The members of CrySP are involved in various software projects and
distributions. Here is a sampling:
- PrivacyGuard is an Android app that alerts you when one of your apps leaks sensitive information to a remote server.
- FireLock is an Android lock library to re-authenticate users conveniently and securely.
- Website fingerprinting
- Website fingerprinting is a classification attack wherein someone
watching a user's local network can determine what websites she is
visiting, even if she is using privacy enhancing technologies such as
encryption, VPNs, or Tor. We have implementations of old and new
website fingerprinting attacks and defenses.
- Leading Johnny to Water: Usable Secure Email
- This is the companion website for a study evaluating the usability of a secure PGP-compatible webmail client. The client is available as a Chrome browser extension, and allows you to send and receive PGP-encrypted email using Gmail.
- Lavinia is a censorship-resistant publishing system that uses a
payment system to incentivize adherence to the protocol and ensure
- Slitheen is a decoy routing system for censorship resistance that
uses packet replacement to defend against both active and passive attacks.
- Itus is an implicit authentication library for Android, which can be used to continuously authenticate a smartphone user based on the user's behaviour without requiring deliberate actions by the user.
- PrivEx consists of two sets of protocols (S2—secret sharing
and D2—distributed decryption) to enable the private collection of
statistics from anonymous communications networks using secure
multicaprty computation and differential privacy. These protocols are
described in our CCS 2014 paper. [tarball, git]
- Distributed Key Generation
- Distributed key generation allows a number of parties distributed
around the Internet to collaboratively generate a secret key, without
any of them learning (or choosing) the key individually, or even in
small groups. Our software works in the asynchronous network model,
which is appropriate for realistic networks such as the Internet, and
has been tested for up to 70 globally distributed parties.
- FaceCloak is an architecture for protecting user privacy on social networking sites. It is currently available as a Firefox extension for the Facebook social networking site.
Mersenne Number Toolbox
- The GMNT will eventually be a collection of tools for working
with generalized Mersenne numbers. Currently, the mrw tool
generates C code to perform modular reduction for an arbitrary
generalized Mersenne (GM) modulus. Examples of GM primes
are the NIST primes recommended for elliptic curve cryptography.
- KleeQ enables secure group communications for users of
low-connectivity ad-hoc networks. It provides authentication,
encryption and forward secrecy for a communicating group.
- libspe: A Dynamic System Performance
- libspe allows for static collection of timing
information and the ability to register any number of objects to be
monitored. We allow the set of objects being monitored, and the
code that is watching each object, to be easily modified at runtime,
without having to restart the program being monitored. The
source code for libspe, written in C, is released as a free
and open-source project under the BSD license.
- NearbyFriend allows you to become aware of a nearby friend without any third-party tracking. It is available as an Android and BlackBerry application and as a plugin for the Pidgin Instant Messaging client.
- Oblivious Printing
- Oblivious Printing is a novel approach to document printing in which a set of printers print a secret message, in human or machine readable form, without learning the message.
- Off-the-Record Messaging (OTR) enables secure and private instant
messaging over existing IM networks. In order to emulate real-world
"off-the-record" conversions, it provides encryption, authentication,
forward secrecy and deniability.
- PBCWrapper is a set of C++ wrapper classes for the PBC Pairing-Based
Cryptography library. It simplifies the use of that library
with C++ programs, providing convenience with object management,
operator overloading, and more.
- PBC Go Wrapper (documentation)
- The PBC Go Wrapper provides access to the Pairing-Based
Cryptography library in Go. It supports all of the PBC library's
functionality, including pairing generation, element arithmetic,
randomization, and data I/O. It is designed to seamlessly integrate
with the Go environment by providing automatic garbage collection,
element type checking, and integration with the standard Go
- ringsig (documentation)
- Ringsig implements ring signatures in Go. Ring signatures are a
special type of digital signature that proves a message was signed
by one of a set of possible signers, without revealing which member
of the set created the signature.
- An implementation of Kate, Zaverucha, and Goldberg's polynomial
commitments in C++. It provides a convenient interface for
committing to polynomials or vectors and opening such commitments.
This version also provides classes that implement
zero-knowledge proofs and proofs of knowledge about committed
- relicwrapper provides C++ and python wrappers to the RELIC
library for bilinear pairings. The C++ wrapper uses the same API as
- Percy++ is an implemenation of Private Information Retrieval
protocols in C++. It provides information-theoretic, computational,
or hybrid protection for the privacy of the query, and handles
servers that fail to respond or that respond incorrectly.
- Sphinx is a cryptographic message format used to relay
anonymized messages within a mix network. It is more compact than
any comparable scheme, and supports a full set of security features:
indistinguishable replies, hiding the path length and relay
position, as well as providing unlinkability for each leg of the
message's journey over the network. This software is the
implementation of the scheme.
- NetMirage is a tool for testing IP-based networked applications.
NetMirage emulates a large virtual network, allowing you to run and
test unmodified applications in real-time. It is compatible with any
IP-based Linux application with the capability to bind to a specific
IP address. In particular, NetMirage is a modern tool for
constructing large-scale virtual Tor networks.
- ExperimenTor is a toolkit and network emulation-based testbed
designed to support Tor research in a manner that promotes realism,
safety, and scalability. The testbed consists of a set of tools for
configuring, running, and analyzing whole-network experiments with
an isolated Tor deployment running in the ModelNet network emulation
platform. We provide the testbed as a set of VMware images that
can be used to run Tor experiments out-of-the-box.
- BridgeSPA is a protocol and implementation of innocuous SPA (based
on Silent Knock) that protects Tor bridges from "aliveness" checks.
BridgeSPA research paper for details.
- The cudadl package is an implementation of van Oorschot and
Wiener's parallel version of Pollard's rho algorithm for finding
discrete logs. It uses CUDA GPUs (particularly, 2 NVIDIA M2050
GPUs) to do the computation. It is optimized for solving discrete
logs over 1536-bit RSA numbers whose totient is smooth; that is,
numbers N=pq where p-1 and q-1 are each the product of distinct primes less
than B, for B around
258 (New in version
0.9: 292). See the
cudadl research paper for details.
- Code Talker Tunnel (formerly
known as SkypeMorph)
- Code Talker Tunnel (previously called SkypeMorph) is a protocol
camouflaging tool, designed to reshape traffic output of any
censorship circumvention tool to look like Skype video calls.
- COGS (Changing of the Guards) is a simulation framework for
understanding how different algorithms for selecting entry guards
in Tor affect the security, privacy, and network throughput of
Last modified: Wednesday, 15-Feb-2017 18:46:49 EST