Security and Privacy through Modern Cryptography
|
|
- Juniper Martin
- 5 years ago
- Views:
Transcription
1 Security and Privacy through Modern Cryptography David Wu Stanford University
2 Cryptography in the 1970s How can two users who have never met before communicate securely with each other? m secrecy integrity authenticity
3 Modern Cryptography Machine Learning Modern Cryptography Personal Genomics Cloud Computing Computer Security Databases
4 Private Genome Analysis [Science 17] What gene causes a specific (rare) disease? joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh Patients with Kabuki Syndrome Each patient has a list of rare variants over 20,000 genes
5 Gene Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh A1BG ZZZ Each patient has a vector v where v i = 1 if patient has a rare variant in gene i Patients with Kabuki Syndrome Goal: Identify gene with most variants across all patients Each patient has a list of rare variants over 20,000 genes
6 Gene Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh A1BG ZZZ Each patient has a vector v where v i = 1 if patient has a rare variant in gene i Patients with Kabuki Syndrome Each patient has a list of rare variants over 20,000 genes Goal: Identify gene with most variants across all patients Works well for monogenic diseases
7 Gene Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh A1BG ZZZ Question: Can we perform this computation without seeing complete patient genomes? Patients with Kabuki Syndrome Each patient has a list of rare variants over 20,000 genes Goal: Identify gene with most variants across all patients Works well for monogenic diseases
8 Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh r x r Patients with Kabuki Syndrome Each patient has a list of rare variants over 20,000 genes Patients secret share their data with two (non-colluding) hospitals
9 Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh MPC Protocol Hospitals run a multiparty computation (MPC) protocol on pooled inputs Patients with Kabuki Syndrome Each patient has a list of rare variants over 20,000 genes Patients secret share their data with two (non-colluding) hospitals
10 Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh MPC Protocol Experiments on real patient data Top variants (sorted): KMT2D, COL6A1, FLNB Patients with Kabuki Syndrome Each patient has a list of rare variants over 20,000 genes Known cause of disease
11 Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh MPC Protocol Experiments on real patient data Top variants (sorted): KMT2D, COL6A1, FLNB Patients with Kabuki Syndrome Each patient has a list of rare variants over 20,000 genes Each hospital individually learns nothing about genomes
12 Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh MPC Protocol Simulated two parties using two servers on Amazon EC2 (East Coast / West Coast): Experiments on real patient data 13.7 s 62.2 MB 15.8 s 72.7 MB Completes in under 10s 9.6 s 41.0 MB Top variants (sorted): KMT2D, COL6A1, FLNB Patients Number with of Kabuki Patients Syndrome End-to-End Time Communication Each patient has a list of Performance scales logarithmically with cohort size rare variants over 20,000 genes Each hospital individually learns nothing about genomes
13 Private Genome Analysis [Science 17] joint work with Boneh, Bejerano, Birgmeier, and Jagadeesh MPC Protocol Area of growing interest: annual idash competition for developing solutions for privacypreserving genomics Upcoming work: privacy-preserving genome-wide association studies (GWAS) framework with tens of thousands of genomes [CWB18; Nature Biotechnology] [Preliminary implementation won first place at idash 2015] Completes in under 10s Experiments on real patient data Top variants (sorted): KMT2D, COL6A1, FLNB Each hospital individually learns nothing about genomes
14 Modern Cryptography Machine Learning Modern Cryptography Personal Genomics Cloud Computing Computer Security Databases
15 My Research from 10,000 Feet Machine Learning [WFNL16] Modern Cryptography Personal Genomics [JWBBB17, CWB18] Cloud Computing [BISW17, BISW18] Computer Security [WZPM16, WTSB16] Databases [BGHWW13, CLWW16, LW16]
16 My Research from 10,000 Feet How can we build more secure systems? Machine Learning Modern Cryptography Personal Genomics Cloud Computing Computer Security [WZPM16, WTSB16] Databases
17 My Research from 10,000 Feet How do we search on encrypted data? Machine Learning Modern Cryptography Personal Genomics Cloud Computing Computer Security Databases [BGHWW13, CLWW16, LW16]
18 My Research from 10,000 Feet How can a user efficiently verify the correctness of a complex computation? Machine Learning Modern Cryptography Personal Genomics Cloud Computing [BISW17, BISW18] Computer Security Databases
19 My Research from 10,000 Feet Functional Encryption [AW17, KW17b] Pseudorandom Functions [BLW17, BKW17, BIPSW18] Lattice-Based Cryptography [KW17, KW18] Machine Learning [WFNL16] Modern Cryptography Personal Genomics [JWBBB17, CWB18] Cloud Computing [BISW17, BISW18] Computer Security [WZPM16, WTSB16] Databases [BGHWW13, CLWW16, LW16]
20 Talk Outline Functional Encryption Pseudorandom Functions Lattice-Based Cryptography Modern Cryptography Personal Genomics Part I: Searching on Encrypted Data Databases [BGHWW13, CLWW16, LW16]
21 Talk Outline Functional Encryption Pseudorandom Functions [BLW17, BKW17, BIPSW18] Lattice-Based Cryptography [KW17, KW18] Modern Cryptography Personal Genomics Part I: Part II: Searching on Encrypted Data Software Watermarking Databases
22 Part I: Searching on Encrypted Data Main theme: Developing new cryptographic primitives that enable secure systems design Machine Learning Modern Cryptography Personal Genomics Cloud Computing Computer Security Databases [BGHWW13, CLWW16, LW16]
23 Searching on Encrypted Data Database breaches have become the norm rather than the exception [Data taken from Vigilante.pw]
24 Searching on Encrypted Data
25 Why Not Encrypt? Because it would have hurt Yahoo s ability to index and search messages to provide new user services Jeff Bonforte (Yahoo SVP)
26 Searching on Encrypted Data sk Any client (e.g., web client, employee) who hold a secret key can query the database ID Name Age Zip Code 0 Alice Bob Emily Jeff encrypted database sk database server (hosted in the cloud)
27 Security Against Snapshot Adversaries ID Name Age Zip Code 0 Alice Bob Emily Jeff Adversary breaks into the database server and steals the contents of the database on disk (i.e., obtains a snapshot of the database) database server (hosted in the cloud)
28 Order-Revealing Encryption [BCLO09, BLRSZZ15] secret-key encryption scheme ct 1 = Enc(sk, x) ct 2 = Enc(sk, y) x > y public comparison function for ciphertexts Best-possible security: ciphertexts hide everything other than the ordering of the values
29 Order-Revealing Encryption [BCLO09, BLRSZZ15] secret-key encryption scheme ct 1 = Enc(sk, x) ct 2 = Enc(sk, y) x > y public comparison function for ciphertexts Enables queries on encrypted data without making significant changes to existing database architectures
30 Performance Existing Approaches Practical Theoretical Not drawn to scale Security
31 Performance Existing Approaches Practical constructions based on multilinear maps [BLRSZZ15] or obfuscation [GGGJKLSSZ14] Not drawn to scale Theoretical Security Best-possible security, but not implementable
32 Performance Existing Approaches Very efficient, but has additional leakage: Ciphertexts reveal half of the bits of the plaintext Difficult to quantify precise leakage OPE [BCLO09] Practical constructions based on multilinear maps [BLRSZZ15] or obfuscation [GGGJKLSSZ14] Not drawn to scale Theoretical Security Best-possible security, but not implementable
33 Performance Existing Approaches Used in systems like CryptDB [PRZB11] and by start-ups like SkyHigh Networks OPE [BCLO09] Practical constructions based on multilinear maps [BLRSZZ15] or obfuscation [GGGJKLSSZ14] Not drawn to scale Theoretical Security Best-possible security, but not implementable
34 Performance Existing Approaches Used in systems like CryptDB [PRZB11] and by start-ups like SkyHigh Networks OPE [BCLO09] Goal: New notion of ORE that is both practical and whose security can be precisely analyzed Practical Something in between? constructions based on multilinear maps [BLRSZZ15] or obfuscation [GGGJKLSSZ14] Not drawn to scale Theoretical Security Best-possible security, but not implementable
35 A Simple ORE Construction [FSE 16] joint work with Chenette, Lewi, and Weis Pseudorandom function (PRF): function whose input-output behavior looks like that of a random function F k : 0,1 0,1,2 For each index i, apply a PRF (e.g., AES) to the first i 1 bits, then add b i (mod 3)
36 A Simple ORE Construction [FSE 16] joint work with Chenette, Lewi, and Weis F k (ε) + 1 F k : 0,1 0,1,2 empty prefix For each index i, apply a PRF (e.g., AES) to the first i 1 bits, then add b i (mod 3)
37 A Simple ORE Construction [FSE 16] joint work with Chenette, Lewi, and Weis F k (ε) + 1 F k : 0,1 0,1,2 F k (1) + 0 For each index i, apply a PRF (e.g., AES) to the first i 1 bits, then add b i (mod 3)
38 A Simple ORE Construction [FSE 16] joint work with Chenette, Lewi, and Weis F k (ε) + 1 F k : 0,1 0,1,2 F k (1) + 0 F k (10) + 0 For each index i, apply a PRF (e.g., AES) to the first i 1 bits, then add b i (mod 3)
39 A Simple ORE Construction [FSE 16] joint work with Chenette, Lewi, and Weis F k (ε) + 1 F k (1) + 0 F k (10) + 0 F k (100) + 1 F k (1001) + 0 F k (10010) + 1 same prefix = same ciphertext block first block that differs different prefix = value hidden F k (ε) + 1 F k (1) + 0 F k (10) + 0 F k (100) + 0 F k (1000) + 1 F k (10001) Recall: all additions happen modulo Additional leakage: first differing bit
40 A Simple ORE Construction [FSE 16] joint work with Chenette, Lewi, and Weis F k (ε) + 1 F k (1) + 0 F k (10) + 0 F k (100) + 1 F k (1001) + 0 F k (10010) + 1 same prefix = same ciphertext block first block that differs different prefix = value hidden F k (ε) + 1 F k (1) + 0 F k (10) + 0 F k (100) + 0 F k (1000) + 1 F k (10001) Key insight: Embed comparisons into Z Additional leakage: first differing bit
41 Inference Attacks [NKW15, DDC16, GSBNR17] ID Name Age Zip Code wpjoos 2wzXW8 SqX9l9 KqLUXE XdXdg8 y9gfps gwile3 MJ23b7 P6vKhW EgN0Jn S0pRJe ataejk orjre6 KQWy9U tpwf3m 4FBEO0 encrypted database + public information frequency and statistical analysis ID Name Age Zip Code??? Alice ?????? Bob ?????? Emily ?????? Jeff ??? plaintext recovery
42 Inference Attacks [NKW15, DDC16, GSBNR17] ORE schemes reveal order of ciphertexts and thus, are vulnerable to offline inference attacks Can we extend ORE to defend against offline inference attacks?
43 Defending Against Inference Attacks [CCS 16] Key primitive: order-revealing encryption scheme where ciphertexts have a decomposable structure joint work with Lewi Enc 37 Enc L 37 Enc R 35 ct L ct R ct L ct R ciphertexts naturally split into two components greater than
44 Defending Against Inference Attacks [CCS 16] joint work with Lewi Enc L 37 Enc R 35 ct L ct R right ciphertexts reveal nothing about underlying messages! comparison can be performed between left ciphertext and right ciphertext robustness against offline inference attacks!
45 Encrypted Range Queries [CCS 16] joint work with Lewi store right ciphertexts in sorted order ID Name Age Zip Code 0 Alice Bob Emily Jeff Age Enc R (31) Enc R (41) Enc R (45) Enc R (47) build encrypted index ID Enc(0) Enc(2) Enc(3) Enc(1) record IDs encrypted under independent key Name Enc R (Alice) ID Enc(0) Age ID Enc(1) Enc(0) Zip Code Enc(2) ID Enc(2) Enc R (38655) Enc(3) Enc(2) Enc(3) Enc R (46304) Enc(3) Enc(1) Enc R (60015) Enc(1) Enc R (Bob) Enc R (31) Enc R (Emily) Enc R (41) Enc R (Jeff) Enc R (45) Enc R (47) Enc R (68107) Enc(0) separate index for each searchable column, and using different ORE keys
46 Encrypted Range Queries [CCS 16] Encrypted database: ID Name Age Zip Code 0 Alice Bob Emily Jeff columns (other than ID) are encrypted using standard encryption scheme to perform range query, client provides left ciphertexts corresponding to its range Name ID Enc R (Alice) Enc(0) Age ID Enc(1) Enc(0) Zip Code Enc(2) ID Enc(2) Enc R (38655) Enc(3) Enc(2) Enc(3) Enc R (46304) Enc(3) Enc(1) Enc R (60015) Enc(1) Enc R (Bob) Enc R (31) Enc R (Emily) Enc R (41) Enc R (Jeff) Enc R (45) Enc R (47) Enc R (68107) joint work with Lewi Enc(0) encrypted search indices
47 Encrypted Range Queries [CCS 16] Encrypted database: ID Name Age Zip Code 0 Alice Bob Emily Jeff Encrypted database hides the contents! Name ID Enc R (Alice) Enc(0) Age ID Enc(1) Enc(0) Zip Code Enc(2) ID Enc(2) Enc R (38655) Enc(3) Enc(2) Enc(3) Enc R (46304) Enc(3) Enc(1) Enc R (60015) Enc(1) Enc R (Bob) Enc R (31) Enc R (Emily) Enc R (41) Enc R (Jeff) Enc R (45) Enc R (47) Enc R (68107) joint work with Lewi Enc(0) encrypted search indices
48 Performance Comparison Scheme Encrypt (μs) Compare (μs) ct (bytes) Security [BCLO09] OPE > Leaks half of the bits [CLWW16] ORE Leaks first-differing bit [LW16] ORE Left-right security 5Gen ORE [LMAC + 16] > 10 9 > 10 8 > 10 9 Best-possible security (80 bits of security) Measurements for encrypting 32-bit integers (with 128 bits of security)
49 Performance Comparison Scheme Encrypt (μs) Compare (μs) ct (bytes) Security [BCLO09] OPE > Leaks half of the bits [CLWW16] ORE Leaks first-differing bit [LW16] ORE Left-right security 5Gen ORE [LMAC + 16] > 10 9 > 10 8 > 10 9 Best-possible security (80 bits of security) The [LW16] scheme is 65x faster than OPE, but ciphertexts are 30x longer. Security is substantially better.
50 Performance The Landscape of ORE OPE [BCLO09] vulnerable to inference attacks [NKW15, DDC16, GSBNR16] ORE [CLWW16] Practical Theoretical ORE [LW16] subsequent work [CLOZ16, JP16] constructions based on multilinear maps [BLRSZZ15] or obfuscation [GGGJKLSSZ14] can provide offline security Not drawn to scale Security
51 Part II: Watermarking Software Functional Encryption Pseudorandom Functions [BLW17, BKW17, BIPSW18] Lattice-Based Cryptography [KW17, KW18] Machine Learning Modern Cryptography Personal Genomics Main theme: Realizing complex cryptographic functionalities from simple assumptions
52 Watermarking Software How do we prove ownership of software? Snippet of code used in Oracle copyright and patent dispute against Google
53 Watermarking Software How do we prove ownership of software? Claim: Android contained code that was copied (almost) verbatim from Oracle source code Not a new phenomenon: earlier case between AT&T and BSD regarding unauthorized use of code [Unix System Laboratories vs. Berkeley Software Design] Snippet of code used in Oracle copyright and patent dispute against Google
54 Watermarking Software How do we prove ownership of software? Claim: Android contained code that was copied (almost) verbatim from Oracle source code Question: Is there a rigorous notion of watermarking software? Snippet of code used in Oracle copyright and patent dispute against Google
55 Watermarking Software [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] CRYPTO Embed a mark within a program If mark is removed, then program is destroyed Two main algorithms (simplified): Mark C C : Takes a circuit C and outputs a marked circuit C Verify C 0,1 : Tests whether a circuit C is marked or not
56 Watermarking Software [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] CRYPTO Embed a mark within a program Notion extend to setting where watermark If mark is removed, then program is destroyed can be any string Two main algorithms (simplified): Mark C C : Takes a circuit C and outputs a marked circuit C Verify C 0,1 : Tests whether a circuit C is marked or not
57 Watermarking Software [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] Mark CRYPTO Functionality-preserving: On input a circuit C, the Mark algorithm outputs a circuit C where C x = C (x) on almost all inputs x
58 Watermarking Software [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] CRYPTO Unremovability: Given a marked program C, no efficient adversary can construct a circuit C where C x = C (x) on almost all inputs x The circuit C is unmarked: Verify C = 0
59 Watermarking Software [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] Adversary is very powerful: sees the code of the marked CRYPTO program C and has complete flexibility in crafting C Unremovability: Given a marked program C, no efficient adversary can construct a circuit C where C x = C (x) on almost all inputs x The circuit C is unmarked: Verify C = 0
60 Watermarking Software [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] CRYPTO Learning the original (unmarked) function gives a way to remove the watermark Notion only achievable for functions that are not learnable Focus has been on cryptographic functions
61 Watermarking Cryptographic Programs [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] PRF(k, ) pseudorandom function Mark PRF(k, ) pseudorandom function CRYPTO Focus of this work: watermarking PRFs [CHNVW16, BLW17, KW17]
62 Watermarking Cryptographic Programs [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] PRF(k, ) pseudorandom function Mark PRF(k, ) pseudorandom function CRYPTO A function whose input-output Focus behavior of this unpredictable work: watermarking (looks PRFs [CHNVW16, BLW17, KW17] like a random function) e.g., AES
63 Watermarking Cryptographic Programs [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] PRF(k, ) pseudorandom function Mark PRF(k, ) pseudorandom function CRYPTO Program has PRF key k hard-wired Focus inside it of and this on work: input x, watermarking outputs PRFs [CHNVW16, BLW17, KW17] PRF(k, x)
64 Watermarking Cryptographic Programs [NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17, KW17] PRF(k, ) pseudorandom function Mark PRF(k, ) pseudorandom function CRYPTO Focus of this work: watermarking PRFs [CHNVW16, BLW17, KW17] Enables watermarking of symmetric primitives built from PRFs (e.g., encryption, message authentication codes) Goal: build watermarking from standard and implementable assumptions
65 Brief Digression: The Landscape of Cryptography Cryptomania: cryptography from standard assumptions (e.g., factoring, discrete log, learning with errors) Encryption Signatures Multiparty Computation Zero-Knowledge Cryptomania Obfustopia Functional Encryption Non-Interactive Key Exchange Watermarking? Challenge: realizing these applications from standard and implementable assumptions Obfustopia: cryptography where we also have obfuscation
66 Key Notion: Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) Starting point: puncturable PRF [BW13, BGI13, KPTZ13] Puncture x PRF key punctured key Can be used to evaluate the PRF on all points x x Privacy: Punctured key hides x
67 Key Notion: Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) PRF key x 1 x 2 y 2 y 1 x 3 x y 3 PRF k, x
68 Key Notion: Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) punctured key x 1 x 2 y 2 y 1 x 3 x y y 3 Punctured key implements the same function except at x
69 Key Notion: Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) punctured key x 1 x 2 y 2 y 1 x 3 x y y 3 Translucent PRF: When punctured key is used to evaluate at x, output lies in a sparse, hidden subset of the range
70 Key Notion: Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) punctured key x 1 x 2 y 2 y 1 x 3 x y y 3 Secret key (associated with PRF family) can be used to test for Translucent PRF: When membership punctured key in is the used hidden to evaluate subspace at x, output lies in a sparse, hidden subset of the range
71 Key Notion: Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) punctured key x 1 x 2 y 2 y 1 x 3 x y y 3 Sets satisfying such properties are called translucent [CDNO97] Values in special set looks indistinguishable from a random value (without secret testing key)
72 Watermarking from Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) watermarked key x 1 x 2 y 2 y 1 x 3 x y y 3 Watermarked program just implements evaluation using punctured key (for the private translucent PRF)
73 Watermarking from Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) watermarked key x 1 x 2 y 2 y 1 x 3 x y y 3 Verification: to test whether a program C is watermarked, check whether C x is in the translucent set (using the testing key for the private translucent PRF)
74 Watermarking from Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) watermarked key x 1 x 2 y 2 y 1 x 3 x y y 3 Functionality-preserving: function differs at a single point Unremovable: the point x is hidden by privacy, and the value y looks like random element in range by translucency
75 Watermarking from Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) watermarked key x 1 x 2 y 2 y 1 x 3 x y Intuitively: special point x, y is used to embed the watermark; watermark is hidden by privacy and translucency properties Functionality-preserving: function differs at a single point Unremovable: the point x is hidden by privacy, and the value y looks like random element in range by translucency y 3
76 Watermarking from Private Translucent PRFs [CRYPTO 17] joint work with Kim (and recipient of Best Young-Researcher Paper Award) watermarked key x 1 x 2 y 2 y 1 x 3 x y y 3 Private translucent PRFs can be built from standard lattice assumptions
77 Watermarking from Private Translucent PRFs [CRYPTO 17] Cryptomania: cryptography from standard assumptions (e.g., factoring, discrete log, learning with errors) Encryption Signatures Multiparty Computation Zero-Knowledge Watermarking joint work with Kim (and recipient of Best Young-Researcher Paper Award) Obfustopia Functional Encryption Non-Interactive Key Exchange Watermarking Cryptomania Obfustopia: cryptography where we also have obfuscation
78 My Research from 10,000 Feet Functional Encryption [AW17, KW17b] Pseudorandom Functions [BLW17, BKW17, BIPSW18] Lattice-Based Cryptography [KW17, KW18] Machine Learning [WFNL16] Modern Cryptography Personal Genomics [JWBBB17, CWB18] Cloud Computing [BISW17, BISW18] Computer Security [WZPM16, WTSB16] Databases [BGHWW13, CLWW16, LW16]
79 Research Themes and Directions Developing new protocols for privacy-preserving computation Genome Privacy [JWBBB17, CWB18] Internet of Things [WTSB16] Machine Learning [WFNL16] Can we build general frameworks to enable scalable privacypreserving computation across domains?
80 Research Themes and Directions Build new cryptographic primitives that enable more secure systems Order-revealing encryption for searching on encrypted data [CLWW16, LW16] Succinct arguments for verifiable computation [BISW17, BISW18]
81 Research Themes and Directions Realizing complex functionalities from simple assumptions Factoring Discrete logarithm Pairings Learning with Errors 1970s What new functionalities are possible from standard (and implementable) assumptions? Thank you!
Order-Revealing Encryption:
Order-Revealing Encryption: How to Search on Encrypted Data David Wu Stanford University based on joint works with Nathan Chenette, Kevin Lewi, and Stephen A. Weis Searching on Encrypted Data The information
More informationOrder-Revealing Encryption:
Order-Revealing Encryption: How to Search on Encrypted Data Kevin Lewi and David J. Wu Stanford University Searching on Encrypted Data Searching on Encrypted Data Searching on Encrypted Data Searching
More informationOrder-Revealing Encryption:
Order-Revealing Encryption: New Constructions, Applications and Lower Bounds Kevin Lewi and David J. Wu Stanford University Searching on Encrypted Data Searching on Encrypted Data Searching on Encrypted
More informationOrder-Revealing Encryption:
Order-Revealing Encryption: How to Search on Encrypted Data Kevin Lewi and David J. Wu Stanford University Searching on Encrypted Data The information accessed from potentially exposed accounts "may have
More informationSecurity in Data Science
SDSI Nov. 2017 Security in Data Science Dan Boneh Stanford University Private genomic data analysis [Jagadeesh, Wu, Birgmeier, Boneh, Bejerano, Science, 2017] What genes causes a specific disorder? 2 v
More informationEncrypted databases. Tom Ristenpart CS 6431
Encrypted databases Tom Ristenpart CS 6431 Outsourced storage settings Client wants to store data up on Dropbox High availability, synch across devices Server includes much value-add functionality Keyword
More informationCryptography. Andreas Hülsing. 6 September 2016
Cryptography Andreas Hülsing 6 September 2016 1 / 21 Announcements Homepage: http: //www.hyperelliptic.org/tanja/teaching/crypto16/ Lecture is recorded First row might be on recordings. Anything organizational:
More informationApplication to More Efficient Obfuscation
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation (io)
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationCSC 5930/9010 Modern Cryptography: Public Key Cryptography
CSC 5930/9010 Modern Cryptography: Public Key Cryptography Professor Henry Carter Fall 2018 Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract
More informationFoundations of Cryptography CS Shweta Agrawal
Foundations of Cryptography CS 6111 Shweta Agrawal Course Information 4-5 homeworks (20% total) A midsem (25%) A major (35%) A project (20%) Attendance required as per institute policy Challenge questions
More informationPrivately Constraining and Programming PRFs, the LWE Way PKC 2018
Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018 1 / 15 Constrained Pseudorandom Functions [KPTZ 13,BW 13,BGI 14] 1 Ordinary evaluation algorithm Eval(msk,
More informationNotes for Lecture 14
COS 533: Advanced Cryptography Lecture 14 (November 6, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 14 1 Applications of Pairings 1.1 Recap Consider a bilinear e
More informationAnalysing Access Pattern and Volume Leakage from Range Queries on Encrypted Data. Information Security Group
Analysing Access Pattern and Volume Leakage from Range Queries on Encrypted Data Kenny Paterson @kennyog based on joint work with Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud Information Security Group
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationCSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring and 6 February 2018
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring 2018 5 and 6 February 2018 Identification schemes are mechanisms for Alice to prove her identity to Bob They comprise a setup
More informationWatermarking Public-key Cryptographic Functionalities and Implementations
Watermarking Public-key Cryptographic Functionalities and Implementations Foteini Baldimtsi 1, ggelos Kiayias 2, and Katerina Samari 3 1 George Mason University, US 2 University of Edinburgh and IOHK,
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationSiTP Dec Cryptography for IoT. Dan Boneh Stanford University
SiTP Dec. 2017 Cryptography for IoT Dan Boneh Stanford University but first: Computer Security at Stanford Alex Aiken software analysis Dan Boneh applied Crypto, crypto currencies Matei Zaharia security
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationPaper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage
1 Announcements Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage 2 Recap and Overview Previous lecture: Symmetric key
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Michael J. Fischer Lecture 4 September 11, 2017 CPSC 467, Lecture 4 1/23 Analyzing Confidentiality of Cryptosystems Secret ballot elections Information protection Adversaries
More informationFunctional Encryption: Deterministic to Randomized Functions from Simple Assumptions. Shashank Agrawal and David J. Wu
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal and David J. Wu Public-Key Functional Encryption [BSW11, O N10] x f(x) Keys are associated with deterministic
More informationCryptography CS 555. Topic 1: Course Overview & What is Cryptography
Cryptography CS 555 Topic 1: Course Overview & What is Cryptography 1 Administrative Note Professor Blocki is traveling and will be back on Wednesday. E-mail: jblocki@purdue.edu Thanks to Professor Spafford
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More informationLecture 10, Zero Knowledge Proofs, Secure Computation
CS 4501-6501 Topics in Cryptography 30 Mar 2018 Lecture 10, Zero Knowledge Proofs, Secure Computation Lecturer: Mahmoody Scribe: Bella Vice-Van Heyde, Derrick Blakely, Bobby Andris 1 Introduction Last
More informationCryptography Today. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 44
Cryptography Today Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 About the Course Regular classes with worksheets so you can work with some concrete examples (every Friday at 1pm).
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationEfficient Private Information Retrieval
Efficient Private Information Retrieval K O N S T A N T I N O S F. N I K O L O P O U L O S T H E G R A D U A T E C E N T E R, C I T Y U N I V E R S I T Y O F N E W Y O R K K N I K O L O P O U L O S @ G
More informationEncrypted Data Deduplication in Cloud Storage
Encrypted Data Deduplication in Cloud Storage Chun- I Fan, Shi- Yuan Huang, Wen- Che Hsu Department of Computer Science and Engineering Na>onal Sun Yat- sen University Kaohsiung, Taiwan AsiaJCIS 2015 Outline
More informationFeedback Week 4 - Problem Set
4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1
More informationMore crypto and security
More crypto and security CSE 199, Projects/Research Individual enrollment Projects / research, individual or small group Implementation or theoretical Weekly one-on-one meetings, no lectures Course grade
More informationCSC 5930/9010 Cloud S & P: Cloud Primitives
CSC 5930/9010 Cloud S & P: Cloud Primitives Professor Henry Carter Spring 2017 Methodology Section This is the most important technical portion of a research paper Methodology sections differ widely depending
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationPublic-Key Cryptography
Computer Security Spring 2008 Public-Key Cryptography Aggelos Kiayias University of Connecticut A paradox Classic cryptography (ciphers etc.) Alice and Bob share a short private key using a secure channel.
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationMulti-Theorem Preprocessing NIZKs from Lattices
Multi-Theorem Preprocessing NIZKs from Lattices Sam Kim and David J. Wu Stanford University Soundness: x L, P Pr P, V (x) = accept = 0 No prover can convince honest verifier of false statement Proof Systems
More informationCryptographic Systems
CPSC 426/526 Cryptographic Systems Ennan Zhai Computer Science Department Yale University Recall: Lec-10 In lec-10, we learned: - Consistency models - Two-phase commit - Consensus - Paxos Lecture Roadmap
More informationSearchable Encryption. Nuttiiya Seekhao
Searchable Encryption Nuttiiya Seekhao Overview Motivation Literature Background Solutions Scheme I, II, III, IV Discussion Runtime Possible Extensions Conclusion Motivation Motivation Motivation Searchable
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 4, 2017 CPSC 467, Lecture 11 1/39 ElGamal Cryptosystem Message Integrity and Authenticity Message authentication codes
More informationSymmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University
Symmetric-Key Cryptography Part 1 Tom Shrimpton Portland State University Building a privacy-providing primitive I want my communication with Bob to be private -- Alice What kind of communication? SMS?
More informationCryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1
Cryptography CS 555 Topic 11: Encryption Modes and CCA Security CS555 Spring 2012/Topic 11 1 Outline and Readings Outline Encryption modes CCA security Readings: Katz and Lindell: 3.6.4, 3.7 CS555 Spring
More informationSomewhat Homomorphic Encryption
Somewhat Homomorphic Encryption Craig Gentry and Shai Halevi June 3, 2014 China Summer School on Lattices and Cryptography Part 1: Homomorphic Encryption: Background, Applications, Limitations Computing
More informationPassword Authenticated Key Exchange by Juggling
A key exchange protocol without PKI Feng Hao Centre for Computational Science University College London Security Protocols Workshop 08 Outline 1 Introduction 2 Related work 3 Our Solution 4 Evaluation
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationPrivacy Preserving Data Publishing: From k-anonymity to Differential Privacy. Xiaokui Xiao Nanyang Technological University
Privacy Preserving Data Publishing: From k-anonymity to Differential Privacy Xiaokui Xiao Nanyang Technological University Outline Privacy preserving data publishing: What and Why Examples of privacy attacks
More informationLecture 3.4: Public Key Cryptography IV
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2012 Nitesh Saxena Course Administration HW1 submitted Trouble with BB Trying to check with BB support HW1 solution will be posted very soon
More informationCryptography. and Network Security. Lecture 0. Manoj Prabhakaran. IIT Bombay
Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this course: Cryptography as used in network security Humans, Societies, The World Network Hardware OS Libraries Programs
More informationCryptography 2017 Lecture 3
Cryptography 2017 Lecture 3 Block Ciphers - AES, DES Modes of Operation - ECB, CBC, CTR November 7, 2017 1 / 1 What have seen? What are we discussing today? What is coming later? Lecture 2 One Time Pad
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationKey Establishment and Authentication Protocols EECE 412
Key Establishment and Authentication Protocols EECE 412 1 where we are Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography
More informationIntroduction to Cryptography and Security Mechanisms. Abdul Hameed
Introduction to Cryptography and Security Mechanisms Abdul Hameed http://informationtechnology.pk Before we start 3 Quiz 1 From a security perspective, rather than an efficiency perspective, which of the
More information2 Secure Communication in Private Key Setting
CSA E0 235: Cryptography January 11, 2016 Instructor: Arpita Patra Scribe for Lecture 2 Submitted by: Jayam Modi 1 Discrete Probability Background Probability Distribution -A probability distribution over
More informationTools for Computing on Encrypted Data
Tools for Computing on Encrypted Data Scribe: Pratyush Mishra September 29, 2015 1 Introduction Usually when analyzing computation of encrypted data, we would like to have three properties: 1. Security:
More informationInformation Security CS526
Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days
More informationHomework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.
Homework 2: Symmetric Crypto February 17, 2015 Submission policy. information: This assignment MUST be submitted as a PDF via websubmit and MUST include the following 1. List of collaborators 2. List of
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationIntroduction to Cryptology. Lecture 2
Introduction to Cryptology Lecture 2 Announcements Access to Canvas? 2 nd Edition vs. 1 st Edition HW1 due on Tuesday, 2/7 Discrete Math Readings/Quizzes on Canvas due on Tuesday, 2/14 Agenda Last time:
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationBrief Introduction to Provable Security
Brief Introduction to Provable Security Michel Abdalla Département d Informatique, École normale supérieure michel.abdalla@ens.fr http://www.di.ens.fr/users/mabdalla 1 Introduction The primary goal of
More informationSecure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)
Secure Multiparty Computation: Introduction Ran Cohen (Tel Aviv University) Scenario 1: Private Dating Alice and Bob meet at a pub If both of them want to date together they will find out If Alice doesn
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationCSC 5930/9010 Modern Cryptography: Cryptographic Hashing
CSC 5930/9010 Modern Cryptography: Cryptographic Hashing Professor Henry Carter Fall 2018 Recap Message integrity guarantees that a message has not been modified by an adversary Definition requires that
More informationCryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi
Cryptographic Primitives A brief introduction Ragesh Jaiswal CSE, IIT Delhi Cryptography: Introduction Throughout most of history: Cryptography = art of secret writing Secure communication M M = D K (C)
More informationConstraint hiding constrained PRF for NC1 from LWE. Ran Canetti, Yilei Chen, # Eurocrypt 2017 special edition
Constraint hiding constrained PRF for NC1 from LWE Ran Canetti, Yilei Chen, # Eurocrypt 2017 special edition 1 2 Puncture! 3 4 Puncturable/constrained PRF [Boneh, Waters 13, Kiayias, Papadopoulos, Triandopoulos,
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationISA 562: Information Security, Theory and Practice. Lecture 1
ISA 562: Information Security, Theory and Practice Lecture 1 1 Encryption schemes 1.1 The semantics of an encryption scheme. A symmetric key encryption scheme allows two parties that share a secret key
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University January 8 2018 Introductions NEU, CCIS Since 2016 Carnegie Mellon University
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationCryptographically Protected Database Search
Cryptographically Protected Database Search Benjamin Fuller, Mayank Varia, Arkady Yerukhimovich, Emily Shen, Ariel Hamlin, Vijay Gadepally, Richard Shay, Darby Mitchell, Robert Cunningham benjamin.fuller@uconn.edu
More informationCourse Map. COMP 7/8120 Cryptography and Data Security. Learning Objectives. How to use PRPs (Block Ciphers)? 2/14/18
Course Map Key Establishment Authenticated Encryption Key Management COMP 7/8120 Cryptography and Data Security Lecture 8: How to use Block Cipher - many time key Stream Ciphers Block Ciphers Secret Key
More informationLecture 15: Public Key Encryption: I
CSE 594 : Modern Cryptography 03/28/2017 Lecture 15: Public Key Encryption: I Instructor: Omkant Pandey Scribe: Arun Ramachandran, Parkavi Sundaresan 1 Setting In Public-key Encryption (PKE), key used
More informationKeynote: White-Box Cryptography
Keynote: White-Box Cryptography Matthieu Rivain PHIIC Workshop, 4 Oct 2016 Outline Context: white-box crypto: big trend in the industry cryptographic obfuscation: big trend in the scientific literature
More informationOutline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationCryptography [Symmetric Encryption]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationCryptography: More Primitives
Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationMike Reiter. University of North Carolina at Chapel Hill. Proliferation of mobile devices. Proliferation of security-relevant apps using these
1 Capture-Resilient Cryptographic Devices Mike Reiter University of North Carolina at Chapel Hill Relevant Trends 2 Proliferation of mobile devices Proliferation of networking Proliferation of security-relevant
More informationA compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems.
A compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems. G Swetha M.Tech Student Dr.N.Chandra Sekhar Reddy Professor & HoD U V N Rajesh Assistant Professor Abstract Cryptography
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationsymmetric cryptography s642 computer security adam everspaugh
symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcement Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)
More informationLecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422
Lecture 18 Message Integrity Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422 Cryptography is the study/practice of techniques for secure communication,
More informationPublic-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7
Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7 David Cash University of Chicago Plan 1. Security of RSA 2. Key Exchange, Diffie-Hellman 3. Begin digital
More informationMidgame Attacks. (and their consequences) Donghoon Chang 1 and Moti Yung 2. IIIT-Delhi, India. Google Inc. & Columbia U., USA
Midgame Attacks (and their consequences) Donghoon Chang 1 and Moti Yung 2 1 IIIT-Delhi, India 2 Google Inc. & Columbia U., USA Crypto is a Technical Science As technology moves, so should crypto designs
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationLecture 4: Authentication and Hashing
Lecture 4: Authentication and Hashing Introduction to Modern Cryptography 1 Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 1 These slides are based on Benny Chor s slides. Some Changes in Grading
More informationDefinitions and Notations
Chapter 2 Definitions and Notations In this chapter, we present definitions and notation. We start with the definition of public key encryption schemes and their security models. This forms the basis of
More informationAuthenticated encryption
Authenticated encryption Mac forgery game M {} k R 0,1 s m t M M {m } t mac k (m ) Repeat as many times as the adversary wants (m, t) Wins if m M verify m, t = 1 Mac forgery game Allow the adversary to
More informationSecuring Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh
Securing Distributed Computation via Trusted Quorums Yan Michalevsky, Valeria Nikolaenko, Dan Boneh Setting Distributed computation over data contributed by users Communication through a central party
More information