formerly known as SkypeMorph)
Code Talker Tunnel (previously called SkypeMorph) is a protocol camouflaging tool, designed to reshape traffic output of any censorship circumvention tool to look like Skype video calls.
COGS (Changing of the Guards) is a simulation framework for understanding how different algorithms for selecting entry guards in Tor affect the security, privacy, and network throughput of Tor users.