Dissertations - M Tech (CRS)
Permanent URI for this collectionhttp://164.52.219.250:4000/handle/10263/7285
Dissertation submitted in partial fulfilment of the requirements for the degree of Master of Technology in Cryptology and Security
Browse
56 results
Search Results
Item Implementing a Health Recommendation System from Wearable Data(Indian Statistical Institute, Kolkata, 2025-07-22) Pramanick PritiThe rising interest in personalized health monitoring has created a demand for intelligent systems that not only evaluate an individual’s health status but also offer actionable recommendations. This dissertation presents a data-driven approach to assess overall health by calculating a weekly health score using multi-dimensional data sources such as sleep patterns, nutrition, cardiovascular activity, fitness levels, and metabolic parameters. The system integrates and processes data stored in MongoDB using Python, applies scoring logic tailored to each health domain, and aggregates them into a unified health score. Addi- tionally, the system generates a detailed summary and leverages a language model to extract personalized recommendations aimed at improving user well-being. A comprehensive PDF health report is produced, featuring score visualizations and advice tailored to the individual. The implementation was tested across multiple profiles, and evaluation metrics indicate that the approach is both adaptive and insightful. This work not only demonstrates a scalable pipeline for health analysis but also opens up opportunities for future integration of machine learning and deeper behavioral insights.Item Dynamic Sparsification in Secure Gradient Aggregation for Federated Learning(Indian Statistical Institute, Kolkata, 2025-07-23) Samanta, BikashSecure aggregation is a critical component of privacy-preserving federated learning. However, existing fixed-sparsity approaches often incur unnecessary communication overhead. We present DynamicSecAgg, a novel framework that introduces dynamic sparsity while preserving coordinate-level privacy. Our method achieves significant improvements in communication efficiency while maintaining — and in some cases improving — model accuracy across both IID and non-IID user distributions. The framework maintains information-theoretic privacy guarantees via adaptive gradient thresholding and polynomial-based aggregation, proving particularly effective under heterogeneous data settings. These results establish dynamic sparsity as a key optimization for efficient and privacy-preserving federated learning.Item Efficient SIMD based Implementation of Xoodyak(Indian Statistical Institute, Kolkata, 2025-07-11) Biswas, SohamModern computing devices—particularly in the domains of the Internet of Things (IoT), mobile computing, and embedded systems—often operate under severe resource constraints in terms of processing power, memory (RAM/ROM), bandwidth, and battery life. Devices such as IoT sensors, smart cards, medical implants, RFID tags, and wearable systems typically rely on low-power hardware, including 8-bit microcontrollers with only a few kilobytes of memory. Conventional cryptographic algorithms are frequently unsuitable for such environments, as they may consume excessive power, introduce unacceptable latency, or fail to execute altogether. Lightweight cryptography addresses these challenges by providing cryptographic primitives specifically designed to operate efficiently on constrained hardware. With the rapid growth of IoT, billions of low-power devices are being deployed annually, all of which require fundamental security services such as encryption for data privacy, authentication for identity verification, and integrity protection to detect tampering. In response, international standardization bodies such as NIST and ISO have initiated efforts to define lightweight cryptographic standards. Notably, NIST’s Lightweight Cryptography Project aims to standardize algorithms that offer an effective balance between security and performance in resource-limited environments. Xoodyak is a modern lightweight cryptographic scheme developed for constrained platforms including IoT devices, embedded systems, and other resource-limited applications. It supports authenticated encryption, hashing, and pseudo-random number generation within a compact and efficient design, making it well suited for environments with strict limitations on memory, power, and computational capacity. Xoodyak was designed by Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche, who are also among the creators of Keccak (SHA-3). The scheme is built around the Xoodoo permutation, from which it derives its name, and was submitted to NIST’s Lightweight Cryptography Project, where it was recognized for its strong security properties and efficient performance across diverse platforms. Although Xoodyak is highly efficient on 8-bit, 16-bit, and 32-bit microcontrollers due to its compact code size and reliance on a single permutation for multiple cryptographic services, its design also enables a high degree of parallelism. This characteristic makes it suitable for deployment on powerful server-class processors that manage large numbers of constrained devices. In this work, we explore SIMD-based implementations of Xoodyak on modern Intel processors supporting AVX2 and AVX-512 instruction sets. While the eXtended Keccak Code Package (XKCP) provides up to 16-way parallelization, we investigate alternative SIMD parallelization paradigms capable of executing up to 512 parallel instances simultaneously.Item Zero Knowledge Proofs in Hybrid Environments(Indian Statistical Institute, Kolkata, 2025-07-11) Hajra, RittwikThe impending advent of quantum computing poses a significant threat to classical cryptographic primitives, necessitating a robust migration toward post-quantum cryptographic (PQC) systems. However, a complete transition remains impractical in the short term, giving rise to hybrid environments where classical and PQC schemes coexist. This thesis addresses a fundamental challenge in such settings: the need for efficient and secure zero-knowledge proofs (ZKPs) that establish plaintext consistency across cryptographic primitives defined over distinct algebraic domains. We present novel zero-knowledge protocols that bridge lattice-based schemes, specifically NTRU, with classical constructions like Pedersen vector commitments and ElGamal encryption. Our primary contributions include (1) a !-protocol for proving plaintext equality between an NTRU ciphertext and a Pedersen commitment, and (2) a ZKP of plaintext equality between NTRU and ElGamal ciphertexts. Both constructions ensure perfect honest-verifier zero-knowledge and computational soundness, while preserving efficiency and composability. A central innovation of our work lies in constructing a common linear language across domains— leveraging homomorphic properties and inner product arguments—allowing the prover to demonstrate equivalence of messages without revealing their content. Our protocols integrate rejection sampling techniques to preserve privacy in the lattice setting and achieve 2n-special soundness. We further extend our constructions to support batch proofs, enabling scalable and bandwidthefficient verification of multiple plaintext equalities. These protocols are, to the best of our knowledge, the first concrete and fully specified ZKPs achieving plaintext equality across NTRU and widely used classical primitives. Our work lays foundational tools for secure interoperability in hybrid systems and facilitates verifiable migration paths toward post-quantum secure infrastructures.Item The Monodromy Leak for a Generalized Montgomery Ladder(Indian Statistical Institute, Kolkata, 2025-07-11) Raychaudhuri, AraniThe Diffie-Hellman key exchange protocol using elliptic curves is the most wide-spread approach to the establishment of a secure internet connection. As an important subroutine, Alice and Bob need to perform multiplications of elliptic curve points by large scalars. The textbook method for scalar multiplication is the double-and-add algorithm. For the sake of efficiency, one usually performs x-coordinate only arithmetic using projective coordinates, and doubling-and-adding is done using the Montgomery ladder. The advantage of using projective coordinates is that this avoids costly field inversions at each iteration. However, when Alice (say) uses the double-and-add algorithm for computing her public key Q = [a]P, it is a bad idea for her to publish the resulting projective coordinates of Q. Indeed, it was shown in 2003 by Naccache, Smart and Stern that these coordinates leak a few bits of the secret scalar a. Therefore, Alice must perform a final division deprojectivizing the coordinates of Q, and this division must be done in constant time so that side-channel analysis does not allow for a reconstruction of these projective coordinates. In 2019 Aldaya, Garcia and Brumley discovered that many real-life implementations violate this requirement. New work by Robert from 2024 shows that the leak is much more devastating than assumed by Naccache et al.: one can easily recover the entire secret. Thus, bad implementations of elliptic curve scalar multiplication using the Montgomery ladder are a recipe for disaster. The goal of this thesis is to study the new method by Robert, which he calls “the monodromy leak”. It stems from the deep fact that the set of all possible projective coordinates for points on an elliptic curve E (called “cubical points”) still comes equipped with a natural scalar- multiplication map, despite this set not being a group. Robert shows that the cubical discrete logarithm problem reduces to a discrete logarithm problem in the underlying finite field, which is known to be easier (index-calculus). He then also shows that the Montgomery ladder essentially implements cubical scalar multiplication: whence the devastating conclusion. Besides understanding how the attack works, the goal is also to study the relation between cubical arithmetic and other projective double-and-add algorithms (such as the standard double-and-add algorithm for Weierstrass curves, or Edwards curves). Our current conclusion is that the Monodromy Leak is specific to the Montgomery ladder, but not to Montxi gomery curves : we generalize the attack to Partially-Long Weierstrass curves (PLWC). For the standard double-and-add algorithm on Edwards curves (as used in EdDSA), we report on some first explorations. There are also other applications of cubical arithmetic, namely to the efficient computation of pairings, and to the efficient computation of isogenies. Isogeny-based cryptography is another booming branch in cryptography, which is supposed to remain hard even in the presence of quantum adversaries (unlike “classical” elliptic curve cryptography, which is based on the discrete logarithm problem and therefore broken by Shor’s algorithm). However, these applications are not touched upon in this thesis.Item Turning data into guardrails - decoding financial vulnerability through behavioural signs(Indian Statistical Institute, Kolkata, 2025-07-22) Hajra, DebanwitaThis report presents the work I did during my internship at Hongkong and Shanghai Banking Corporation (HSBC), Kolkata. As a financial institution, the strength of the bank is fundamentally rooted in the behavior and reliability of its customers. Understanding this behavior is not only desirable; it is essential for the security, risk mitigation and future strategic planning of the bank. To do this, banks must invest in a thorough analysis of the financial behavior of their customers to detect early signs of risk and act accordingly. I worked in the Finance Support Team within the Data and Analytics division, where our focus was to build data-backed tools and insights to help identify what can cause financial vulnerability. My internship focused on feature engineering and dashboard making to support and strengthen financial decision-making frameworks. Key areas of my work included • Developing features like overdraft utilization, debt-to-income ratio, and essential spend indicators • Automating SQL pipelines to extract and aggregate large-scale banking data • Designing interactive dashboards in Looker to visualize customer behaviors (e.g., gambling, BNPL overuse) • Analyzing correlations, outlier patterns, and vulnerability signals in transac-tional datasets • Presenting a theoretical exploration of NLP embedding techniques including TF-IDF, CBOW, Skip-Gram, and LSTM The project blended technical depth with domain knowledge to build insights from financial data, aiming to identify early risk markers and guide responsible lending. The internship not only enhanced my analytical and engineering skills, but also offered a valuable experience in solving real-world problems collaboratively within a data science team.Item Structural Differential Privacy in Graph Neural Networks(Indian Statistical Institute, Kolkata, 2025-07-23) Giri, BibekGraph Neural Networks (GNNs) have demonstrated impressive performance across a range of graph-based learning tasks. However, their application to domains with sensitive relational data raises serious privacy concerns, as the graph structure itself may leak confidential information. This thesis investigates a decentralized framework for enforcing edge-level local di!erential privacy (LDP) in graph-structured data. We introduce two mechanisms that perturb a node’s neighborhood in a privacy-preserving yet utility-aware manner. The first approach replaces randomly selected neighbors with feature-similar nodes from the 2-hop neighborhood, ensuring structural realism while preserving degree. The second approach eliminates the need for explicit 2-hop propagation and dummy vectors, instead relying on randomized feature queries to identify plausible substitutes. Both approaches are evaluated on benchmark graph datasets such as Cora, PubMed, and LastFM using GNN architectures like GCN, GraphSAGE, and GAT. Experimental results show that our methods achieve a favorable trade-o! between structure privacy and learning utility, while avoiding the overhead and privacy leakage risks of centralized or semi-local protocols.Item Multi-party Key Establishment for Resource-Constrained Devices(Indian Statistical Institute, Kolkata, 2025-07-22) Banerjee, SupriyoAs the number of IoT (Internet of Things) devices continues to grow, ensuring secure communication among them has become increasingly important. Traditional pairing schemes rely on centralized architectures, which are vulnerable to temporary or permanent failures due to operational malfunctions of their central hubs or gateways. To address these challenges, decentralized communication is essential. However, existing decentralized pairing schemes suffer from high pairing times and significant computational overhead. Given the diverse capabilities of IoT devices, ranging from high-performance edge devices to resource-constrained sensors, many of these schemes become impractical in real-world scenarios. Therefore, we require a lightweight pairing scheme. Our goal is to design a lightweight and decentralized group key establishment protocol that ensures strong security guarantees while remaining scalable and efficient. Our approach aims to reduce pairing time and computational complexity, making it suitable for a wide range of IoT applications, from smart homes to large-scale industrial networks. Our approach builds upon concepts from existing works like Asynchronous Ratcheting Tree [9] and Extending Joux’s Protocol to Multi Party Key Agreement [5], which focuses on decentralized, secure, and scalable group pairing scheme for dynamic environment.Item TI-ulPCS: Threshold-Issuance - Un-linkable Policy Compliant Signatures(Indian Statistical Institute, Kolkata, 2025-07-01) Ghosh, Kiran DeepDigital signatures, as a strong cryptographic primitive, ensure the authenticity and integrity of signed messages. On one hand, no one can forge a verifiable signature without knowing the secret key, on the other hand, any correctly formed signature is always verifiable under the public key of the signer. Besides signing digital data, they serve as foundational components in more advanced cryptographic systems, including blind signatures, group signatures, direct anonymous attestation, e-cash, e-voting protocols, adaptive oblivious transfer, anonymous credential schemes, Policy-Compliant Signatures, etc. Policy-Compliant Signatures (PCS) enable the enforcement of joint policies between the signer and the verifier. A signature of this type is valid if not only it is correctly signed by the actual signer but also the attributes of both the signer and verifier fulfill a predefined policy. A PCS scheme allows a central authority to enforce a global policy by issuing keys tied to user attributes without revealing the attributes or policy. Unlinkable PCS (ulPCS) strengthens PCS properties by ensuring that signatures generated by the same signer remain unlinkable. However, both PCS and ulPCS rely on a single issuer, which introduces a single point of failure. In this thesis, we study the concept of Threshold-Issuance Unlinkable PCS (TI-ulPCS). This cryptographic primitive builds on threshold cryptography to distribute the trust among multiple issuers, ensuring that a predefined threshold of issuers must collaborate to issue keys, without any single issuer having full control. We begin by defining and constructing Threshold-Issuance Predicate Encryption (TI-PE), which supports both attribute-hiding and blind-issuance of credentials. We achieve blind-issuance through commitment schemes combined with zero-knowledge proofs. For signing, we use Non-interactive Threshold Structure- Preserving Signatures on Equivalence Classes (NI-TSPS-EQ) and employ a threshold digital signature instead of a single-signer digital signature.Item Low Entropy Side-Channel Secure Hardware Implementations(Indian Statistical Institute, Kolkata, 2025-07-12) Dhar, JhelumThe demand for symmetric-key cryptography implemented in hardware is growing due to the increasing need for faster, more efficient, and secure encryption in small devices. However, implementing block ciphers in hardware that are side-channel secure remains a challenging goal. This holds true because there exist sophisticated but well-studied attacks such as Differential Power Analysis, which uses the correlation between power consumption of a device and the information on it to allow attackers with physical access to the cryptographic device to get information about secret data. Masking is one of the techniques that is used to provide security against sidechannel attacks. There are various kinds of masking, including widely recognized Threshold Implementations and Domain-Oriented Masking. However, to mask a secret, one must first generate randomness. Generating secure randomness usually comes at the cost of increased area and time in hardware. In this master’s thesis project, we study ways of reducing or reusing the randomness used in masked hardware implementations of symmetric-key block ciphers and calculate the bounds on the advantage of a threshold probing adversary to determine if the countermeasures preserve security. We then use PROLEAD to verify the probing security and compare its result with our estimations.