Distributed Cryptography with IoT Devices
What if stealing one private key wasn't enough to decrypt your messages? This project distributes trust across a network of personal IoT devices — an attacker must independently compromise every device to break the scheme. Read the paper
- Each device holds a required key component — all must be compromised to decrypt
- Implemented in Python 3.9 using RSA-2048 and WebSockets
- Benchmarked on real hardware: Raspberry Pi 3B+ vs. high-end PC
- Result: ~0.22s added latency per chunk on Pi vs. <0.02s on PC — hardware crypto bottleneck confirmed
Details
The Problem
In standard public-key cryptography, a compromised private key is a permanent, silent vulnerability. This project explored a scheme where each IoT device holds a required component of the recipient's effective private key, forcing an attacker to independently compromise every participating device.
The underlying cryptographic concepts are well-established. The engineering challenge was whether they could be made to work within microcontroller constraints.
Implementation
The protocol was implemented in Python 3.9 using RSA-2048 and WebSockets, with a smart hub coordinating message chunking and reassembly across IoT devices. Benchmarked on real hardware: a Raspberry Pi 3B+ as the IoT device and a high-end PC as the control. Across 64 messages, the Pi averaged ~0.22s of added latency per chunk versus under 0.02s for the PC — an order of magnitude difference attributable to the absence of dedicated cryptographic hardware.
Conclusion
The protocol is not feasible as implemented. The latency overhead is too high for practical use, and the smart hub is a residual point of failure. The benchmarking makes the root cause clear: the bottleneck is the absence of hardware crypto acceleration on the Pi. The concrete paths forward are selecting algorithms with native microcontroller hardware support, or offloading cryptographic operations to an FPGA.